Sites tab

The Sites tab shows all of the URLs visited in a tree structure.
You can select any of the nodes in the tree to display the request and response for that URL in the relevant tabs.

Right click menu

Right clicking on a node will bring up a menu which will allow you to:

Attack

The Attack menu has the following submenus:

Active Scan Site

This will initiate an active scan of the whole of the site containing the selected node.
The Active Scan tab will be display and will show the progress of the scan.

Active Scan Node

This will initiate an active scan of just the node selected.
The Active Scan tab will be display and will show the progress of the scan.

Spider Site

This will initiate a spider of the whole of the site containing the selected node.
The Spider tab will be display and will show the progress of the scan.

Brute Force Site

This will initiate a brute force of the whole of the site containing the selected node.
The Brute Force tab will be display and will show the progress of the scan.

Port Scan host

This will initiate a port scan of the host for the selected node.
The Port Scan tab will be display and will show the progress of the scan.

Exclude from

This menu has the following submenus:

Proxy

This will exclude the selected nodes from the proxy. They will still be proxied via ZAP but will not be shown in any of the tabs.
This can be used to ignore URLs that you know are not relevant to the system you are currently testing.
The nodes can be included again via the Session Properties dialog

Scanner

This will prevent the selected nodes from being actively scanned.
The nodes can be included again via the Session Properties dialog

Spider

This will prevent the selected nodes from being spidered.
The nodes can be included again via the Session Properties dialog

Run application

This menu allows you to invoke applications that you have configured via the Options Applications screen which is also accessible via the 'Configure applications...' submenu.

Delete

This will remove the node and all of its children from ZAP.
However they can be added back in, to prevent this use the 'Exclude from' menus.

Break...

This will bring up a new window which will allow you to set a break point on that URL.
The break point is defined via a regular expression. If you visit a URL which matches this expression then ZAP will intercept it and allow you to change either the request and/or the response.

Resend...

This will bring up the Resend dialog which allows you to resend the request after making any changes to it that you want to.

New Alert...

This will bring up the Add Alert dialog which allows you to manually record a new alert against this request.

Show in History tab

This will show the selected node in the History tab.

Open URL in Browser

This will open the URL of the selected node in your default browser.

Refresh Sites tree

Occasionally the Sites tree can be displayed incorrectly - this option will redraw it.

See also

     UI Overviewfor an overview of the user interface