https://wiki.owasp.org/index.php?action=history&feed=atom&title=Projects%2FOWASP_Zed_Attack_Proxy_Project%2FReleases%2FZAP_1.3.0%2FNotesProjects/OWASP Zed Attack Proxy Project/Releases/ZAP 1.3.0/Notes - Revision history2026-04-06T05:13:43ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Projects/OWASP_Zed_Attack_Proxy_Project/Releases/ZAP_1.3.0/Notes&diff=112186&oldid=prevAxel Neumann: Created page with "The following changes were made in this release: == Significant changes: == '''Fuzzing''' Strings in a response can now be fuzzed to try to find vulnerabilities. Anti CRSF to..."2011-06-15T15:42:19Z<p>Created page with "The following changes were made in this release: == Significant changes: == '''Fuzzing''' Strings in a response can now be fuzzed to try to find vulnerabilities. Anti CRSF to..."</p>
<p><b>New page</b></p><div>The following changes were made in this release: <br />
<br />
== Significant changes: ==<br />
<br />
'''Fuzzing'''<br />
<br />
Strings in a response can now be fuzzed to try to find vulnerabilities.<br />
Anti CRSF tokens can be detected and automatically regenerated when fuzzing.<br />
This functionality is based on code from the OWASP JBroFuzz project.<br />
<br />
'''Dynamic SSL certificates'''<br />
<br />
The support for SSL connections was improved and simplified.<br />
User's can now create their own root certificate and distribute this into their HTTP clients.<br />
<br />
'''Daemon mode and API'''<br />
<br />
Starting ZAP with the "-daemon" command line option will cause it to run in the background in 'headless' mode, <br />
meaning that no UI is displayed.<br />
<br />
An initial API has been implemented in XML, JSON and HTML.<br />
<br />
If ZAP is running as a daemon then the API is automatically enabled, otherwise the API must be enabled via the Options API screen.<br><br />
The API can be navigated by opening http://zap/ in your browser when proxying via ZAP. <br />
<br />
'''Beanshell integration'''<br />
<br />
The BeanShell is an interactive Java shell that can be used to execute BeanShell scripts. These scripts are a simplified form of Java that use many elements from Java syntax, but in a simpler scripting format. All Java code is also valid BeanShell code. BeanShell integration in OWASP ZAP enables you to write scripts using the ZAP functions and data set. This can be a very powerful feature for analyzing web applications.<br />
<br />
<br />
'''Full internationalisation'''<br />
<br />
All display string are now fully internationalised.<br />
<br />
'''Localisation'''<br />
<br />
Out of the box support for the following languages:<br />
* English<br />
* Brazilian Portuguese<br />
* Chinese<br />
* French<br />
* German<br />
* Greek<br />
* Indonesian<br />
* Japanese<br />
* Polish<br />
* Spanish<br />
<br />
<br />
== Minor changes: ==<br />
<br />
'''Hex view'''<br />
<br />
The Request and Response tabs now provide a 'Hex View' option which will display the request and response bodies in hex format. <br />
<br />
'''Search results'''<br />
<br />
The Search tab now displays all instances of a string found rather than just the first instance in each request or response. <br />
<br />
'''Exclude URLs'''<br />
<br />
URLs can be explicitly excluded from the active scanner, spider and from the proxy.<br />
<br />
'''Copy support'''<br />
<br />
Most of the panels now provide a 'right click' 'Copy' menu option, including the Port Scan and Brute Force panels.<br />
<br />
'''Undo/Redo support'''<br />
<br />
All of the input fields now support Undo/Redo actions using the operating systems default Undo/Redo accelerators:<br />
* Windows/Linux: Ctrl+Z / Ctrl+Y<br />
* Mac OS X: Cmd+Z / Cmd+Shift+Z<br />
<br />
'''Port scanner proxy support and timeout option'''<br />
<br />
The Port Scanner can now use the outgoing proxy (if configured) and the timeout in milliseconds can also now be set.<br />
<br />
'''Request and response break buttons'''<br />
<br />
There are now 2 'Set Break' buttons to allow breaks to be set on all requests and all responses independently. <br />
<br />
'''Expand Sites and Information tab buttons'''<br />
<br />
There are now 2 buttons which allow you to switch between having the Sites and Information tabs expanded.<br />
<br />
'''Break tab icon changes colour when break point hit'''<br />
<br />
While the Break tab is not in use its icon is a grey cross.<br />
When a break point is hit the tab icon is changed to a red cross.<br />
<br />
'''Adjustable timeout'''<br />
<br />
The Option: Connection screen allows you to set the timeout in seconds<br />
to make it easier to test slow applications.<br />
<br />
'''Library updates'''<br />
<br />
Most of the libraries used by ZAP have been updated to the latest versions.<br />
<br />
'''A new icon :)'''<br />
<br />
Thanks to Simon Egli and all others for submitting cool icon suggestions.<br />
<br />
== Known Issues: ==<br />
<br />
'''Mac OS X: Dynamic SSL and Google Chrome'''<br />
<br />
Currently Dynamic SSL is not working when using Google Chrome. This is because of an unresolved known issue with Google Chrome and Mac OS X Keychain. When importing OWASP ZAP's Root CA into the keychain and requesting a SSL website, an "Invalid certificate" error message is shown.</div>Axel Neumann