Advanced Active Scan dialog
This provides fine grain control over the active scanning process, allowing you to target exactly what you want.
Scope
The first tab allows you to select or change the starting point.
If the starting point is in one or more Contexts then you will be able to choose one of them.
If that context has any Users defined then you will be able to select one of them.
If you select one of the users then the active scan will be performed as that user, with ZAP (re)authenticating as that user whenever necessary.
If you select 'recurse' then all of the nodes underneath the one selected will also be scanned.
Custom input vectors are only supported if this option is not selected.
If you select 'In scope' then only URLs in Scope will be attacked.
Input Vectors
The Input Vectors tab allows you override the default input vectors which are defined in the
Options Active Scan Input Vectors screen.
Clicking on the 'Reset' button will reset the input vectors to the default options.
Custom Vectors
The Custom Vectors tab allows you specify specific locations in the request to attack.
Custom Vectors are only available if the 'recurse' option on the first tab is not selected.
To add custom input vectors highlight the characters you want to attack in the request and lick the 'Add' button.
You can add as many custom input vectors as you want.
To remove custom input vectors highlight any of the selected characters and click the 'Remove' button.
Checking the 'Disable non custom input vectors' box disables all of the input vectors except those you manually define on this tab.
PolĂtica
The Policy tab allows you override the default scan policy defined in the
Scan Policy dialog.
Clicking on the 'Reset' button will reset the input vectors to the default options.
Accessed via
See also
|
UI Overview | for an overview of the user interface |
|
Dialogs | for details of the dialogs or popups |