The HUD is no longer under active development

[Simon Bennetts]

Unfortunately the HUD is no longer under active development due to the fact no one is focussing on it.

The HUD is a unique and innovative interface that we know some people love.

But it also needs a non trivial amount of maintenance and we just don’t have enough volunteers to maintain it right now.

If you would like to get involved please get in touch via this group.

In order to keep maintaining the HUD we do not actually need anyone with Java experience - we have that covered.

We need someone with good Java Script experience and the confidence to dive into non trivial browser issues.

The HUD is a very unconventional project, and does unusual things in order to get around browser security features.

Browser changes often break the HUD in strange ways.

We know that the HUD no longer loads reliably all of the time in Firefox and Chrome, and the integration tests we have for it have been broken for some time.

If you are up for a challenge then let us know!

Many thanks,

Simon

[Najam Ul Saqib]

I will be using this thread to further ask my HUD related questions and discuss related stuff; some of the previous discussion regarding unit tests is on https://groups.google.com/g/zaproxy-develop/c/SVo4i6M0pbY

Here comes the first query, today I spent sometime reading the serviceworker.js file to understand its working, came to know that the worker is using web sockets to communicate with ZAP, why aren't we utilizing the ZAP API to communicate instead? Is there any special use case with web socket?

[thc...@gmail.com]

It's still using the ZAP API but through WebSockets, which allow
bidirectional communication. The events that happen in ZAP are reflected
in the HUD (e.g. alert raised).

Best regards.

[Simon Bennetts]

Because its 2 way comms - the ZAP HUD code in the browser sends data to ZAP, and ZAP sends data (like new alerts found) to the HUD code :)

Websockets seemed the ideal solutiuon for that usecase.

Cheers,

Simon

[Najam Ul Saqib]

Makes sense, thanks!

In order to understand the flow of code, I am pasting some `console.log` statements here and there. For instance, in management.js, in function startServiceWorker I have added a statement (like this https://paste.debian.net/1293292/) and this should show up in console each time HUD is started; but it is not appearing in the console. Am I understanding it right?

[Simon Bennetts]

Service worker logging does not go to the std console :)

For Firefox see https://firefox-source-docs.mozilla.org/devtools-user/application/service_workers/index.html

For Chrome see https://www.chromium.org/blink/serviceworker/service-worker-faq/

Cheers,

Simon

[Najam Ul Saqib]

Thank you for the links Simon; for some reason only chrome is detecting the service worker and firefox isn't.

One interesting thing I've noticed is that, indexedDB is having 6 instances of localforage, while all of them have same data and are duplicates, same goes with cache. Is this a known issue/functionality?

[Najam Ul Saqib]

Secondly, I want to improve HUD docs on the run as I am learning new stuff about its working but wiki doesnt seem to have PRs (and asking core team via emails for changes isnt efficient and trackable) is there any alternative? Can I start throwing my docs on zaproxy.org in some section for HUD?

[Simon Bennetts]

No, I've not noticed the localforage duplicates - thats definitely worth looking into.

I guess we could be getting one per frame?

Re the HUD docs, it would be much better if they were on zaproxy.org :D

How about a new HUD set under "Internal Details" on https://www.zaproxy.org/docs/ ?

Also v happy for HUD user docs to be added to the website, although thats probably best done in the Java help which gets converted to https://www.zaproxy.org/docs/desktop/addons/hud/

Many thanks,

Simon

[Najam Ul Saqib]

For record, have created a PR https://github.com/zaproxy/zaproxy-website/pull/2158 through which I will be adding docs of HUD to zaproxy website.

[Najam Ul Saqib]

Update: I have been trying to fix the JS unit tests tracked under https://github.com/zaproxy/zap-hud/pull/1296 but it seems like we need to move to ES modules; now two things need to be done, one vue upgradation and ES migration.