From a035cf4913b9e3e36ac82a907e7bc25e60b1de34 Mon Sep 17 00:00:00 2001 From: zapbot <12745184+zapbot@users.noreply.github.com> Date: Tue, 11 Jul 2023 10:10:11 +0000 Subject: [PATCH] Update data From: zaproxy/zap-admin@6549f8980575681d3af5a35070e6a58635eba97d Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com> --- site/content/docs/desktop/_index.md | 2 +- site/content/docs/desktop/cmdline.md | 19 ++- site/content/docs/desktop/credits.md | 14 ++ site/content/docs/desktop/releases/2.12.0.md | 6 + site/content/docs/desktop/releases/2.13.0.md | 160 ++++++++++++++++++ site/content/docs/desktop/releases/_index.md | 1 + site/content/docs/desktop/start/_index.md | 6 + .../docs/desktop/start/features/addons.md | 6 + .../docs/desktop/start/features/api.md | 1 + .../docs/desktop/start/features/ascan.md | 2 + .../desktop/start/features/httpsessions.md | 2 +- .../docs/desktop/start/features/intercept.md | 2 +- .../desktop/start/features/marketplace.md | 2 +- .../docs/desktop/start/features/modes.md | 10 +- .../docs/desktop/start/features/notes.md | 2 +- .../docs/desktop/start/features/pscan.md | 4 +- .../docs/desktop/start/features/scanpolicy.md | 2 +- .../docs/desktop/start/features/scope.md | 2 +- .../docs/desktop/start/features/scripts.md | 4 +- .../start/features/sessionmanagement.md | 2 +- .../docs/desktop/start/features/sitestree.md | 2 +- .../docs/desktop/start/features/stats.md | 2 +- .../docs/desktop/start/features/structmods.md | 2 +- .../desktop/start/features/structparams.md | 2 +- .../docs/desktop/start/features/tags.md | 2 +- .../docs/desktop/start/features/users.md | 2 +- site/content/docs/desktop/start/pentest.md | 6 + site/content/docs/desktop/start/proxies.md | 2 +- .../docs/desktop/ui/dialogs/manageaddons.md | 4 +- .../docs/desktop/ui/dialogs/options/_index.md | 1 - .../docs/desktop/ui/dialogs/options/ascan.md | 10 +- .../ui/dialogs/options/checkforupdates.md | 14 +- .../ui/dialogs/options/httpsessions.md | 2 +- .../docs/desktop/ui/dialogs/options/jvm.md | 2 +- .../desktop/ui/dialogs/options/keyboard.md | 2 +- .../desktop/ui/dialogs/options/language.md | 2 +- .../docs/desktop/ui/dialogs/options/pscan.md | 2 +- .../desktop/ui/dialogs/options/pscanner.md | 2 +- .../desktop/ui/dialogs/options/pscanrules.md | 2 +- .../desktop/ui/dialogs/options/ruleconfig.md | 2 +- .../docs/desktop/ui/dialogs/options/script.md | 2 +- .../docs/desktop/ui/dialogs/options/search.md | 2 +- .../docs/desktop/ui/dialogs/options/stats.md | 2 +- .../desktop/ui/dialogs/session/contexts.md | 3 +- site/content/docs/desktop/ui/tabs/history.md | 4 + site/content/docs/desktop/ui/tlmenu/help.md | 2 +- site/content/docs/desktop/ui/tltoolbar.md | 14 +- site/data/addons.yaml | 6 +- 48 files changed, 286 insertions(+), 63 deletions(-) create mode 100644 site/content/docs/desktop/releases/2.13.0.md diff --git a/site/content/docs/desktop/_index.md b/site/content/docs/desktop/_index.md index e8c064fb4..5dcde1c73 100644 --- a/site/content/docs/desktop/_index.md +++ b/site/content/docs/desktop/_index.md @@ -6,7 +6,7 @@ weight: 1 cascade: addon: id: help - version: 15.0.0 + version: 16.0.0 --- # OWASP ZAP Desktop User Guide diff --git a/site/content/docs/desktop/cmdline.md b/site/content/docs/desktop/cmdline.md index c150d7d25..bc6ae206e 100644 --- a/site/content/docs/desktop/cmdline.md +++ b/site/content/docs/desktop/cmdline.md @@ -35,7 +35,7 @@ All options below can be passed to any of these. ## Options -ZAP supports the following command line options: +ZAP (core) supports the following command line options: | | | | |---|-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -50,8 +50,6 @@ ZAP supports the following command line options: | | -help | The same as -h | | | -newsession \ | Creates a new session at the given location | | | -session \ | Opens the given session after starting ZAP | -| | -host \ | Overrides the host used for proxying specified in the configuration file | -| | -port \ | Overrides the port used for proxying specified in the configuration file | | | -lowmem | Use the database instead of memory as much as possible - this is still experimental | | | -experimentaldb | Use the experimental generic database code, which is not surprisingly also still experimental | | | -nostdout | Disables the default logging through standard output | @@ -73,8 +71,6 @@ Configuration keys should be specified using the dot notation based their locati -config api.key=12345 ``` -Note that add-ons can add extra command line options. - Examples: @@ -90,9 +86,22 @@ Examples: -session /full/path/to/existing/session -script /full/path/to/script.js -cmd ``` +## Add-ons + +Add-ons can add extra command line options which are described in their own help pages. + + +For the command line options that allow to configure the main local proxy, refer to the [Network Command Line](/docs/desktop/addons/network/cmdline/) help page. + ## See also | | | | |---|------------------------------------------|---------------------------------| | | [Introduction](/docs/desktop/) | the introduction to ZAP | | | [API](/docs/desktop/start/features/api/) | to control ZAP programmatically | + +## Official Videos + +| | | +|---|-----------------------------------------------------------------------------------------------------| +| | [ADDO Automation: Automation Command Line](https://play.vidyard.com/g97SccHH52RXnAcBYBmDGA) (14:03) | diff --git a/site/content/docs/desktop/credits.md b/site/content/docs/desktop/credits.md index fbee38beb..da4e9c384 100644 --- a/site/content/docs/desktop/credits.md +++ b/site/content/docs/desktop/credits.md @@ -32,11 +32,13 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Tushar Aggarwal | | | Amro Alolaqi | | | [Matthias Altmann](https://secf00tprint.github.io/blog) ([@secf00tprint](https://twitter.com/secf00tprint)) | +| | André Alves ([@andrealvesdev](https://twitter.com/andrealvesdev)) | | | Mário Areias | | | Matt Austin ([@mattaustin](https://twitter.com/mattaustin)) | | | Abdelhadi Azouni | | | Mennouchi Islam Azeddine | | | Ahmed Bahajjaj ([@madanalogy](https://github.com/madanalogy)) | +| | Yang Bai ([@Geekby](https://www.geekby.site/)) | | | Florent Baillais ([@flocurity](https://twitter.com/flocurity)) | | | Adam Baldwin ([@adamhawkbaldwin](https://twitter.com/adamhawkbaldwin)) | | | Jay Ball | @@ -52,12 +54,15 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Ailton Caetano | | | Kim Carter ([@binarymist](https://twitter.com/binarymist)) | | | Eranda Chandrika | +| | [ciceroff](https://github.com/ciceroff) | | | Jonathan Claudius ([@claudijd](https://twitter.com/claudijd)) | | | Adrian Clay | | | Baptiste Crépin - AXA Group Security | | | Johanna Curiel | +| | Chris Dailey ([@dailz-c](https://github.com/dailz-c)) | | | Karl Dalley ([@gnirlos](https://github.com/gnirlos)) | | | Anamika Das ([@AnamikaD](https://twitter.com/AnamikaD)) | +| | Patrick Double ([@double16](https://github.com/double16)) | | | Mike Emery - Portcullis Security | | | Leandro Ferrari - Talsoft SRL | | | Freakyclown - Portcullis Security | @@ -65,11 +70,16 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Patrick Galley | | | Lakshya Garg ([@LakiG](https://www.linkedin.com/in/lakshyaagarg/)) | | | Scott Gerlach ([@sgerlach](https://twitter.com/sgerlach)) - StackHawk | +| | Giothysham | +| | Thiago Gomes | | | Mark Goodwin | | | Chris Grieger | | | Daniel Grunwell (grunny) | +| | [GRVial](https://github.com/GRVial) | +| | Aryan Gupta ([LinkedIn](https://www.linkedin.com/in/aryan-gupta-78273a1b6)) | | | Houcem Hachicha | | | Wil Hadden ([@WilHadden](https://twitter.com/WilHadden)) | +| | David Hall | | | Keith Hamasaki - TeamPraxis | | | Niranjan Hegde (nhegde610) | | | Omer Levi Hevroni | @@ -99,6 +109,7 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Robert Koch | | | Savva Kodeikin | | | Christian Koidl | +| | Chandaluri Vamsi Krishna ([@Vamsikrishna99C](https://twitter.com/Vamsikrishna99C)) | | | Lars Kristensen | | | Erik de Kuijper ([@edkpr](https://github.com/edkpr)) | | | Gwilym Lewis – Appsecco | @@ -129,6 +140,7 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | David Petrasovic | | | Yvan Phélizot | | | Pierre-David ([@ouaibe](https://github.com/ouaibe)) | +| | PlainUrban | | | Paul Pollack | | | Andrea Pompili (Yhawke), | | | Prasad N. Shenoy | @@ -154,6 +166,7 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Alessandro Secco | | | Nirojan Selvanathan ([@sshniro](https://twitter.com/sshniro)) | | | Bill Sempf - Columbus OWASP | +| | Sparsh Sethi ([@code-sparsh](https://github.com/code-sparsh)) | | | Chaitanya Sharma ([@phoenix24](https://twitter.com/phoenix24)) | | | Zainab Al Showely | | | Raul Siles - DinoSec | @@ -163,6 +176,7 @@ People who have made contributions to ZAP over the years, in alphabetical order: | | Benjamin Slack of | | | Yannic Smeets | | | Andreas Sommer | +| | Vitika Soni ([@VitikaSoni](https://github.com/VitikaSoni)) | | | David Sopas ([@dsopas](https://twitter.com/dsopas)) | | | Josh Soref ([@jsoref](https://github.com/jsoref/)) | | | Cosmin Stefan-Dobrin | diff --git a/site/content/docs/desktop/releases/2.12.0.md b/site/content/docs/desktop/releases/2.12.0.md index 7544cedda..edec01c6a 100644 --- a/site/content/docs/desktop/releases/2.12.0.md +++ b/site/content/docs/desktop/releases/2.12.0.md @@ -10,6 +10,8 @@ weight: 1 This is a bug fix and enhancement release, which now requires a minimum of Java 11. As the main [zaproxy/zaproxy](https://github.com/zaproxy/zaproxy) repo has just reached 10k stars we're calling this the 'Ten Thousand Star' Release! +This release fixes an HTML Injection vulnerability in the ZAP Desktop which was rated a P3 / Medium level vulnerability. While we do not think that it can be exploited in any meaningful way, desktop users are still recommended to update from older ZAP versions a.s.a.p. + These release notes do not include all of the changes included in add-ons updated since 2.11.1. Some of the more significant enhancements include: @@ -172,6 +174,10 @@ The following add-ons are no longer included, having been superseded by the Impo * Save Raw Message * Save XML Message +## Desktop HTML Injection Fix + +This release includes a fix to prevent HTML Injection in the ZAP Desktop GUI. Thank you to “issuefinder” for reporting this to us via our [bug bounty](https://bugcrowd.com/owaspzap) program. The vulnerability was rated as a P3 / Medium and desktop users are recommended to update from older ZAP versions a.s.a.p. + ## Enhancements * [Issue 1623](https://github.com/zaproxy/zaproxy/issues/1623) : Provide better error message when cert path validation fails diff --git a/site/content/docs/desktop/releases/2.13.0.md b/site/content/docs/desktop/releases/2.13.0.md new file mode 100644 index 000000000..529e372f3 --- /dev/null +++ b/site/content/docs/desktop/releases/2.13.0.md @@ -0,0 +1,160 @@ +--- +# This page was generated from the add-on. +title: Release 2.13.0 +type: userguide +--- + +# Release 2.13.0 + +This is a bug fix and enhancement release. +These release notes do not include all of the changes included in add-ons updated since 2.12.0. + +Some of the more significant enhancements include: + +### HTTP/2 Support + +HTTP/2 is now supported, with no configuration changes required. + +If you proxy HTTP/2 traffic through ZAP then ZAP will make the same HTTP/2 requests to the target. Any tools that work on proxied requests will also automatically use HTTP/2. + +### Improved Authentication Handling + +ZAP authentication handling has been significantly overhauled, and ZAP can now auto-authenticate to many web apps by just supplying the URL of the login page along with the credentials. + +### Mac Silicon Support + +Mac Silicon is now supported via a new [installer](/download/#main) and in the [Docker images](/download/#docker). + +### GitHub Container Registry + +As explained in [this blog post](/blog/2023-06-13-ghcr-docker-images/) the ZAP Docker images are now also available in the GitHub Container Registry. + +This may well be a better alternative for many users as, unlike Docker Hub, there is currently no rate limiting on pulls. + +### Default Threads + +All of the "attack" tools which use threading, including both spiders and active scanner, have been changed to use 2x the number of processors as the default number of threads. Using more threads has been shown to significantly reduce the time the scanners take to run. + +### Network Rate Limiting + +The Network add-on now supports a rate limiting feature which allows you to limit the request rate of HTTP/HTTPS (not web sockets) traffic to hosts or domains to prevent overloading the target or being blocked. For more details see the [Rate Limit](/docs/desktop/addons/network/options/ratelimit/) help page. + +Note that the Active Scan [Delay When Scanning](/docs/desktop/ui/dialogs/options/ascan/#delay-when-scanning-in-milliseconds) feature has been deprecated and will be removed in a future release. + +### Network Global Exclusions + +The Global Exclusions functionality has been moved to the Network add-on. This will allow us to update it more easily to keep up with browser changes. + +### Scan Rule Promotions + +The following **Active** scan rules have been promoted to **Release** status: + +* [Log4Shell](/docs/alerts/40043/) +* [Spring Actuator Information