zap-hud icon indicating copy to clipboard operation
zap-hud copied to clipboard
verified publisher icon zaproxy

HUD breaks request filters(exclude from proxy server)

Open fedorusov opened this issue 6 years ago • 3 comments

When enabled, I can't filter requests from WebGoat internals, but after disabling and start zap, everything works just fine. I have experienced this problem on a previous machine too, so it should be HUD-related problem

Edited by @kingthorin for clarity

fedorusov avatar Aug 21 '19 12:08 fedorusov

Could you please provide the steps you're following when the issue occurs? When you say "reboot everything" do you mean the system or just closing and opening Zap?

kingthorin avatar Aug 21 '19 12:08 kingthorin

Reboot just zap, everything is related to works just fine

Steps:

  1. Open zap with HUD enabled(Toolbar button pressed at start)
  2. Connect to WebGoat and login (so now it starts sending internal requests of lessonmenu and overview)
  3. Try to exclude it via Right-click->Exclude from->Proxy
  4. Experience disappointment 4.5. Toggle toolbar button and reopen zap
  5. Open zap with HUD disabled
  6. Repeat 2-3 steps
  7. Everything works

Interesting thing is if at the start HUD is disabled and you enable it immediately, exclusion works.

fedorusov avatar Aug 21 '19 13:08 fedorusov

I guess this has to do with the HTTPS upgrade, once the HUD upgrades the requests ZAP (the proxy) will see HTTPS not HTTP (which is most likely what has been excluded).

thc202 avatar Aug 21 '19 13:08 thc202