Zap-Hud - The OWASP ZAP Heads Up Display (HUD)
2020-10-21 05:30:00 Author: www.blogger.com(查看原文) 阅读量:158 收藏
tag:blogger.com,1999:blog-8317222231133660547.post-83086627764551509412020-10-20T17:30:00.001-03:002020-10-20T17:30:10.249-03:00Zap-Hud - The OWASP ZAP Heads Up Display (HUD)<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-2LEo2vJikUI/X40Qn9pdcxI/AAAAAAAAUF0/bxx1AA12vk0OtySziIB-Vp2V5SGTgRO9wCNcBGAsYHQ/s1200/zap-hud_6_ZAP-HUD-Welcome-banner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="1200" height="214" src="https://1.bp.blogspot.com/-2LEo2vJikUI/X40Qn9pdcxI/AAAAAAAAUF0/bxx1AA12vk0OtySziIB-Vp2V5SGTgRO9wCNcBGAsYHQ/w640-h214/zap-hud_6_ZAP-HUD-Welcome-banner.png" width="640" /></a></div><p><br /></p> <p>The HUD is new interface that provides the functionality of ZAP <strong>directly in the browser</strong>.</p> <p>Learn more:</p> <ul> <li>Blog: <a href="https://segment.com/blog/hacking-with-a-heads-up-display/" rel="nofollow" target="_blank" title="Hacking with a Heads Up Display">Hacking with a Heads Up Display</a></li> <li>Video: <a href="https://youtu.be/ztfgip-UhWw" rel="nofollow" target="_blank" title="The">The </a><a href="https://www.kitploit.com/search/label/OWASP" target="_blank" title="OWASP">OWASP</a> ZAP HUD - Usable Security Tooling</li> <li>Wiki: <a href="https://github.com/zaproxy/zap-hud/wiki" rel="nofollow" target="_blank" title="Inside the HUD">Inside the HUD</a></li> </ul> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-lKIPH7bMdxU/X40Q8bMLnBI/AAAAAAAAUF8/Y-v9X7oGl6MvBmavZLrytdeFPQBhmxLKQCNcBGAsYHQ/s600/hud-break.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="338" data-original-width="600" height="360" src="https://1.bp.blogspot.com/-lKIPH7bMdxU/X40Q8bMLnBI/AAAAAAAAUF8/Y-v9X7oGl6MvBmavZLrytdeFPQBhmxLKQCNcBGAsYHQ/w640-h360/hud-break.gif" width="640" /></a></div><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Using the HUD</b></span><br /> <br /><b>Downloading</b><br /> <p>You can try out ZAP enabled with the HUD via any of:</p> <ul> <li>Download and run the latest <a href="https://www.zaproxy.org/download/" rel="nofollow" target="_blank" title="ZAP Release">ZAP Release</a></li> </ul> <p>or</p> <ul> <li>Run it from this repo using: <pre><code>git clone https://github.com/zaproxy/zap-hud.git<br />cd zap-hud<br />./gradlew runZap<br /></code></pre> </li> </ul> <p>In all cases you will need Java 8+ installed.</p> <p>You'll see the HUD Radar icon&nbsp;in the tool bar. When the icon is selected the HUD will be added to your browser.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ohegKbxxKuA/X40RG3ZptZI/AAAAAAAAUGA/jFTgQRHX01ggfhRMvWHfRGSILrEQdrmUACNcBGAsYHQ/s1530/zap-hud_9_toolbar_radar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="94" data-original-width="1530" height="40" src="https://1.bp.blogspot.com/-ohegKbxxKuA/X40RG3ZptZI/AAAAAAAAUGA/jFTgQRHX01ggfhRMvWHfRGSILrEQdrmUACNcBGAsYHQ/w640-h40/zap-hud_9_toolbar_radar.png" width="640" /></a></div><br /><p></p><b>Starting the HUD</b><br /> <ol> <li>Quick Start: Select either <code>Firefox</code> or <code>Chrome</code> on the <code>Quick Start</code> tab and click on the <code>Launch Browser</code> button.</li> </ol> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-UM1YBJJZjao/X40RPOGAZhI/AAAAAAAAUGI/750gi0CfGhQXGqCYAqFh15U6uCpxE-HhQCNcBGAsYHQ/s384/zap-hud_10_ZAP-Launch-browser.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="34" data-original-width="384" src="https://1.bp.blogspot.com/-UM1YBJJZjao/X40RPOGAZhI/AAAAAAAAUGI/750gi0CfGhQXGqCYAqFh15U6uCpxE-HhQCNcBGAsYHQ/s16000/zap-hud_10_ZAP-Launch-browser.png" /></a></div><p><br /></p> <ol start="2"> <li>Manually: You can also configure <a href="https://www.kitploit.com/search/label/Firefox" target="_blank" title="Firefox">Firefox</a> or <a href="https://www.kitploit.com/search/label/Chrome" target="_blank" title="Chrome">Chrome</a> to proxy via ZAP manually, but you will need to import the ZAP Root CA Certificate.</li> </ol> <p>The first time the HUD is launched you'll be prompted with the HUD Tutorial. We recommend that you follow the tutorial even if you have read the above blog post and watched the video.</p> <br /><span style="font-size: large;"><b>Getting Involved</b></span><br /> <p>ZAP is a community project and so we are always very keen to hear from anyone who'd like to contribute, just post to the <a href="https://groups.google.com/group/zaproxy-hud" rel="nofollow" target="_blank" title="ZAP HUD Group">ZAP HUD Group</a></p> <p>We'd also love to hear some feedback, which you can also give via that group.</p> <br /><span style="font-size: large;"><b>Limitations</b></span><br /> <p>This is still early days and there are some known issues and limitations with the current release. Development on the HUD is very active and we recommend you check in often for new features and improvements. :)</p> <p>You should <strong>NOT</strong> use it on sites you do not trust! However it <strong>is</strong> in scope for the ZAP bug bounty on <a href="https://bugcrowd.com/owaspzap" rel="nofollow" target="_blank" title="BugCrowd">BugCrowd</a></p> <p>Limitations while running:</p> <ul> <li>Only a limited amount of ZAP functionality is available</li> <li>Firefox has been tested more than Chrome, but both should work (JxBrowser, doesn't currently work)</li> <li>The code to support the HUD in multiple browser tabs is <em>very</em> new so might be buggy <ul> <li>In particular don't close the first tab on Firefox or the HUD <em>will</em> stop working (weird, we know. See <a href="https://github.com/zaproxy/zap-hud/issues/199" rel="nofollow" target="_blank" title="#199">#199</a> for details)</li> </ul> </li> <li>Using the HUD with browser dev tools open can significantly affect performance</li> <li>Behaviour using the browser back button is currently undefined</li> </ul> <p>Issues and todos in code:</p> <ul> <li>We're using Vue.js in dev mode, which prevents us from using a suitably strong CSP</li> <li>JavaScript code still needs to be formatted and linted</li> <li>Documentation could, of course, be better</li> <li>Async functions are handled as via Promises as opposed to using 'await' pattern</li> </ul> <p>These lists aren't exhaustive, but do <a href="https://www.kitploit.com/search/label/Highlight" target="_blank" title="highlight">highlight</a> some of the larger restrictions.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/zaproxy/zap-hud" rel="nofollow" target="_blank" title="Download Zap-Hud">Download Zap-Hud</a></span></b></div>Zion3R[email protected]

文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/8308662776455150941
如有侵权请联系:admin#unsafe.sh