HelpUiDialogsOptionsAscaninput
This screen allows you to configure the active scan input vectors. These are the elements that the active scanner will attack. Scanning all of the elements supported will take longer, but not scanning some elements may cause some vulnerabilities to be missed.
The request element that the active scanner will target:
| URL Query String | Key value pairs in the request URL query, ie after the '?' | |
| POST Data | Key value pairs in the request POST data | |
| URL Path | Path elements in the request URL, ie the elements separated by '/' | |
| HTTP Headers | Request HTTP Headers | |
| Cookie data | Request cookies |
The data formats that the active scanner will target:
| Multipart Form Data | ||
| XML tag/attribute | ||
| JSON | ||
| Google Web Toolkit | ||
| OData id/filter |
If this option is selected then the active scanner will use any enabled script input vectors. Script input vectors are scripts which you have written or imported into ZAP and allow you to target elements which are not supported by default.
This screen also allows you to configure the parameters which will be ignored by the active scanner.
| UI Overview | for an overview of the user interface | |
| Options dialogs | for details of the other Options dialog screens | |
| Active Scan Input Vectors |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
