Zap-Hud – The OWASP ZAP Heads Up Display (HUD)

The HUD is new interface that supplies the operation of ZAP instantly in the browser.

Discover far more:

• Site: Hacking with a Heads Up Display screen
• Movie: The OWASP ZAP HUD – Usable Security Tooling
• Wiki: Inside of the HUD

Employing the HUD

Downloading

You can try out ZAP enabled with the HUD via any of:

• Down load and operate the hottest ZAP Launch

or

• Run it from this repo employing:

  git clone https://github.com/zaproxy/zap-hud.git
  cd zap-hud
  ./gradlew runZap
  

In all instances you will need Java 8+ set up.

You will see the HUD Radar icon in the tool bar. When the icon is picked the HUD will be additional to your browser.

Beginning the HUD

1. Rapid Start: Find both Firefox or Chrome on the Swift Begin tab and click on on the Start Browser button.

2. Manually: You can also configure Firefox or Chrome to proxy by way of ZAP manually, but you will will need to import the ZAP Root CA Certification.

The first time the HUD is introduced you will be prompted with the HUD Tutorial. We suggest that you follow the tutorial even if you have go through the above site put up and viewed the movie.

Obtaining Included

ZAP is a local community challenge and so we are constantly pretty keen to listen to from any person who’d like to contribute, just write-up to the ZAP HUD Group

We’d also really like to listen to some suggestions, which you can also give by way of that team.

Restrictions

This is nevertheless early days and there are some recognised issues and restrictions with the recent launch. Progress on the HUD is quite active and we advise you check out in typically for new options and advancements. 🙂

You really should NOT use it on websites you do not have confidence in! Nevertheless it is in scope for the ZAP bug bounty on BugCrowd

Restrictions though operating:

• Only a limited amount of money of ZAP operation is readily available
• Firefox has been tested a lot more than Chrome, but both equally must work (JxBrowser, will not currently do the job)
• The code to aid the HUD in several browser tabs is quite new so might be buggy
  • In individual will not shut the initial tab on Firefox or the HUD will quit performing (odd, we know. See #199 for particulars)
• Using the HUD with browser dev equipment open can noticeably impact performance
• Conduct using the browser back again button is presently undefined

Troubles and todos in code:

• We are working with Vue.js in dev manner, which helps prevent us from applying a suitably strong CSP
• JavaScript code even now requirements to be formatted and linted
• Documentation could, of course, be better
• Async functions are dealt with as by using Guarantees as opposed to working with ‘await’ pattern

These lists usually are not exhaustive, but do highlight some of the much larger restrictions.

Impression and Short article Supply hyperlink

Go through Far more on Pentesting Applications