-
-
Notifications
You must be signed in to change notification settings - Fork 136
HelpStartConceptsModes
psiinon edited this page Jun 3, 2016
·
4 revisions
ZAP has a 'mode' which can be:
- Safe - no potentially dangerous operations permitted
- Protected - you can only perform (potentially) dangerous actions on URLs in the Scope
- Standard - as in previous releases, you can do anything
- ATTACK - new nodes that are in Scope are actively scanned as soon as they are discovered
It is recommended that you use the Protected mode to ensure that you only attack sites that you mean to.
The mode can be changed via the toolbar (or the ZAP API) and is persisted between sessions.
Examples of the things that will not be possible in either Safe mode or in Protected mode when not acting on URLs in the Scope:
- Spidering
- Active Scanning
- Fuzzing
- Force Browsing
- Breaking (intercepting)
- Resending requests
You can define the Scan Policy to be used for the Attack mode the Options Active Scan screen.
UI Overview | for an overview of the user interface | |
Features | provided by ZAP |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits