Force ZAP to the front when break points hit?
374 views
Skip to first unread message
psiinon
Oct 31, 2014, 11:34:35 AM10/31/14
to zaproxy...@googlegroups.com
When I run ZAP courses (which isnt that often tbh;) there always seems to be someone who thinks ZAP has broken because their browser isnt responding.
Invariably its because they've hit a break point!
In theory ZAP should come to the front, but that doesnt happen on all platforms.
One solution would be to force ZAP to stay on top until the user presses the continue or drop button.
Is that too obnoxious?
We could easily make it an option, but if its off by default then 99% of people wont turn it on, and especially not the beginners who the feature would be targeted at.
We could always also present a dialog when we do it along the lines of:
What do you think?
Simon
Invariably its because they've hit a break point!
In theory ZAP should come to the front, but that doesnt happen on all platforms.
One solution would be to force ZAP to stay on top until the user presses the continue or drop button.
Is that too obnoxious?
We could easily make it an option, but if its off by default then 99% of people wont turn it on, and especially not the beginners who the feature would be targeted at.
We could always also present a dialog when we do it along the lines of:
ZAP has switched to always staying on top because you've hit a break point.
It will revert to its usual behavior when the break point is no longer active.
Click Cancel to disable this feature.
[ ] Remember my choice and do not show me this message again
It will revert to its usual behavior when the break point is no longer active.
Click Cancel to disable this feature.
[ ] Remember my choice and do not show me this message again
What do you think?
Simon
kingthorin+owaspzap
Oct 31, 2014, 11:51:39 AM10/31/14
to zaproxy...@googlegroups.com
I like it.
I know I will personally hate it popping up and interrupting me, but I can see the point for new users so I support the change.
Also I've been thinking lately that while I'm amused by the wording of "Bin" request (or "Bin" response) I'm not sure that it's really obvious to the majority of western users what this actually means. I suggest we change to "Drop" ... I'm sure it's really obvious and natural if you're European but I'm not convinced that it is for North American's. Not that I want to encourage catering to a certain sub-section of users but I suspect (anecdotally because I have no numbers for reference) that the majority of our users/downloads originate in North America.
I know I will personally hate it popping up and interrupting me, but I can see the point for new users so I support the change.
Also I've been thinking lately that while I'm amused by the wording of "Bin" request (or "Bin" response) I'm not sure that it's really obvious to the majority of western users what this actually means. I suggest we change to "Drop" ... I'm sure it's really obvious and natural if you're European but I'm not convinced that it is for North American's. Not that I want to encourage catering to a certain sub-section of users but I suspect (anecdotally because I have no numbers for reference) that the majority of our users/downloads originate in North America.
Kevin W. Wall
Oct 31, 2014, 11:06:12 PM10/31/14
to zaproxy...@googlegroups.com
Why couldn't you just notify the user with a brief temporary pop-up notification in the lower eight corner with a message something like "ZAP: Breakpoint reached at ..."? People are used to the from email notifications so they probably would not find that too obnoxious because it is familiar and unobtrusive.
-kevin
Sent from my Droid; please excuse typos.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
psiinon
Nov 1, 2014, 7:52:05 AM11/1/14
to zaproxy...@googlegroups.com
We could do that.
But my theory is that you only hit ZAP break points when you're browsing.
And when you hit them your browser typically freezes waiting for the response, which means you cant do anything else.
So most of the time you'll want to switch straight to ZAP.
The time your browser probably wont 'freeze' is when you've hit a custom break point in an Ajax app, but I'd have thought most people would only set these when they want to manipulate the request or response, in which case they'll also want to immediately switch to ZAP.
Or does anyone here use break points in a different way?
But my theory is that you only hit ZAP break points when you're browsing.
And when you hit them your browser typically freezes waiting for the response, which means you cant do anything else.
So most of the time you'll want to switch straight to ZAP.
The time your browser probably wont 'freeze' is when you've hit a custom break point in an Ajax app, but I'd have thought most people would only set these when they want to manipulate the request or response, in which case they'll also want to immediately switch to ZAP.
Or does anyone here use break points in a different way?
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
psiinon
Nov 28, 2014, 6:37:27 AM11/28/14
to zaproxy...@googlegroups.com
However to avoid the 'obnoxiousness' factor I've added a confirmation dialog the first time this happens, as above.
Any comments / objections?
Simon
kingthorin+owaspzap
Nov 28, 2014, 11:02:11 AM11/28/14
to zaproxy...@googlegroups.com
+1 for avoiding 'obnoxiousness' :)
Reply all
Reply to author
Forward
0 new messages