The Selenium add-on provides WebDrivers, for other add-ons, to invoke and remotely control web browsers. It’s also bundled the HtmlUnit web browser, an headless Java based web browser.
It adds a ‘Selenium’ script type - these scripts are invoked whenever selenium launches a browser, for example for the Ajax Spider or for manual browsing.
Note: The Selenium scripts are executed synchronously for the AJAX Spider, to prevent interferences with the crawler later, it’s up to the scripts to access the required URLs.
The following web browsers are supported:
|Chrome||chrome||The following versions are known to work: 59 and 60 (older versions might work too). Requires ChromeDriver, if not on the system’s PATH, it can be set in the options. For more information on ChromeDriver and how to obtain it refer to the ChromeDriver website.|
|Chrome Headless||chrome-headless||Starts Chrome without GUI.|
|Firefox||firefox||The following versions are known to work: 45 (ESR), 46, 47.0.1, 54, and 55 (older versions might work too). Some versions are known to not work, for example, 47.0. Newer versions (≥ 48) require geckodriver, it can be set in the options. For more information on geckodriver and how to obtain it refer to the geckodriver website (see footer note for caveat when using geckodriver).|
|Firefox Headless||firefox-headless||Starts Firefox without GUI.|
|HtmlUnit||htmlunit||Bundled browser, does not have any requirement.|
|Opera||opera||Temporarily not working.|
|PhantomJS||phantomjs||The following version is known to work: 2.1.1 (older versions might work too). Requires PhantomJS binary, if not on the system’s PATH, it can be set in the options. For more information on PhantomJS and how to obtain it refer to the PhantomJS website (see footer note for caveat when using PhantomJS).|
To use Firefox, Chrome, Opera, PhantomJS and Safari, you must have them installed in your system. The ID of the browser can be used to choose the browser when configuring ZAP through the command line or using the ZAP API (for example, to set the AJAX Spider to use one or other browser).
Some of the requirements (e.g. WebDrivers) of the browsers can be configured in the Options Selenium screen.
ZAP provides add-ons with the WebDrivers, when those add-ons are installed ZAP will attempt to use those bundled WebDrivers by default. Some OSs might not have a WebDriver for some of the browsers, in those cases ZAP will inform, in the options panel, that there’s no bundled WebDriver available. The bundled WebDrivers can also be (re)set with the ‘Bundled’ button (for example, if another WebDriver was manually set). Not all browser versions are supported with the bundled WebDrivers, it’s recommended that newer/latest versions of the browsers be used whenever possible.
Note: ZAP add-ons can add additional browsers.
Firefox/geckodriver Note: There’s an issue (Bug 1103196) that prevents HTTPS sites from being used in versions ≥ 48 and < 52.
PhantomJS Note: There’s an issue (Issue #11342) that prevents
sites at localhost, 127.0.0.1 and ::1 from being proxied through ZAP. Until a fix is
available is advised to not use it in those cases. Some add-ons might choose to show
warning message when that happens. As workaround one could define, in the
file, a domain name mapping to the local address and use that domain name instead.
|Options Selenium screen||for an overview of the Selenium Options|
|API||for an overview of the Selenium API|