Leak](/docs/alerts/40042/) +* [Spring4Shell](/docs/alerts/40045/) +* [Server Side Template Injection](/docs/alerts/90035/) +* [Server Side Template Injection (Blind)](/docs/alerts/90036/) +* [XPath Injection](/docs/alerts/90021/) + +The following **Active** scan rules have been promoted to **Beta** status (and will therefore now be included in the Packaged scans): + +* [Server Side Request Forgery](/docs/alerts/40046/) +* [Text4shell (CVE-2022-42889)](/docs/alerts/40047/) + +The following **Passive** scan rules have been promoted to **Beta** status (and will therefore now be included in the Packaged scans): + +* [Insufficient Site Isolation Against Spectre Vulnerability](/docs/alerts/90004/) +* [Source Code Disclosure](/docs/alerts/10099/) + +### Dependency Updates + +As usual the release includes dependency updates. + +The [Selenium](/docs/desktop/addons/selenium/) add-on has been updated to use the Selenium v4 library. +One benefit this brings is that the output from browsers will no longer be shown in the ZAP output - this has been +confusing to many people and has not provided any real benefit. + + +If you have any custom code that directly accesses Selenium classes then you may need to update it. + +The following libraries were updated: + +* Commons Codec, 1.15 → 1.16.0 +* Commons CSV, 1.9.0 → 1.10.0 +* Commons IO, 2.11.0 → 2.13.0 +* Flatlaf 2.6 → 3.1.1 +* HSQLDB, 2.7.1 → 2.7.2 +* JFreeChart, 1.5.3 → 1.5.4 +* Log4j 2, 2.19.0 → 2.20.0 +* RSyntaxTextArea, 3.3.0 → 3.3.3 +* XOM, 1.3.8 → 1.3.9 + +## Add-Ons + +### New Add-Ons + +The following add-ons are included by default in this release for the first time: + +* [Authentication Helper](/docs/desktop/addons/authentication-helper/) - helps identify and set up authentication handling in ZAP. + +### Updated Add-Ons + +All of the add-ons included by default have been updated since the last full release. + +## Enhancements + +* [Issue 7326](https://github.com/zaproxy/zaproxy/issues/7326) : Allow icons to be scaled independently of the text +* [Issue 7440](https://github.com/zaproxy/zaproxy/issues/7440) : Manual Request Editor - Add Content-Type when switching to POST +* [Issue 7574](https://github.com/zaproxy/zaproxy/issues/7574) : Add convenience methods for help and options buttons +* [Issue 7581](https://github.com/zaproxy/zaproxy/issues/7581) : I would like to be able to set \`ZAP_SILENT\` to disable call home requests +* [Issue 7600](https://github.com/zaproxy/zaproxy/issues/7600) : Add details to logged API exception messages +* [Issue 7613](https://github.com/zaproxy/zaproxy/issues/7613) : Lower case HTTP field names +* [Issue 7663](https://github.com/zaproxy/zaproxy/issues/7663) : Default thread to number of processors +* [Issue 7693](https://github.com/zaproxy/zaproxy/issues/7693) : Add Clear button to History tab +* [Issue 7806](https://github.com/zaproxy/zaproxy/issues/7806) : Deprecate CFU HTTP sender initiator +* [Issue 7843](https://github.com/zaproxy/zaproxy/issues/7843) : Deprecate \`Proxy\`/\`ProxyServer\` related methods +* [Issue 7847](https://github.com/zaproxy/zaproxy/issues/7847) : Add auto-detect checking strategy +* [Issue 7869](https://github.com/zaproxy/zaproxy/issues/7869) : Allow to limit alerts per rule during active scan +* [Issue 7886](https://github.com/zaproxy/zaproxy/issues/7886) : Include whole \`org.zaproxy\` package in log config +* [Issue 7887](https://github.com/zaproxy/zaproxy/issues/7887) : Show alert ref in the Alert panel +* [Issue 7888](https://github.com/zaproxy/zaproxy/issues/7888) : Deprecate Global Exclude URLs +* [Issue 7918](https://github.com/zaproxy/zaproxy/issues/7918) : Use Adoptium for Java download in the executable +* [Issue 7933](https://github.com/zaproxy/zaproxy/issues/7933) : Search auth messages +* [Issue 7937](https://github.com/zaproxy/zaproxy/issues/7937) : Deprecate Active Scan option Delay When Scanning +* [Issue 7938](https://github.com/zaproxy/zaproxy/issues/7938) : Allow to read enum values with \`AbstractParam\` + +## Bug fixes + +* [Issue 3798](https://github.com/zaproxy/zaproxy/issues/3798) : java.awt.Toolkit initialised when running without view +* [Issue 5368](https://github.com/zaproxy/zaproxy/issues/5368) : ZAP exe might fail to find Java +* [Issue 6957](https://github.com/zaproxy/zaproxy/issues/6957) : Use of commas within regex for contexts renders them unloadable +* [Issue 7559](https://github.com/zaproxy/zaproxy/issues/7559) : Alert selection automatically focusing the Request/Response tabs in Full layout +* [Issue 7579](https://github.com/zaproxy/zaproxy/issues/7579) : Do not allow invalid number of active scan threads +* [Issue 7589](https://github.com/zaproxy/zaproxy/issues/7589) : Improve add-on update file handling +* [Issue 7590](https://github.com/zaproxy/zaproxy/issues/7590) : Add-ons being updated might be marked as blocked +* [Issue 7593](https://github.com/zaproxy/zaproxy/issues/7593) : Check first if an add-on can be uninstalled before uninstalling dependents +* [Issue 7598](https://github.com/zaproxy/zaproxy/issues/7598) : Misspelling in \`config.xml\` \`scanner.antiCSFR\` should be \`scanner.antiCSRF\` +* [Issue 7615](https://github.com/zaproxy/zaproxy/issues/7615) : Refresh Show Tab menu item when tabs are removed +* [Issue 7619](https://github.com/zaproxy/zaproxy/issues/7619) : Use correct path for proxy.pac API nonce +* [Issue 7620](https://github.com/zaproxy/zaproxy/issues/7620) : Fix HTML tag in message on Context Authorization screen +* [Issue 7635](https://github.com/zaproxy/zaproxy/issues/7635) : Repaint main toolbar on modified components +* [Issue 7703](https://github.com/zaproxy/zaproxy/issues/7703) : Do not remove add-ons from the install dir +* [Issue 7716](https://github.com/zaproxy/zaproxy/issues/7716) : Ascan Category summaries not updated +* [Issue 7749](https://github.com/zaproxy/zaproxy/issues/7749) : Remove extraneous chars from SQL queries +* [Issue 7750](https://github.com/zaproxy/zaproxy/issues/7750) : Correct - Consistently prompt when deleting history/sites items +* [Issue 7765](https://github.com/zaproxy/zaproxy/issues/7765) : Exceptions during update of add-ons with dependents with optional Extensions +* [Issue 7769](https://github.com/zaproxy/zaproxy/issues/7769) : Remove duplicate Message properties +* [Issue 7804](https://github.com/zaproxy/zaproxy/issues/7804) : Ensure passive scan runs even with high traffic +* [Issue 7814](https://github.com/zaproxy/zaproxy/issues/7814) : Prevent exception when uninstalling add-on's help +* [Issue 7844](https://github.com/zaproxy/zaproxy/issues/7844) : Retain add-on's mandatory state +* [Issue 7873](https://github.com/zaproxy/zaproxy/issues/7873) : Sort Sites