zombie.js

psiinon

unread,

Sep 21, 2012, 9:37:36 AM9/21/12

to zaproxy...@googlegroups.com

Just seen this, thanks to Mark Curphey and twitter: http://zombie.labnotes.org/
Its an "Insanely fast" headless browser using Node.js.

Dont know how practical it would be to embed this in ZAP, but if we could .. think of the possibilities :)
We could use it for DOM XSS detection...

Any other thoughts?

Simon

Colm O'Flaherty

unread,

Sep 21, 2012, 9:43:43 AM9/21/12

to zaproxy...@googlegroups.com

It, or something else like it would be a good way to start getting into the world of Ajax too.

C

--

psiinon

unread,

Sep 21, 2012, 9:49:16 AM9/21/12

to zaproxy...@googlegroups.com, colm.p.o...@gmail.com

Exactly.
Of course Java does already include JavaScript support c/o Rhino (disclaimer, yes its from Mozilla;) and there will be many other options.
But I definitely want ZAP to support AJAX much more effectively.

Colm O'Flaherty

unread,

Sep 21, 2012, 9:50:56 AM9/21/12

to psiinon, zaproxy...@googlegroups.com

Do you want to target something in this space for 2.0, or later?

psiinon

unread,

Sep 21, 2012, 10:00:08 AM9/21/12

to zaproxy...@googlegroups.com, psiinon, colm.p.o...@gmail.com

I think the key things left to do for 2.0 are 'enablers' so that we can add new functionality as easily as possible.
And I'm hoping we can build AJAX features on top of 2.0.

The 2 key things I want to get in are Contexts (which I'm working on now, so will hopefully be able to checkin and explain fairly soon) and the Extensions Market place (which I havnt started).
Are there any other enablers or 'structural changes' anyone would like to get in?

Cheers,

Simon

Reply all

Reply to author

Forward