HUD remote connection

[Yair Davidovitch]

Hi team 

will start by say thanks! this is a great project :) , maybe i'm missing something on the way HUD should work .

I can open local browser from quick start  where  ZAP is installed and that is working fine , but when open remote browser (on other machine) HUD not working but ZAP do works(can run scan ,etc).

so we question is if HUD in remote browser/machine can work with one centralize  zap server (proxy network to zap server)?

what are my options here ?

thanks 

Yair

[Simon Bennetts]

To be honest ZAP is not designed to be run as a centralized long running multi user service.

We have talked about implementing "ZAP as a Service" and for that we were thinking of launching a new ZAP instance per user rather than try to re-architect the ZAP code base, which would be a major undertaking.

Having said that the ZAP HUD should work fine when you connect to a remote ZAP instance, as long as you have the right configuration.

Can you explain what is and what is not working for you?

Ie can you successfully proxy your browser through the remote ZAP instance?

In what way doies the HUD no work? Does it not appear or ??

Cheers,

Simon

[Yair Davidovitch]

i have a windows machine where ZAP is installed on , HUD working fine when open chrome from quick start and then the browser is lunch from the quick start .

but when i open chrome manually and want to test my app using HUD "app" ,HUD not appear at all , it's only working from  the quick start scenario .

my question is it possible to have HUD in browser that didn't started from ZAP quick start screen ?

*in all scenario ZAP is detecting  browser activities so yes all traffic is proxy through ZAP

[Simon Bennetts]

Oh yes, thats definitely supported.

Have you imported the ZAP CA as a trusted root CA cert?

https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsDynsslcert#install-zap-root-ca-certificate