nodes with different case consistently +* [Issue 7883](https://github.com/zaproxy/zaproxy/issues/7883) : Stop Active Scan's Analyser +* [Issue 7936](https://github.com/zaproxy/zaproxy/issues/7936) : Update content-length in auth template scripts + +## See Also + +| | | | +|---|-------------------------------------|-----------------------------------------------------------| +| | [Introduction](/docs/desktop/) | the introduction to ZAP | +| | [Releases](/docs/desktop/releases/) | the full set of releases | +| | [Credits](/docs/desktop/credits/) | the people and groups who have made this release possible | diff --git a/site/content/docs/desktop/releases/_index.md b/site/content/docs/desktop/releases/_index.md index b71d26621..1c43ac27c 100644 --- a/site/content/docs/desktop/releases/_index.md +++ b/site/content/docs/desktop/releases/_index.md @@ -11,6 +11,7 @@ The following releases have been made: | | | | |---|------------------------------------------|--------------------------------------------------------------------------------------------------------------| +| | [2.13.0](/docs/desktop/releases/2.13.0/) | bug fix and enhancement release | | | [2.12.0](/docs/desktop/releases/2.12.0/) | ten thousand star bug fix and enhancement release | | | [2.11.1](/docs/desktop/releases/2.11.1/) | includes an important security fix - users are urged to upgrade asap | | | [2.11.0](/docs/desktop/releases/2.11.0/) | OWASP 20th anniversary bug fix and enhancement release | diff --git a/site/content/docs/desktop/start/_index.md b/site/content/docs/desktop/start/_index.md index d392126e3..10c2ada99 100644 --- a/site/content/docs/desktop/start/_index.md +++ b/site/content/docs/desktop/start/_index.md @@ -47,3 +47,9 @@ The next thing to do is to start a | | [Introduction](/docs/desktop/) | the introduction to ZAP | | | [Features](/docs/desktop/start/features/) | provided by ZAP | | | [Scanner Rules](/docs/desktop/start/checks/) | supported by default | + +## Official Videos + +| | | +|---|---------------------------------------------------------------------------------------| +| | [ZAPCon 2022: ZAP for Everybody](https://www.youtube.com/watch?v=32W_hm30dsg) (44:05) | diff --git a/site/content/docs/desktop/start/features/addons.md b/site/content/docs/desktop/start/features/addons.md index a8d1c4783..e451ed8ec 100644 --- a/site/content/docs/desktop/start/features/addons.md +++ b/site/content/docs/desktop/start/features/addons.md @@ -41,3 +41,9 @@ To make an add-on available to ZAP it must be in one of the following locations: | | [UI Overview](/docs/desktop/ui/) | for an overview of the user interface | | | [Features](/docs/desktop/start/features/) | provided by ZAP | | | [Marketplace](/addons/) | to browse the add-ons online | + +## Official Videos + +| | | +|---|--------------------------------------------------------------------------------------------------------------------| +| | [ZAPCon 2022: More Power to "ZAP" - Demystifying ZAP Add-ons](https://www.youtube.com/watch?v=N4OEtVCda6s) (40:29) | diff --git a/site/content/docs/desktop/start/features/api.md b/site/content/docs/desktop/start/features/api.md index 42a4a5e25..87f453d47 100644 --- a/site/content/docs/desktop/start/features/api.md +++ b/site/content/docs/desktop/start/features/api.md @@ -26,4 +26,5 @@ Future versions of ZAP will increase the functionality available via the APi. | | | | |---|-------------------------------------------|---------------------------------------| | | [UI Overview](/docs/desktop/ui/) | for an overview of the user interface | +| | [API Overview](/docs/api/#introduction) | for an overview of the API | | | [Features](/docs/desktop/start/features/) | provided by ZAP | diff --git a/site/content/docs/desktop/start/features/ascan.md b/site/content/docs/desktop/start/features/ascan.md index dc52a1a9c..07e86c433 100644 --- a/site/content/docs/desktop/start/features/ascan.md +++ b/site/content/docs/desktop/start/features/ascan.md @@ -50,3 +50,5 @@ The rules that run are configured via [Scan Policies](/docs/desktop/start/featur | | | |---|----------------------------------------------------------------------------------------------| | | [ZAP In Ten: Active Scanning](https://play.sonatype.com/watch/ZcEfSihgQSzuthJi4qEeW3) (9:47) | +| | [ZAP In Ten: Active Scan Scripts](https://play.vidyard.com/aEwqErXFMTYdDDQbTgnJeA) (11:37) | +| | [Deep Dive: Active Scanning](https://www.youtube.com/watch?v=z2r4xGMQlys) (31:26) | diff --git a/site/content/docs/desktop/start/features/httpsessions.md b/site/content/docs/desktop/start/features/httpsessions.md index 4ae753bda..339419415 100644 --- a/site/content/docs/desktop/start/features/httpsessions.md +++ b/site/content/docs/desktop/start/features/httpsessions.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: HTTP Sessions type: userguide -weight: 14 +weight: 13 --- # HTTP Sessions diff --git a/site/content/docs/desktop/start/features/intercept.md b/site/content/docs/desktop/start/features/intercept.md index 086ac70ce..7d216737b 100644 --- a/site/content/docs/desktop/start/features/intercept.md +++ b/site/content/docs/desktop/start/features/intercept.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Manipulator-in-the-middle Proxy type: userguide -weight: 15 +weight: 14 --- # Manipulator-in-the-middle Proxy diff --git a/site/content/docs/desktop/start/features/marketplace.md b/site/content/docs/desktop/start/features/marketplace.md index a31111e5a..a1dd1e85c 100644 --- a/site/content/docs/desktop/start/features/marketplace.md +++ b/site/content/docs/desktop/start/features/marketplace.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Marketplace type: userguide -weight: 16 +weight: 15 --- # Marketplace diff --git a/site/content/docs/desktop/start/features/modes.md b/site/content/docs/desktop/start/features/modes.md index e9c961b34..a8554513c 100644 --- a/site/content/docs/desktop/start/features/modes.md +++ b/site/content/docs/desktop/start/features/modes.md @@ -2,17 +2,17 @@ # This page was generated from the add-on. title: Modes type: userguide -weight: 17 +weight: 16 --- # Modes ZAP has a 'mode' which can be: -* Safe - no potentially dangerous operations permitted -* Protected - you can only perform (potentially) dangerous actions on URLs in the [Scope](/docs/desktop/start/features/scope/) -* Standard - as in previous releases, you can do anything -* ATTACK - new nodes that are in [Scope](/docs/desktop/start/features/scope/) are [actively scanned](/docs/desktop/start/features/ascan/) as soon as they are discovered +* Safe - no potentially dangerous operations permitted. +* Protected - you can only perform (potentially) dangerous actions on URLs in the [scope](/docs/desktop/start/features/scope/). +* Standard - does not restrict anything. +* ATTACK - new nodes that are in [scope](/docs/desktop/start/features/scope/) are [actively scanned](/docs/desktop/start/features/ascan/) as soon as they are discovered. It is recommended that you use the Protected mode to ensure that you only attack sites that you mean to. diff --git a/site/content/docs/desktop/start/features/notes.md b/site/content/docs/desktop/start/features/notes.md index a4b7f1c77..532fe5ef6 100644 --- a/site/content/docs/desktop/start/features/notes.md +++ b/site/content/docs/desktop/start/features/notes.