HarUtils deprecated from ZAP 2.16.0
25 views
Skip to first unread message
Matteo Simionato
Jul 31, 2025, 7:16:48 AMJul 31
to ZAP Developer Group
Hi,
about 2 years ago I developed a ZAP addon to use internally in my company. My addon uses HarUtils.createHarEntry() method, but since now is deprecated my addon doesn't work anymore on newer versions of ZAP.
I was wondering, what should devs use instead? I found out we should use exim addon instead, but I don't quite get how to use it.
Could you help me out? Have a nice day!
about 2 years ago I developed a ZAP addon to use internally in my company. My addon uses HarUtils.createHarEntry() method, but since now is deprecated my addon doesn't work anymore on newer versions of ZAP.
I was wondering, what should devs use instead? I found out we should use exim addon instead, but I don't quite get how to use it.
Could you help me out? Have a nice day!
psiinon
Jul 31, 2025, 7:40:15 AMJul 31
to ZAP Developer Group
Hiya,
Change your add-on to depend on the exim add-on.
Then you can use https://github.com/zaproxy/zap-extensions/blob/main/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarUtils.java
Cheers,
Simon
thc202
Jul 31, 2025, 8:21:38 AMJul 31
to zaproxy...@googlegroups.com
Hi,
Something being deprecated (especially a utility class) should not break
anything, it would be great if you could share more details about the
problem you are having than just doesn't work anymore.
Best regards.
Something being deprecated (especially a utility class) should not break
anything, it would be great if you could share more details about the
problem you are having than just doesn't work anymore.
Best regards.
thc202
Jul 31, 2025, 8:23:29 AMJul 31
to zaproxy...@googlegroups.com
While true they can do that, it would be preferable to share what they
need/use the class for, HarUtils should be considered an implementation
detail (it uses third party libraries, we don't want other add-ons to
depend on them accidentally).
Best regards.
need/use the class for, HarUtils should be considered an implementation
detail (it uses third party libraries, we don't want other add-ons to
depend on them accidentally).
Best regards.
Matteo Simionato
Jul 31, 2025, 9:07:30 AMJul 31
to ZAP Developer Group
Sure, I can give you more context.
The main files involved are
package org.zaproxy.addon.foo.model;
The main files involved are
// Communication.java
package org.zaproxy.addon.foo.model;
import edu.umass.cs.benchlab.har.HarEntry;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.utils.HarUtils;
import java.io.IOException;
public class Communication {
private final HarEntry harEntry;
public Communication(HttpMessage msg) {
this.harEntry = HarUtils.createHarEntry(msg);
}
public String toJson() throws IOException {
// Returns stringified Communication
}
}
// RightClickMsgMenu.java
package org.zaproxy.addon.foo;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.view.messagecontainer.http.HttpMessageContainer;
import org.zaproxy.zap.view.popup.PopupMenuItemHttpMessageContainer;
public class RightClickMsgMenu extends PopupMenuItemHttpMessageContainer {
private static final long serialVersionUID = 1L;
private final INetworkManager networkManager;
public RightClickMsgMenu(INetworkManager networkManager, String label) {
super(label);
this.networkManager = networkManager;
}
@Override
public void performAction(HttpMessage msg) {
networkManager.send(msg, true);
}
@Override
public boolean isEnableForInvoker(Invoker invoker, HttpMessageContainer httpMessageContainer) {
return true;
}
@Override
public boolean isSafe() {
return true;
}
}
Before showing the last file involved, I'll tell you exactly what we did with our extension:
1. Around 2 years ago we developed and released our addon to be used on ZAP versions prior to 2.16.0 (it worked fine).
2. Around 1 year ago we updated ZAP to 2.16 and our extension kept working fine (I don't quite know why TBH since HarUtils was deprecated).
3. Around 1 week ago it stopped working since we changed API endpoint (which was hardcoded in the addon).
4. Today I updated the API endoint and after fixing a couple of errors related to missing dependencies I re-relased the addon.
5. We tested it on ZAP 2.16 and it didn't work. I added some logs to understand what was breaking, and we found out... (see last file below)
1. Around 2 years ago we developed and released our addon to be used on ZAP versions prior to 2.16.0 (it worked fine).
2. Around 1 year ago we updated ZAP to 2.16 and our extension kept working fine (I don't quite know why TBH since HarUtils was deprecated).
3. Around 1 week ago it stopped working since we changed API endpoint (which was hardcoded in the addon).
4. Today I updated the API endoint and after fixing a couple of errors related to missing dependencies I re-relased the addon.
5. We tested it on ZAP 2.16 and it didn't work. I added some logs to understand what was breaking, and we found out... (see last file below)
// CommunicationService.java
package org.zaproxy.addon.foo.service;
package org.zaproxy.addon.foo.service;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.addon.dsazap.INetworkManager;
import org.zaproxy.addon.dsazap.model.Communication;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
public final class CommunicationService {
public static void sendCommunicationToService(INetworkManager networkManager, HttpMessage msg) {
// We can reach this line
try {
// We cannot reach this line
String jsonCommunication = new Communication(msg).toJson();
HttpRequest request = ...
HttpClient client = HttpClient.newBuilder().build();
String response = ...
} catch (Exception ex) {
// Handling exception. This line is not reached
}
}
}
My guess is that something is happening here
String jsonCommunication = new Communication(msg).toJson();
I hope it helps. Thank you for your support!
Reply all
Reply to author
Forward
0 new messages