laminfaty

Good stuff @continuumsecurity I noted that you add an ability to exclude some URLs. How about if someone want to exclude gazillions of URLs? I think the best approach is...

In exclude_urls.table, can you give an example of URL exclusion?

I have opened a similar issue few days ago. Maybe you can follow up and see what they are going to day. http://code.google.com/p/zaproxy/issues/detail?id=1527&can=4

Cool. So, what is the plan going forward?

So, basically the URL to scan file will be dependent to the config file. Also in near future, we need to think about why to include some heavy fuzzing tests.

@continuumsecurity The above scenario looks very good. I use Kali a lot and I think it has ton of fuzzing tools. I will try to pick a good fuzzing tool....

Sounds good. When do you think these new functionalities will be done? Also did you take a look at the other issue that I open?

@continuumsecurity I just tested the exclude-urls and it was ok, however, it excludes everything. So I think you need to add the include-urls functionality.

@continuumsecurity This URL below is not part of the exclude-urls (regex), however it was filtered. 117813 [pool-1-thread-1] INFO org.zaproxy.zap.spider.SpiderController - URI: http://mywebsite/scanthisapp was filtered by a filter with reason: USER_RULES

Here is my exclude-urls table as you see these are my excluded urls. |regex | |._scanthisapp._| |._my-login._|