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Notes type: userguide -weight: 18 +weight: 17 --- # Notes diff --git a/site/content/docs/desktop/start/features/pscan.md b/site/content/docs/desktop/start/features/pscan.md index 01255a1ed..4c11904d2 100644 --- a/site/content/docs/desktop/start/features/pscan.md +++ b/site/content/docs/desktop/start/features/pscan.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Passive Scan type: userguide -weight: 19 +weight: 18 --- # Passive Scan @@ -37,3 +37,5 @@ The alerts raised by passive scan rules can be configured using the | | | |---|------------------------------------------------------------------------------------------------| | | [ZAP In Ten: Passive Scanning](https://play.sonatype.com/watch/vDWpoYjHi7fSLYFDQPWgMF) (10:27) | +| | [ZAP In Ten: Passive Scan Scripts](https://play.vidyard.com/HfENJ3GJB3zbD6sMscDrjD) (11:53) | +| | [Deep Dive: Passive Scanning](https://www.youtube.com/watch?v=Rx42kyrB0nk) (27:35) | diff --git a/site/content/docs/desktop/start/features/scanpolicy.md b/site/content/docs/desktop/start/features/scanpolicy.md index 77cf652d4..a6e067bef 100644 --- a/site/content/docs/desktop/start/features/scanpolicy.md +++ b/site/content/docs/desktop/start/features/scanpolicy.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Scan Policy type: userguide -weight: 20 +weight: 19 --- # Scan Policy diff --git a/site/content/docs/desktop/start/features/scope.md b/site/content/docs/desktop/start/features/scope.md index 2a38ca26d..5451fb7a0 100644 --- a/site/content/docs/desktop/start/features/scope.md +++ b/site/content/docs/desktop/start/features/scope.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Scope type: userguide -weight: 21 +weight: 20 --- # Scope diff --git a/site/content/docs/desktop/start/features/scripts.md b/site/content/docs/desktop/start/features/scripts.md index 0cedf1ae2..691f08d8b 100644 --- a/site/content/docs/desktop/start/features/scripts.md +++ b/site/content/docs/desktop/start/features/scripts.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Scripts type: userguide -weight: 22 +weight: 21 --- # Scripts @@ -29,7 +29,7 @@ Different types of scripts are supported: * Active Rules - these run as part of the Active Scanner and can be individually enabled * Authentication - scripts that are invoked when authentication is performed for a Context. To be used, they need to be selected when configuring the Script-Based Authentication Method for a Context. * Extender - scripts which can add new functionality, including graphical elements and new API end points -* HTTP Sender - scripts that run against every request/response sent/received by ZAP. This includes the proxied messages, messages sent during active scanner, fuzzer, ... +* HTTP Sender - scripts that run against every request/response sent/received by ZAP. This includes the proxied messages, messages sent during active scan, fuzzer, ... * Input Vector - scripts for defining exactly what ZAP should attack. They can also change how any URL is represented in the Sites Tree * Passive Rules - these run as part of the Passive Scanner and can be individually enabled * Proxy - these run 'inline', can change every request and response and can be individually enabled. They can also trigger break points diff --git a/site/content/docs/desktop/start/features/sessionmanagement.md b/site/content/docs/desktop/start/features/sessionmanagement.md index 42ed6bfc6..6f85ec556 100644 --- a/site/content/docs/desktop/start/features/sessionmanagement.md +++ b/site/content/docs/desktop/start/features/sessionmanagement.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Session Management type: userguide -weight: 23 +weight: 22 --- # Session Management diff --git a/site/content/docs/desktop/start/features/sitestree.md b/site/content/docs/desktop/start/features/sitestree.md index 5c72cab8d..edd498c95 100644 --- a/site/content/docs/desktop/start/features/sitestree.md +++ b/site/content/docs/desktop/start/features/sitestree.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Sites Tree type: userguide -weight: 24 +weight: 23 --- # Sites Tree diff --git a/site/content/docs/desktop/start/features/stats.md b/site/content/docs/desktop/start/features/stats.md index 4b27fb98b..c73d06913 100644 --- a/site/content/docs/desktop/start/features/stats.md +++ b/site/content/docs/desktop/start/features/stats.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Statistics type: userguide -weight: 25 +weight: 24 --- # Statistics diff --git a/site/content/docs/desktop/start/features/structmods.md b/site/content/docs/desktop/start/features/structmods.md index 7b11feb48..3729152e4 100644 --- a/site/content/docs/desktop/start/features/structmods.md +++ b/site/content/docs/desktop/start/features/structmods.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Structural Modifiers type: userguide -weight: 26 +weight: 25 --- # Structural Modifiers diff --git a/site/content/docs/desktop/start/features/structparams.md b/site/content/docs/desktop/start/features/structparams.md index d395c0c88..80bc7f75e 100644 --- a/site/content/docs/desktop/start/features/structparams.md +++ b/site/content/docs/desktop/start/features/structparams.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Structural Parameters type: userguide -weight: 27 +weight: 26 --- # Structural Parameters diff --git a/site/content/docs/desktop/start/features/tags.md b/site/content/docs/desktop/start/features/tags.md index f058db1bd..7c58551de 100644 --- a/site/content/docs/desktop/start/features/tags.md +++ b/site/content/docs/desktop/start/features/tags.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Tags type: userguide -weight: 28 +weight: 27 --- # Tags diff --git a/site/content/docs/desktop/start/features/users.md b/site/content/docs/desktop/start/features/users.md index 4a882cc26..32cfbf094 100644 --- a/site/content/docs/desktop/start/features/users.md +++ b/site/content/docs/desktop/start/features/users.