diff --git a/site/content/docs/desktop/addons/automation-framework/_index.md b/site/content/docs/desktop/addons/automation-framework/_index.md index 55e5bae11..9bd4d3e87 100644 --- a/site/content/docs/desktop/addons/automation-framework/_index.md +++ b/site/content/docs/desktop/addons/automation-framework/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: automation - version: 0.31.0 + version: 0.32.0 --- # Automation Framework diff --git a/site/content/docs/desktop/addons/fuzzer/_index.md b/site/content/docs/desktop/addons/fuzzer/_index.md index 85eeac099..696c3afe0 100644 --- a/site/content/docs/desktop/addons/fuzzer/_index.md +++ b/site/content/docs/desktop/addons/fuzzer/_index.md @@ -6,16 +6,16 @@ weight: 1 cascade: addon: id: fuzz - version: 13.10.0 + version: 13.11.0 --- # Fuzzing -Fuzzing is a technique of submitting lots of invalid or unexpected data to a target. +Fuzzing is a technique of submitting lots of data to a target (often in the form of invalid or unexpected inputs). -ZAP allows you to fuzz any request still using: +ZAP allows you to fuzz any request using: -* A build in set of payloads +* A built-in set of payloads * Payloads defined by optional add-ons * Custom scripts @@ -28,30 +28,30 @@ To access the [Fuzzer dialog](/docs/desktop/addons/fuzzer/dialogue/) you can eit ### Payload Generators -Payload Generators generate the raw attacks that the fuzzer submits to the target application. +Payload Generators generate the raw values or attacks that the fuzzer submits to the target application. -They are managed via the [Payloads dialog](/docs/desktop/addons/fuzzer/payloads/) +They are managed via the [Payloads dialog](/docs/desktop/addons/fuzzer/payloads/). ### Payload Processors Payload Processors can be used to change specific payloads before they are submitted. -They are managed via the [Payload Processors dialog](/docs/desktop/addons/fuzzer/processors/) +They are managed via the [Payload Processors dialog](/docs/desktop/addons/fuzzer/processors/). ### Fuzz Location Processors Fuzz Location Processors can be used to change all of the payloads before they are submitted. -They are managed via the [Location Processors dialog](/docs/desktop/addons/fuzzer/locations/) +They are managed via the [Location Processors dialog](/docs/desktop/addons/fuzzer/locations/). ### Message Processors -Message Processors can access and change the messages being fuzzed, control the fuzzing process and interact with the ZAP UI. +Message Processors can access and change the messages being fuzzed, control the fuzzing process, and interact with the ZAP UI. They are managed via the [Fuzzer dialog](/docs/desktop/addons/fuzzer/dialogue/) 'Message Processors' tab. -This functionality is based on code from the OWASP JBroFuzz project and includes files from the fuzzdb project. -Note that some fuzzdb files have been left out as they cause common anti virus scanners to flag them as containing viruses. +Some of this functionality is based on code from the OWASP JBroFuzz project and includes files from the fuzzdb project. +Note that some fuzzdb files have been left out as they cause common anti-virus scanners to flag them as containing viruses. You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the 'fuzzers' library. ## See also diff --git a/site/content/docs/desktop/addons/fuzzer/dialogue.md b/site/content/docs/desktop/addons/fuzzer/dialogue.md index e59e908a5..e228df344 100644 --- a/site/content/docs/desktop/addons/fuzzer/dialogue.md +++ b/site/content/docs/desktop/addons/fuzzer/dialogue.md @@ -20,7 +20,7 @@ To configure the fuzzing: * Click on the 'Start Fuzzer' button to start the fuzzing * The results will then be listed in the [Fuzzer tab](/docs/desktop/addons/fuzzer/tab/) select them to see the full requests and responses. -You can also search for strings in the fuzz results using the 'Search tab'. +You can also search for strings in the fuzz results using the 'Search' tab. Click on the 'Edit' button to edit the message you have selected for fuzzing. Note that this will remove all of the fuzz locations that you have defined. @@ -37,7 +37,7 @@ Indicates whether or not the Fuzzer should follow redirect responses (only visib ### Message Processors tab -Message Processors can access and change the messages being fuzzed, control the fuzzing process and interact with the ZAP UI. +Message Processors can access and change the messages being fuzzed, control the fuzzing process, and interact with the ZAP UI. The message processors