zap-extensions
zap-extensions copied to clipboard
zaproxy
ZAP Add-ons
Related to zaproxy/zaproxy#7140 Signed-off-by: ArkaprabhaChakraborty
Added - Imported specs are now persisted to the session database. They are used by the new variant to mark path parameters as Data Driven Nodes. Changed - DDNs added...
Related to issue [6617](https://github.com/zaproxy/zaproxy/issues/6617) I found that content-type tests done [HERE](https://github.com/zaproxy/zap-extensions/blob/fe232e2bda5286eb73910f09a39d6c66fbeb6c87/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java#L692-L746) were not being done [HERE](https://github.com/zaproxy/zap-extensions/blob/fe232e2bda5286eb73910f09a39d6c66fbeb6c87/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java#L269-L290). I have added the content-type tests for 'direct attacks' & 'is the payload reflected...
The link and description for Integer Overflow hadn't been updated in 12 years. Improved the description and added modern links that are both secure to visit and contain information for...
Update GraphQL Java to latest version (19.0), with important bugfixes.
- CHANGELOG > Added change note. - Build file > Included spider extension and updated dependencies. - Separated spider functionality into a static class which is now used by both...
Make them private, static, and final. Remove a commented out logger. Update changelogs where needed.
I tried these changes but it's giving an OGNL error so they are most likely incorrect. Need help in resolving them :( I also forgot to sign the commits. I'll...
Fixes https://github.com/zaproxy/zaproxy/issues/7212 Integrated a javascript parser to extract the contexts. Updated the scanner to fix the issues.
Both CrossSiteScriptingScanRule and PersistentXssScanRule need the same logic to detect the existence of an XSS only differing on the the HTTP request where the reflection is checked. At the moment...