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Users type: userguide -weight: 29 +weight: 28 --- # Users diff --git a/site/content/docs/desktop/start/pentest.md b/site/content/docs/desktop/start/pentest.md index fb3255e34..5cce00011 100644 --- a/site/content/docs/desktop/start/pentest.md +++ b/site/content/docs/desktop/start/pentest.md @@ -48,3 +48,9 @@ Future versions of the ZAP Desktop User Guide will describe how ZAP can be used | | | | |---|----------------------------|---------------------| | | https://www.owasp.org/wstg | OWASP Testing Guide | + +## Official Videos + +| | | +|---|----------------------------------------------------------------------------------------------------------| +| | [ZAPCon 2022: Drive-By Pentesting with ZAP Scripts](https://www.youtube.com/watch?v=AqZdqAK9S2g) (38:19) | diff --git a/site/content/docs/desktop/start/proxies.md b/site/content/docs/desktop/start/proxies.md index 1145bd3fa..c2559a699 100644 --- a/site/content/docs/desktop/start/proxies.md +++ b/site/content/docs/desktop/start/proxies.md @@ -107,7 +107,7 @@ Instructions for the latest versions of the most commonly used browsers: | | | | |---|--------------|---------------------------------------------------------------------| -| | Select the | 'Web Proxy (HTTP) | +| | Select the | 'Web proxy (HTTP)' | | | Enter in the | 'Address:' field the 'Address' you configured in the options screen | | | Enter in the | 'Port' field the 'Port' you configured in the options screen | | | Press the | Proxies Setting 'OK' button | diff --git a/site/content/docs/desktop/ui/dialogs/manageaddons.md b/site/content/docs/desktop/ui/dialogs/manageaddons.md index 920f1e790..b7ad3e959 100644 --- a/site/content/docs/desktop/ui/dialogs/manageaddons.md +++ b/site/content/docs/desktop/ui/dialogs/manageaddons.md @@ -20,8 +20,8 @@ You can also uninstall add-ons from this tab - typically add-ons are dynamically ## Marketplace -This tab shows you all of the add-ons that you dont have installed which are available from the Add-on Marketplace. -You will need to 'Check for updates' before you can see the add-ons available. +This tab shows you all of the add-ons that you don't have installed which are available from the Add-on Marketplace. +You will need to 'Check for Updates' before you can see the add-ons available. Hovering over an add-on will show you more information about it. You can install any of the add-ons listed - typically add-ons are dynamically added to the ZAP UI as soon as you install them. diff --git a/site/content/docs/desktop/ui/dialogs/options/_index.md b/site/content/docs/desktop/ui/dialogs/options/_index.md index 1583b456e..8699c251c 100644 --- a/site/content/docs/desktop/ui/dialogs/options/_index.md +++ b/site/content/docs/desktop/ui/dialogs/options/_index.md @@ -22,7 +22,6 @@ It include the following screens: | | [Database](/docs/desktop/ui/dialogs/options/database/) | | | | [Display](/docs/desktop/ui/dialogs/options/view/) | | | | [Extensions](/docs/desktop/ui/dialogs/options/ext/) | | -| | [Global Exclude URL](/docs/desktop/ui/dialogs/options/globalexcludeurl/) | | | | [HTTP Sessions](/docs/desktop/ui/dialogs/options/httpsessions/) | | | | [JVM](/docs/desktop/ui/dialogs/options/jvm/) | | | | [Keyboard](/docs/desktop/ui/dialogs/options/keyboard/) | | diff --git a/site/content/docs/desktop/ui/dialogs/options/ascan.md b/site/content/docs/desktop/ui/dialogs/options/ascan.md index 8a517d910..36b53d54f 100644 --- a/site/content/docs/desktop/ui/dialogs/options/ascan.md +++ b/site/content/docs/desktop/ui/dialogs/options/ascan.md @@ -27,6 +27,11 @@ Displaying a large number of results can significantly increase the time a scan The maximum time any individual rule can run for in minutes. Zero means no limit. This can be used to prevent rules that are taking an excessive amount of time. +### Max alerts any rule can raise + +The maximum number of alerts any rule can raise during the active scan, scan rules that reach this value are skipped. +**Note:** The maximum might be exceed due to threading. + ### Maximum Scan Duration (minutes; 0 is unlimited) The maximum time that the whole scan can run for in minutes. Zero means no limit. This can be used to ensure that a scan is completed around a set time. @@ -34,11 +39,12 @@ The maximum time that the whole scan can run for in minutes. Zero means no limit ### Delay When Scanning (In Milliseconds) The delay in milliseconds between each request. -Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host. +Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host. +**Note:** This option has been deprecated and it will be removed in a future release. Use the Network \> Rate Limit option instead. The latter option allows to enforce the rate at which the requests are sent while the Delay When Scanning doesn't. ### Inject plugin ID in header for all active scan requests. -If this option is selected the active scanner will inject the request header `X-ZAP-Scan-ID` with the ID of the scanner that's sending the HTTP requests. +If this option is selected the active scanner will inject the request header `X-ZAP-Scan-ID` with the ID of the scan rule that's sending the HTTP requests. ### Handle anti-CSRF tokens. diff --git a/site/content/docs/desktop/ui/dialogs/options/checkforupdates.md b/site/content/docs/desktop/ui/dialogs/options/checkforupdates.md index a518ad765..4684b5f93 100644 --- a/site/content/docs/desktop/ui/dialogs/options/checkforupdates.md +++ b/site/content/docs/desktop/ui/dialogs/options/checkforupdates.md @@ -17,32 +17,32 @@ It is strongly recommended that you check this box. If for any reason you choose not to then you should manually check for updates frequently. ZAP will only make one request, and the only information included will be the current version you are on. -### Automatically download new ZAP releases +### Automatically download new ZAP releases. If selected then ZAP will automatically download new ZAP releases when they are available and prompt you to install them. -### Automatically install updates to the add-ons you have installed +### Automatically install updates to the add-ons you have installed. If selected then ZAP will automatically download and install any updates to the add-ons you have installed. -### Automatically install updates to the scanner rules you have installed +### Automatically install updates to the scan rules you have installed. -If selected then ZAP will automatically download and install any updates to the scanner rules you have installed. +If selected then ZAP will automatically download and install any updates to the scan rules you have installed. These are a subset of the full set of add-ons