Hidden File Finder starting path confusion

[Bryan Fish]

Hidden File Finder is doing something I don't understand. I know https://mysite.com/info.php exists, but I'm getting strange results trying to find it in an active scan.

If I start the scan from the root node in the site tree (starting point https://mysite.com), the first few requests are fine, then starting with request #5, all subsequent requests are prepending the /img/ path - for example, sending request to mysite.com/img/info.php.

If I use https://mysite.com/ as the starting point (note the trailing "/"), it finds mysite.com/info.php as expected.

This is on ZAP 2.17.0 on a Mac.  I also have ZAP 2.17.0 on Windows and it doesn't exhibit this behavior.  Plugins are up to date on both, both using the same policy (threshold Low, strength High).  They are configured the same as far as i can tell, but it's possible I'm missing something.

Thanks,
Bryan

[kingthorin+zap]

There's no reason I can see for it to behave differently based on platform.

I'll see if I can re-create the issue you've outlined.