Session Contexts dialogs
These screens allows you manage contexts.
There is a set of screens for each context you define.
Top screen
This allows you to set the context name and description.
Include in context
This allows you to manage the URLs which will be included in the context.
URLs which dont match any of the regexs will not be included in the context.
Exclude from context
This allows you to manage the URLs which will be excluded from the context.
You only need to specify regexs for URLs that you do not want to include but which match one or more
of the 'include' regexes.
Technology
This allows you to specify the technologies used in the context, if known.
By default all technologies are included.
If you exclude technologies that you know are not used then this may speed up
active scanning as rules specific to the excluded
technologies can be skipped.
Authentication
This allows you to manage the authentication related properties for this context.
URL regexs
In the Include in * and Exclude from * dialogs, you can enter regular expressions to define excluded URLs.
While you can escape a single meta-character with a backslash, you can also use the \Q...\E escape sequence. All the characters between the \Q and the \E are interpreted as literal characters. E.g. \Q*\d+*\E matches the literal text *\d+*.
This escape sequence is used in ZAP when you exclude URLs via some context menus.
Note: If your URL contains a "\E", then you have to do the following steps when using the \Q...\E escape sequence:
- Open the escape sequence
- Close the escape sequence before the "character" \E
- Escape the backslash
- Open after the "\E" another escape sequence;
- Close the escape sequence as normally would.
Example: https://subdomain.example.com/path?a=\E&moredata=2 should appear as
\Qhttps://subdomain.example.com/path?a=\E\\E\Q&moredata=2\E
Accessed via
See also
|
UI Overview | for an overview of the user interface |
|
Dialogs | for details of the dialogs or popups |