installed. -### Report new release status add-ons +### Report new Release status add-ons. If selected then ZAP will inform you if and when any add-ons are promoted to 'release' status. These add-ons will have been thoroughly tested and reviewed, and you can be sure they are of the highest status. -### Report new beta status add-ons +### Report new Beta status add-ons. If selected then ZAP will inform you if and when any add-ons are promoted to 'beta' status. These add-ons will have been tested and reviewed, and are considered to be of a reasonable status and mostly fit for purpose. However they may be incomplete or need further testing. Some of the add-ons included with ZAP by default are still at the beta level. -### Report new alpha status add-ons +### Report new Alpha status add-ons. If selected then ZAP will inform you if and when any new add-ons are added at 'alpha' status. These add-ons will have been reviewed but they are typically at an early stage of development. diff --git a/site/content/docs/desktop/ui/dialogs/options/httpsessions.md b/site/content/docs/desktop/ui/dialogs/options/httpsessions.md index 01c820ef7..ab1103732 100644 --- a/site/content/docs/desktop/ui/dialogs/options/httpsessions.md +++ b/site/content/docs/desktop/ui/dialogs/options/httpsessions.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options HTTP Sessions screen type: userguide -weight: 12 +weight: 11 --- # Options HTTP Sessions screen diff --git a/site/content/docs/desktop/ui/dialogs/options/jvm.md b/site/content/docs/desktop/ui/dialogs/options/jvm.md index 6e91fe4f5..c768463c0 100644 --- a/site/content/docs/desktop/ui/dialogs/options/jvm.md +++ b/site/content/docs/desktop/ui/dialogs/options/jvm.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options JVM screen type: userguide -weight: 13 +weight: 12 --- # Options JVM screen diff --git a/site/content/docs/desktop/ui/dialogs/options/keyboard.md b/site/content/docs/desktop/ui/dialogs/options/keyboard.md index 0f51b96f8..5cc5abfa8 100644 --- a/site/content/docs/desktop/ui/dialogs/options/keyboard.md +++ b/site/content/docs/desktop/ui/dialogs/options/keyboard.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Keyboard screen type: userguide -weight: 14 +weight: 13 --- # Options Keyboard screen diff --git a/site/content/docs/desktop/ui/dialogs/options/language.md b/site/content/docs/desktop/ui/dialogs/options/language.md index dd9831bb1..802c4371d 100644 --- a/site/content/docs/desktop/ui/dialogs/options/language.md +++ b/site/content/docs/desktop/ui/dialogs/options/language.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options language screen type: userguide -weight: 15 +weight: 14 --- # Options language screen diff --git a/site/content/docs/desktop/ui/dialogs/options/pscan.md b/site/content/docs/desktop/ui/dialogs/options/pscan.md index 28f2de1b3..f7b388266 100644 --- a/site/content/docs/desktop/ui/dialogs/options/pscan.md +++ b/site/content/docs/desktop/ui/dialogs/options/pscan.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Passive Scan Tags screen type: userguide -weight: 17 +weight: 16 --- # Options Passive Scan Tags screen diff --git a/site/content/docs/desktop/ui/dialogs/options/pscanner.md b/site/content/docs/desktop/ui/dialogs/options/pscanner.md index cd4c2fe6a..897d20283 100644 --- a/site/content/docs/desktop/ui/dialogs/options/pscanner.md +++ b/site/content/docs/desktop/ui/dialogs/options/pscanner.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Passive Scanner Screen type: userguide -weight: 18 +weight: 17 --- # Options Passive Scanner screen diff --git a/site/content/docs/desktop/ui/dialogs/options/pscanrules.md b/site/content/docs/desktop/ui/dialogs/options/pscanrules.md index 701d62275..33b4825a4 100644 --- a/site/content/docs/desktop/ui/dialogs/options/pscanrules.md +++ b/site/content/docs/desktop/ui/dialogs/options/pscanrules.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Passive Scan Rules Screen type: userguide -weight: 16 +weight: 15 --- # Options Passive Scan Rules Screen diff --git a/site/content/docs/desktop/ui/dialogs/options/ruleconfig.md b/site/content/docs/desktop/ui/dialogs/options/ruleconfig.md index 01d13da2b..7212ca54b 100644 --- a/site/content/docs/desktop/ui/dialogs/options/ruleconfig.md +++ b/site/content/docs/desktop/ui/dialogs/options/ruleconfig.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Rule Configuration screen type: userguide -weight: 19 +weight: 18 --- # Options Rule Configuration screen diff --git a/site/content/docs/desktop/ui/dialogs/options/script.md b/site/content/docs/desktop/ui/dialogs/options/script.md index ea6b94f3d..a9c9ff355 100644 --- a/site/content/docs/desktop/ui/dialogs/options/script.md +++ b/site/content/docs/desktop/ui/dialogs/options/script.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Scripts screen type: userguide -weight: 20 +weight: 19 --- # Options Scripts screen diff --git a/site/content/docs/desktop/ui/dialogs/options/search.md b/site/content/docs/desktop/ui/dialogs/options/search.md index e51b956f9..f2b6081cf 100644 --- a/site/content/docs/desktop/ui/dialogs/options/search.md +++ b/site/content/docs/desktop/ui/dialogs/options/search.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Search screen type: userguide -weight: 21 +weight: 20 --- # Options Search screen diff --git a/site/content/docs/desktop/ui/dialogs/options/stats.md b/site/content/docs/desktop/ui/dialogs/options/stats.md index 13f97e1d6..48719bee0 100644 --- a/site/content/docs/desktop/ui/dialogs/options/stats.md +++ b/site/content/docs/desktop/ui/dialogs/options/stats.md @@ -2,7 +2,7 @@ # This page was generated from the add-on. title: Options Statistics screen type: userguide -weight: 22 +weight: 21 --- # Options Statistics screen diff --git a/site/content/docs/desktop/ui/dialogs/session/contexts.md b/site/content/docs/desktop/ui/dialogs/session/contexts.md index 526fc32ea..e0fcc8491 100644 --- a/site/content/docs/desktop/ui/dialogs/session/contexts.md +++ b/site/content/docs/desktop/ui/dialogs/session/contexts.md @@ -19,7 +19,8 @@ This allows you to set the context name and description. This allows you to manage the URLs which will be included in the context. URLs which dont match any of the regexs will not be included in the context. -**Note:** The regular expressions must match the whole URL. +**Note:** The regular expressions must match the whole URL. +**Note** When testing targets that operate on default ports (80 for http, 443 for https), the colon port portion of the URL should not be included. Including that portion (for example: http://example.com:80) may result in an inability to crawl or test the target. If a 