This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
If you do not launch your browser(s) from ZAP then you can still install these extensions directly from the relevant stores:
Note that you may need to configure the extensions via their options pages to update the host and API key.
This add-on provides a Passive Scanner which passively scans all of the data received from the browser.
The add-on adds 3 new tabs to ZAP:
The Client Map is a hierarchical representation of the sites visited, and is similar in some ways to the Sites Tree. It includes nodes which represent URLs and ones which represent browser based storage.
Unlike the Sites Tree it includes URI fragments which ZAP cannot otherwise see. This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the client side structure of the sites.
Any leaf nodes in the Map with a small red ‘minus’ sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
The following context menu items are supported:
Copies the URLs of the selected nodes into the clipboard, separated by newlines.
Deletes the selected nodes.
Opens the selected node in the chosen browser. This menu item is disabled if multiple nodes are selected. If the URL contains a fragment then this will be passed to the browser.
Opens the selected node in the Sites Tree. The message in the Sites Tree does not necessarily match the same message which created the Site Node. This menu item is disabled if multiple nodes are selected or if the URL has not yet been visited. If the URL contains a fragment then this will be ignored.
The Client Details tab shows details about Client Map nodes.
The types of data displayed include:
The following context menu items are supported:
Copies the HREFs of the selected entries into the clipboard, separated by newlines.
Copies the IDs of the selected entries into the clipboard, separated by newlines.
Copies the Texts of the selected entries into the clipboard, separated by newlines.
The Client History tab shows all of the client side events sent from the browser extension to ZAP.
In addition to the data displayed in the Client Details tab it also includes:
The following context menu items are supported:
Copies the Node IDs of the selected entries into the clipboard, separated by newlines.
Copies the Node Names of the selected entries into the clipboard, separated by newlines.
Copies the Source URLs of the selected entries into the clipboard, separated by newlines.
Copies the Texts of the selected entries into the clipboard, separated by newlines.
Copies the Types of the selected entries into the clipboard, separated by newlines.
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not be accessed by the spider.
It also creates a Firefox profile and sets it as the default profile that ZAP will use.
For more details on how the add-on works see the internals page.