0

I'd like to know how to exclude certain responses from the alert tab? If there is a way. Can't find any.

For example if the response page reports "character to number conversion error" I'd like to tell the zap attack proxy that this ain't a vulnerability but a correct response and therefore it shall not appear in the alert tab.

Michael Hausegger
  • 35
  • 1
  • 6
  • I simply want to exclude certain HTTP/HTML responses from appearing in the alert tab because there are so many incorrect alerts that are always the same (for example contain the string "character to number conversion"). Basically my question is how to filter responses in the zap attack proxy before they appear in the alert tab. I did not find anything regarding this in the the documentation or the wicki. That's why I ask here. – Michael Hausegger Jul 15 '14 at 17:56
  • Thank you for your efforts! But there is no error message. I want to know if there is a way to achieve the above mentioned using the OWASP Zap attack proxy. – Michael Hausegger Jul 15 '14 at 18:05
  • I see I've been mistaken. Forgive me for that. – Félix Adriyel Gagnon-Grenier Jul 16 '14 at 13:43

1 Answers1

2

Double click the alert, and then change the "Confidence" to "False positive", it will stay in the Alerts tab but not be included in reports. Or you can right click the alert and "Delete" it, but it can then be raised again by the active or passive scanner. That why we have the "False positive" setting. FYI we have a ZAP Users group which is probably more suitable for questions like this (as Stackoverflow is a general forum): http://groups.google.com/group/zaproxy-users That linked off the ZAP "Online / ZAP User Group" menu item, which is apparently invisible as no one seems to spot it ;)

Simon (ZAP Project lead)

Simon Bennetts
  • 5,479
  • 1
  • 14
  • 26