available depend on the type of message being fuzzed, this add-on includes the [default HTTP Messages processors](/docs/desktop/addons/fuzzer/httpmessageprocessors/). Add-ons can also define additional payload generators. diff --git a/site/content/docs/desktop/addons/fuzzer/httpmessageprocessors.md b/site/content/docs/desktop/addons/fuzzer/httpmessageprocessors.md index 91e875f72..ca09fbc73 100644 --- a/site/content/docs/desktop/addons/fuzzer/httpmessageprocessors.md +++ b/site/content/docs/desktop/addons/fuzzer/httpmessageprocessors.md @@ -7,7 +7,7 @@ weight: 3 # HTTP Message Processors -The HTTP Message Processors can access and change the HTTP messages being fuzzed, control the fuzzing process and interact with the ZAP UI. +HTTP Message Processors can access and change the HTTP messages being fuzzed, control the fuzzing process, and interact with the ZAP UI. Built-in HTTP Message Processors include: @@ -43,11 +43,11 @@ Updates (or adds, if not already present) the `Content-Length` request header wi ### Tag Creator -Allows to add custom ‘tags’, based on contents of the response, to the State column of the results table +Allows to add custom ‘tags’, based on contents of the response, to the State column of the results table. ### User Message Processor -Allows to fuzz as a user, using one of the users defined in the contexts that include the HTTP message being fuzzed. Users must exist to be able to select and add this processor. +Allows to fuzz as a user, using one of the users defined in the Contexts that include the HTTP message being fuzzed. Users must exist to be able to select and add this processor. Other add-ons can define additional HTTP Message Processors. diff --git a/site/content/docs/desktop/addons/fuzzer/locations.md b/site/content/docs/desktop/addons/fuzzer/locations.md index 8e35f9f9c..06219539d 100644 --- a/site/content/docs/desktop/addons/fuzzer/locations.md +++ b/site/content/docs/desktop/addons/fuzzer/locations.md @@ -9,7 +9,7 @@ weight: 4 This allows you to select the payload processors to use with all payload generators. -The built in payload processors included are the same that are available via the [Payload Processors dialog](/docs/desktop/addons/fuzzer/processors/). +The built-in payload processors included are the same that are available via the [Payload Processors dialog](/docs/desktop/addons/fuzzer/processors/). ## Accessed via diff --git a/site/content/docs/desktop/addons/fuzzer/options.md b/site/content/docs/desktop/addons/fuzzer/options.md index 9d4adcc74..2541a4c8c 100644 --- a/site/content/docs/desktop/addons/fuzzer/options.md +++ b/site/content/docs/desktop/addons/fuzzer/options.md @@ -29,7 +29,7 @@ The number of retries when an input/output error occurs sending a request to the ### Max. Errors Allowed -If the number of errors exceed this limit, fuzzer will stop its execution. +If the number of errors exceed this limit, the fuzzer will stop its execution. ### Payload Replacement Strategy diff --git a/site/content/docs/desktop/addons/fuzzer/payloads.md b/site/content/docs/desktop/addons/fuzzer/payloads.md index 1ec57ea76..04967dd60 100644 --- a/site/content/docs/desktop/addons/fuzzer/payloads.md +++ b/site/content/docs/desktop/addons/fuzzer/payloads.md @@ -9,7 +9,7 @@ weight: 5 This allows you to select the payload generators to use when [fuzzing](/docs/desktop/addons/fuzzer/) a request. -Payload generators generate the raw attacks that the fuzzer submits to the target application. +Payload generators generate the raw values or attacks that the fuzzer submits to the target application. The following types of generators are provided by default: diff --git a/site/content/docs/desktop/addons/fuzzer/processors.md b/site/content/docs/desktop/addons/fuzzer/processors.md index 4bc69d0f2..d7ee1ff19 100644 --- a/site/content/docs/desktop/addons/fuzzer/processors.md +++ b/site/content/docs/desktop/addons/fuzzer/processors.md @@ -9,7 +9,7 @@ weight: 6 This allows you to select the payload processors to use with specific payload generators. -Built in payload processors include: +Built-in payload processors include: * Base64 Decode * Base64 Encode diff --git a/site/content/docs/desktop/addons/fuzzer/tab.md b/site/content/docs/desktop/addons/fuzzer/tab.md index 66f24f0b1..e727d5f2f 100644 --- a/site/content/docs/desktop/addons/fuzzer/tab.md +++ b/site/content/docs/desktop/addons/fuzzer/tab.md @@ -7,8 +7,8 @@ weight: 7 # Fuzzer tab -The Fuzzer tab shows you the requests and responses performed