Client Side Integration - AJAX Spider Enhancement

The AJAX Spider works by launching browsers, clicking links, and filling in fields. It is an effective way to crawl modern web apps but it is not able to directly access the DOM.

The browser extensions included in this add-on can access the DOM and stream specific events back to ZAP.

This add-on listens for AJAX Spider events and when the spider has finished it then examines the Client Map to see if it can find any URLs which were referenced by the DOM but which have not been accessed by ZAP.

If it finds any ‘missed’ URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs. You will be able to see these requests in the History, Sites Tree, and Output tabs.