The sites tab contains two trees, one for Contexts and the other for the Sites Tree.
Shows the contexts contained in the current session. It allows to quickly access its properties by double clicking them and provides access to other functionality through the component’s context menu.
Right clicking on a context will bring up a menu which will allow you to:
This will launch the Active Scan dialog which allows you to initiate an active scan with the starting point set to the context you selected.
This will launch the Spider dialog which allows you to initiate the spider with the starting point set to the context you selected.
Allows to add or remove the selected context from the scope.
Allows to delete the selected context.
Allows to export the selected context.
Allows to export the URLs of the selected context.
Shows all of the URLs visited in a tree structure.
You can select any of the nodes in the tree to display the request and response for that URL in the relevant tabs.
Right clicking on a node will bring up a menu which will allow you to:
The Attack menu has the following submenus:
This will launch the Active Scan dialog which allows you to initiate an active scan with the starting point set to the request you selected.
This will launch the Spider dialog which allows you to initiate the spider with the starting point set to the request you selected.
This menu allows you to include the selected nodes and all of their subordinates in the specified context.
You also have the option to create a new context.
The Session Contexts dialog will be displayed to allow you to make any additional changes.
This menu allows you to exclude the selected nodes and all of their subordinates from the specified context.
The Session Contexts dialog will be displayed to allow you to make any additional changes.
This menu has the following submenus for each of the contexts you have defined:
This identifies the specified node as a login request for the specified context.
You may only have one node identified as such in any one context.
The Session Context Authentication screen will be displayed to allow you to make any additional changes.
This identifies the specified node as a login request for the specified context.
You may only have one node identified as such in any one context.
The Session Context Authentication screen will be displayed to allow you to make any additional changes.
This identifies the specified node as Data driven content for the specified context.
The Session Context Structure screen will be displayed to allow you to make any additional changes.
This menu has the following submenus:
This will exclude the selected nodes from the proxy. They will still be proxied via ZAP but will not be shown in any of the tabs.
This can be used to ignore URLs that you know are not relevant to the system you are currently testing.
The nodes can be included again via the Session Properties dialog
This will prevent the selected nodes from being actively scanned.
The nodes can be included again via the Session Properties dialog
This will prevent the selected nodes from being spidered.
The nodes can be included again via the Session Properties dialog
This will remove the node and all of its children from ZAP.
However they can be added back in, to prevent this use the ‘Exclude from’ menus.
This will bring up a new window which will allow you to set a breakpoint on that URL.
The breakpoint is defined via a regular expression. If you visit a URL which matches this expression then ZAP will intercept it and allow you to change either the request or the response.
If the URL selected has alerts associated with it then they will be listed under this menu.
Selecting one of the alerts will cause it to be displayed.
This will bring up the Add Alert dialog which allows you to manually record a new alert against this request.
This will show the selected node in the History tab.
This will open the URL of the selected node in your default browser.
This will open a URL which will give you a generated form for testing for CSRF issues.
It will only be enabled for POST requests, if the API is enabled and if Java supports the opening of URLs in a browser on your platform.
Occasionally the Sites tree can be displayed incorrectly - this option will redraw it.
UI Overview | for an overview of the user interface |