AJAX Spider not clicking on certain elements.

181 views
Skip to first unread message

Jack

unread,
Dec 5, 2023, 4:45:43 AM12/5/23
to ZAP User Group
I'm using the ajax spider to scan a website. The way it performs is that there is a navbar, for different tabs. However, the ajax spider only clicks on two of these tabs out of the seven, despite the code being pretty much the same for all of the tabs. What makes the behaviour even more weird is that when i resize the window, during the ajax spider, some of the other tabs are finally clicked on. Does anyone know what might be causing this behaviour.

Simon Bennetts

unread,
Dec 5, 2023, 4:48:56 AM12/5/23
to ZAP User Group
Can you provide some HTML snippets for these controls?
A simple reproducible test case would be ideal, but I understand that may be non trivial.

Have you tried using the Client add-on with the AJAX Spider?
It analyses the DOM and so may well be able to discover these extra tabs: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/ajax-scan/

Cheers,

Simon
Message has been deleted

Jack

unread,
Dec 6, 2023, 12:26:35 PM12/6/23
to ZAP User Group
Thank you for replying.

I tried out the client add-on. Am i correct in saying that it only finds buttons, cookies, forms, inputs and links? If so, then it was not able to find my tabs, due to the HTML being divs, rather than buttons. 

The website I want to use the ajax spider with, is also a single page application(SPA). Would that potentially be a reason for my problem?

The following code is the general gist of the HTML of the navbar for the tabs:
<section aria-label="navigation menu">
<ul class="MuiList-root MuiList-padding">
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
<div class="MuiButtonBase-root MuiListItem-root MuiListItem-gutters MuiListItem-padding MuiListItem-button" tabindex="0" role="button"></div>
</ul>
</section>

Simon Bennetts

unread,
Dec 6, 2023, 12:32:59 PM12/6/23
to ZAP User Group
By default the AJAX Spider will only click on a set of default elements: "a", "button" and "input".
You will need to change this via the AJAX Spider options if you have not already done that: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/options/

Cheers,

Simon

Jack

unread,
Dec 6, 2023, 12:45:46 PM12/6/23
to ZAP User Group
Hey Simon, 

I have already configured that, so that it would click on the elements that are needed.

Simon Bennetts

unread,
Dec 6, 2023, 12:50:22 PM12/6/23
to ZAP User Group
What framework(s) are you using?
Would you be able to create a minimal standalone HTML page that demonstrates the problem?

Cheers,

Simon

Jack

unread,
Dec 7, 2023, 5:06:38 AM12/7/23
to ZAP User Group
The framework used is react. 

Apologies but I don't think I would be able to create a minimal standalone HTML page that can demonstrate the problem

Simon Bennetts

unread,
Dec 7, 2023, 5:09:21 AM12/7/23
to ZAP User Group
Understood.
This does, however, make it _very_ difficult to investigate this issue :(
Reply all
Reply to author
Forward
0 new messages