0

When generating a context file using OWASP Zap's Desktop UI (for Windows), I noticed a parameter from the UI missing in the exported context file. Is the full XML schema of the context file documented somewhere so we can add elements in manually?

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
    <context>
        <name>Default Context</name>
        <desc/>
        <inscope>true</inscope>
        <incregexes>https://mysite</incregexes>
        <incregexes>https://mysite/.*</incregexes>
        <tech>
            <include>Db</include>
            <include>Db.CouchDB</include>
            <include>Db.Firebird</include>
            <include>Db.HypersonicSQL</include>
            <include>Db.IBM DB2</include>
            ...
Lee
  • 922
  • 2
  • 11
  • 19
  • 1
    It isn't documented. Also add-ons etc could inject their own elements which would make documenting it essentially impossible. What is it you feel is/was missing? – kingthorin Mar 24 '23 at 14:45
  • We wanted to add an anti-CSRF token, and did so in the UI, but it didn’t make it into the context file for some reason… – Lee Mar 25 '23 at 17:56
  • 1
    CSRF tokens aren't defined in the context, they're defined in ZAP's options. – kingthorin Mar 26 '23 at 11:17
  • 1. That sounds like an answer. 2. If they're not included in the context, how can we include CSRF tokens when running via the command line? – Lee Mar 27 '23 at 12:50

0 Answers0