Skip to content

v10
Compare
Choose a tag to compare
@zapbot zapbot released this 11 Jun 18:10
· 267 commits to main since this release
v10
4311539
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • standalone/load_context_from_burp -> import context from burp config file
  • Passive scan script for finding potential s3 Bucket URLs
  • payloadprocessor/to-hex.js > string to hex payload script.
  • selenium and session scripts.
  • httpfuzzerprocessor/random_x_forwarded_for_ip.js > Set 'X-Forwarded-For' to a random IP value.
  • httpfuzzerprocessor/randomUserAgent.js > Set 'User-Agent' to a random user-agent.
  • Add the following Payload Processor scripts ported from SQLMap:
    • apostrophemask
    • apostrophenullencode
    • chardoubleencode
    • charencode
    • charunicodeencode
    • equaltolike
    • lowercase
    • percentage
    • randomcase
    • space2comments
  • Add Google API keys finder script

Changed

  • Update minimum ZAP version to 2.10.0.
  • Rename reliability to confidence.
  • standalone/enableDebugLogging.js > use new Log4j 2 APIs.
  • standalone/window_creation_template.js > no longer extend AbstractFrame.
  • httpsender/Alert on HTTP Response Code Errors.js and Alert on Unexpected Content Types.js:
    • Check if messages being analyzed are globally excluded or not;
    • Ignore check for update messages;
    • Include more expected content types.
  • httpsender/aws-signing-for-owasp-zap.py > read AWS environment variables for default values.
  • active/TestInsecureHTTPVerbs.py and passive/HUNT.py > correct links to OWASP site.

Removed

  • standalone/loadListInGlobalVariable.js > superseded by core functionality, ScriptVars.setGlobalCustomVar(...) and getGlobalCustomVar(...).

Fixed

  • extender/HTTP Message Logger.js > fix typo in Integer constant.
Assets 3
Loading