I actually did this in the workshop I ran yesterday :D
The recording is available on Hopin if you registered for the event, and will be available on YouTube soon as well.
In the meantime I'll give you a quick overview here.
You actually have several options.
If you only want to do this once:
- Right click your target in the Sites / History tab and "Attack" -> "Active Scan..."
- In the Active Scan dialog enable "Show Advanced Options"
- Switch to the "Policy" tab
- Apply "OFF" Threshold To "All" Rules and click "Go" - this will turn all of the active scan rules off
- Select "Injection" in the left hand panel then ,click on the "Default" Threshold for the "Cross Site Scripting (Reflected)" test and change it to "Medium"
- Click "Start Scan"
If you're going to want to do this several times then you can creat a Scan Policy for this:
- On the main ZAP toolbar click on the "Scan Policy Manager..." button (the mixing desk one)
- Click "Add" (on the right hand side)
- Put something that makes sense to you in the "Policy" field, eg "XSS Reflected"
- Follow the steps 4 and 5 from above
- Click "OK" at the bottom
- When you want to run a scan you will now have this policy available in the Active Scan dialog
Does that help?
You can also set up an Authentication Plan which just scans for specific vulnerabilities as well if you want to automate this.
Cheers,
Simon