when you [fuzz](/docs/desktop/addons/fuzzer/) a string. -Selecting a row see the full requests and responses. You can also search for strings in the fuzz results using the Search tab. +The Fuzzer tab shows you the requests and responses performed when you [fuzz](/docs/desktop/addons/fuzzer/) a message. +Select a row to see the full requests and responses. You can also search for strings in the fuzz results using the 'Search' tab. ## HTTP Fuzzer results diff --git a/site/content/docs/desktop/addons/postman-support/_index.md b/site/content/docs/desktop/addons/postman-support/_index.md index d097ba163..2c387b2d6 100644 --- a/site/content/docs/desktop/addons/postman-support/_index.md +++ b/site/content/docs/desktop/addons/postman-support/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: postman - version: 0.0.1 + version: 0.1.0 --- # Postman Support @@ -19,7 +19,7 @@ A menu item is added to the Import menu: * Import a Postman Collection -The dialog allows providing a comma-separated list of variables as key-value pairs in the format `key1=value1,key2=value2,...` +Any variables defined in the collection will be replaced with their values. Additionally, the dialog allows providing a comma-separated list of variables as key-value pairs in the format `key1=value1,key2=value2,...`, these variables will have precedence over the collection ones. ## API diff --git a/site/content/docs/desktop/addons/quick-start/_index.md b/site/content/docs/desktop/addons/quick-start/_index.md index 298dd7f6b..ad9453538 100644 --- a/site/content/docs/desktop/addons/quick-start/_index.md +++ b/site/content/docs/desktop/addons/quick-start/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: quickstart - version: 41.0.0 + version: 42.0.0 --- # Quick Start diff --git a/site/content/docs/desktop/addons/quick-start/zapit.md b/site/content/docs/desktop/addons/quick-start/zapit.md index 79d7f4b2c..35cbeb6a6 100644 --- a/site/content/docs/desktop/addons/quick-start/zapit.md +++ b/site/content/docs/desktop/addons/quick-start/zapit.md @@ -15,6 +15,9 @@ You can specify multiple URLs by specifying the option multiple times: The `-cmd` option must be specified, if it is not then the `-zapit` option will be ignored. +If you do not specify a URL beginning with either `http://` or `https://` then ZAP will +scan both of those schemes. + The ZAPit Scan will start a new ZAP session before it performs a scan, so do not start ZAP with a session that you want to keep. The ZAPit scan currently: diff --git a/site/content/docs/desktop/addons/report-generation/_index.md b/site/content/docs/desktop/addons/report-generation/_index.md index 3ca8b0a92..b25b16da8 100644 --- a/site/content/docs/desktop/addons/report-generation/_index.md +++ b/site/content/docs/desktop/addons/report-generation/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: reports - version: 0.24.0 + version: 0.25.0 --- # Report Generation diff --git a/site/content/docs/desktop/addons/report-generation/create.md b/site/content/docs/desktop/addons/report-generation/create.md index c61608c4a..33eb0573c 100644 --- a/site/content/docs/desktop/addons/report-generation/create.md +++ b/site/content/docs/desktop/addons/report-generation/create.md @@ -68,12 +68,12 @@ The following data items are available to all reports. These can be accessed via A tree containing all of the alerts that should be included in the report. This is a copy of the standard ZAP alert tree shown in the Desktop 'Alerts' tab but pruned to remove any alerts that do not match the criteria selected. -Every node in the tree is an [AlertNode](https://javadoc.io/static/org.zaproxy/zap/2.10.0/org/zaproxy/zap/extension/alert/AlertNode.html). +Every node in the tree is an [AlertNode](https://javadoc.io/doc/org.zaproxy/zap/latest/org/zaproxy/zap/extension/alert/AlertNode.html). The top level node does not include any useful data. There is one second level node for each type of alert found. These -nodes have a 'userObject' of type [Alert](https://javadoc.io/static/org.zaproxy/zap/2.10.0/org/parosproxy/paros/core/scanner/Alert.html) +nodes have a 'userObject' of type [Alert](https://javadoc.io/doc/org.zaproxy/zap/latest/org/parosproxy/paros/core/scanner/Alert.html) which gives you access to all of the alert data and the associated request and response. diff --git a/site/content/docs/desktop/addons/script-console/_index.md b/site/content/docs/desktop/addons/script-console/_index.md index 604b88015..d56861568 100644 --- a/site/content/docs/desktop/addons/script-console/_index.md +++ b/site/content/docs/desktop/addons/script-console/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: scripts - version: 40.0.0 + version: 41.0.0 --- # Script Console diff --git a/site/content/docs/desktop/addons/script-console/options.md b/site/content/docs/desktop/addons/script-console/options.md new file mode 100644 index 000000000..b2787f599 --- /dev/null +++ b/site/content/docs/desktop/addons/script-console/options.md @@ -0,0 +1,18 @@ +--- +# This page was generated from the add-on. +title: Script Console Options +type: userguide +weight: 3 +--- + +# Script Console Options + +## When the Script in the Console Changes on Disk + +This setting allows you to configure the default behaviour when a script open in the Script Console changes on disk, +for example if it was updated in another code editor. There are three options to choose from: + +* **Ask Each Time**: This will prompt you each time the script is changed on disk, allowing you to choose whether to keep the script in the console or replace it with the changed script. +* **Keep Script**: This will always keep the script in the console, even if it is changed on disk. +* **Replace Script**: This will always replace the script in the console with the changed script. +Note that if there are unsaved changes to the script, you will always be prompted to choose which version to keep. diff --git a/site/content/docs/desktop/addons/script-console/tree.md b/site/content/docs/desktop/addons/script-console/tree.md index 79f975cf8..ea44d9a95 100644 --- a/site/content/docs/desktop/addons/script-console/tree.md +++ b/site/content/docs/desktop/addons/script-console/tree.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Scripts tree tab type: userguide -weight: 3 +weight: 4 --- # Scripts tree tab diff --git a/site/data/addons.yaml b/site/data/addons.yaml index fb1db8bcb..4ef398bdb 100644 --- a/site/data/addons.yaml +++ b/site/data/addons.yaml @@ -108,9 +108,9 @@ status: beta infoUrl: /docs/desktop/addons/automation-framework/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.31.0/automation-beta-0.31.0.zap - date: 2023-09-07 - version: 0.31.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.32.0/automation-beta-0.32.0.zap + date: 2023-10-04 + version: 0.32.0 - id: beanshell name: BeanShell Console description: Provides a BeanShell Console @@ -367,9 +367,9 @@ status: beta infoUrl: /docs/desktop/addons/fuzzer/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.10.0/fuzz-beta-13.10.0.zap - date: 2023-07-11 - version: 13.10.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.11.0/fuzz-beta-13.11.0.zap + date: 2023-10-04 + version: 13.11.0 - id: fuzzdb name: FuzzDB Files description: FuzzDB files which can be used with the ZAP fuzzer @@ -773,9 +773,9 @@ status: alpha infoUrl: /docs/desktop/addons/postman-support/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/postman-v0.0.1/postman-alpha-0.0.1.zap - date: 2023-09-25 - version: 0.0.1 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/postman-v0.1.0/postman-alpha-0.1.0.zap + date: 2023-10-04 + version: 0.1.0 - id: pscanrules name: Passive scanner rules description: The release status Passive Scanner rules @@ -813,9 +813,9 @@ status: release infoUrl: /docs/desktop/addons/quick-start/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v41/quickstart-release-41.zap - date: 2023-09-28 - version: 41 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v42/quickstart-release-42.zap + date: 2023-10-04 + version: 42 - id: reflect name: Reflect description: Finds reflected parameters @@ -853,9 +853,9 @@ status: release infoUrl: /docs/desktop/addons/report-generation/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.24.0/reports-release-0.24.0.zap - date: 2023-08-17 - version: 0.24.0 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.25.0/reports-release-0.25.0.zap + date: 2023-10-04 + version: 0.25.0 - id: requester name: Requester description: Allows to manually edit and send messages. @@ -923,9 +923,9 @@ status: release infoUrl: /docs/desktop/addons/script-console/ repoUrl: https://github.com/zaproxy/zap-extensions/ - downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/scripts-v40/scripts-release-40.zap - date: 2023-09-11 - version: 40 + downloadUrl: https://github.com/zaproxy/zap-extensions/releases/download/scripts-v41/scripts-release-41.zap + date: 2023-10-04 + version: 41 - id: selenium name: Selenium description: WebDriver provider and includes HtmlUnit browser