'default' port is specified both browsers and ZAP treat it without the default port being included then it doesn't match the expectation within the Context and there's nothing to interact with as part of the Context. ### Exclude from Context diff --git a/site/content/docs/desktop/ui/tabs/history.md b/site/content/docs/desktop/ui/tabs/history.md index a5ea59eab..2aea2872b 100644 --- a/site/content/docs/desktop/ui/tabs/history.md +++ b/site/content/docs/desktop/ui/tabs/history.md @@ -102,6 +102,10 @@ The nodes can be included again via the [Session Properties](/docs/desktop/ui/di This will bring up the [Manage History Tags dialog](/docs/desktop/ui/dialogs/managetags/) which allows you to change the [tags](/docs/desktop/start/features/tags/) associated with the request. +### Jump to History ID... + +This will bring up a dialog prompting for the ID (number) of a history entry you wish to jump to. If the entered ID value is not a visible history item then the nearest ID above the entry will be displayed, if it is beyond the end of the list then the last item in the table will be displayed. Also accessible via CTRL + ALT + J. + ### Note... This will bring up the [Add Note dialog](/docs/desktop/ui/dialogs/addnote/) which allows you to record [notes](/docs/desktop/start/features/notes/) related to the request. diff --git a/site/content/docs/desktop/ui/tlmenu/help.md b/site/content/docs/desktop/ui/tlmenu/help.md index 32ffc5788..9d41b7636 100644 --- a/site/content/docs/desktop/ui/tlmenu/help.md +++ b/site/content/docs/desktop/ui/tlmenu/help.md @@ -18,7 +18,7 @@ Displays a dialog that contains information which is useful when troubleshooting Version, installed add-ons and versions, operating system, java version, locale info, and ZAP Home Directory path. This information can be copied and pasted. The dialog includes an "Open" button, which assuming the OS supports the necessary functionality, will open the ZAP Home Directory (for logs or configuration files) when clicked. -### Check For Updates... +### Check for Updates... This checks to see if you are running the latest version of ZAP. diff --git a/site/content/docs/desktop/ui/tltoolbar.md b/site/content/docs/desktop/ui/tltoolbar.md index 7d7783d10..32da83619 100644 --- a/site/content/docs/desktop/ui/tltoolbar.md +++ b/site/content/docs/desktop/ui/tltoolbar.md @@ -49,7 +49,7 @@ This button reveals all of the hidden tabs. This button hides all of the tabs that are 'unpinned'. Tabs can be pinned and unpinned via the small 'pin' icon that is shown when the tab is selected. -## ![](/docs/desktop/images/ui_tab_text.png) Show tab names and icons +## ![](/docs/desktop/images/ui_tab_text.png) Show Tab Names and Icons This button toggles the displaying of the tab names. @@ -68,34 +68,34 @@ This will reduce the amount of space available to the 'tree' window. This changes the display so that the selected tab takes up the full screen. This is useful when using ZAP on small screens. -## ![](/docs/desktop/images/layout_tabbed.png) Request and Response tabs side by side +## ![](/docs/desktop/images/layout_tabbed.png) Request and Response Tabs Side by Side This changes the display so that the request and response tabs are side by side. This increases the information that can be displayed but means you cannot see both the request and response at the same time. -## ![](/docs/desktop/images/layout_tabbed_split.png) Request and Response panels side by side in the same tab +## ![](/docs/desktop/images/layout_tabbed_split.png) Request and Response Panels Side by Side in the Same Tab This changes the display so that the request and response panels are shown side by side in the same tab. This decreases the information that can be displayed but means you can see both the request and response at the same time. -## ![](/docs/desktop/images/layout_vertical_split.png) Request shown above Response +## ![](/docs/desktop/images/layout_vertical_split.png) Request Shown above Response This changes the display so that the request panel is shown above the response panel. This decreases the information that can be displayed but means you can see both the request and response at the same time. -## ![](/docs/desktop/images/layout_horizontal_split.png) Request and Response panels side by side +## ![](/docs/desktop/images/layout_horizontal_split.png) Request and Response Panels Side by Side This changes the display so that the request panel is shown to the left of the response panel. This decreases the information that can be displayed but means you can see both the request and response at the same time. -## ![](/docs/desktop/images/16/152.png) / ![](/docs/desktop/images/16/151.png) Set / Unset break on all requests and responses +## ![](/docs/desktop/images/16/152.png) / ![](/docs/desktop/images/16/151.png) Set / Unset Break on All Requests and Responses This sets and unsets a 'global' [breakpoint](/docs/desktop/start/features/breakpoints/) that will trap and display the next request or response in the [Break tab](/docs/desktop/ui/tabs/break/). You can then change any part of the request or response that you want to and send it to the target application by pressing either of the 'Step' or 'Continue' buttons. Alternatively you can press the 'Drop' button to dispose of the request or response. You can switch between a single 'combined' break button and separates ones for requests and responses via the [Options breakpoints screen](/docs/desktop/ui/dialogs/options/breakpoints/) -## ![](/docs/desktop/images/16/105.png) / ![](/docs/desktop/images/16/105r.png) Set / Unset break on all requests +## ![](/docs/desktop/images/16/105.png) / ![](/docs/desktop/images/16/105r.png) Set / Unset Break on All Requests This sets and unsets a 'global' [breakpoint](/docs/desktop/start/features/breakpoints/) that will trap and display the next request in the [Break tab](/docs/desktop/ui/tabs/break/). You can then change any part of the request that you want to and send it to the target application by pressing either of the 'Step' or 'Continue' buttons. diff --git a/site/data/addons.yaml b/site/data/addons.yaml index add60dd7c..3e598bef0 100644 --- a/site/data/addons.yaml +++ b/site/data/addons.yaml @@ -427,9 +427,9 @@ status: release infoUrl: /docs/desktop/ repoUrl: https://github.com/zaproxy/zap-core-help/ - downloadUrl: https://github.com/zaproxy/zap-core-help/releases/download/help-v15/help-release-15.zap - date: 2022-10-27 - version: 15 + downloadUrl: https://github.com/zaproxy/zap-core-help/releases/download/help-v16/help-release-16.zap + date: 2023-07-11 + version: 16 - id: help_ar_SA name: Help - Arabic description: Arabic version of the ZAP help file.