captor =
+ ArgumentCaptor.forClass(SessionManagementMethod.class);
+ verify(context).setSessionManagementMethod(captor.capture());
+ HeaderBasedSessionManagementMethod savedMethod =
+ (HeaderBasedSessionManagementMethod) captor.getValue();
+ assertThat(savedMethod.getHeaderConfigs(), hasSize(0));
+ }
}
From 0f3c097a4d99a6da6a4db9b298d98100a9173144 Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Thu, 7 Aug 2025 06:48:44 +0000
Subject: [PATCH 04/94] Update localized resources
Update resources from Crowdin.
Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
.../resources/help_ar_SA/contents/webdriverlinux.html | 2 +-
.../resources/help_az_AZ/contents/webdriverlinux.html | 2 +-
.../resources/help_bs_BA/contents/webdriverlinux.html | 2 +-
.../resources/help_da_DK/contents/webdriverlinux.html | 2 +-
.../resources/help_de_DE/contents/webdriverlinux.html | 2 +-
.../resources/help_el_GR/contents/webdriverlinux.html | 2 +-
.../resources/help_es_ES/contents/webdriverlinux.html | 2 +-
.../resources/help_fa_IR/contents/webdriverlinux.html | 2 +-
.../resources/help_fil_PH/contents/webdriverlinux.html | 2 +-
.../resources/help_fr_FR/contents/webdriverlinux.html | 2 +-
.../resources/help_hi_IN/contents/webdriverlinux.html | 2 +-
.../resources/help_hu_HU/contents/webdriverlinux.html | 2 +-
.../resources/help_id_ID/contents/webdriverlinux.html | 2 +-
.../resources/help_it_IT/contents/webdriverlinux.html | 2 +-
.../resources/help_ja_JP/contents/webdriverlinux.html | 2 +-
.../resources/help_ms_MY/contents/webdriverlinux.html | 2 +-
.../resources/help_pl_PL/contents/webdriverlinux.html | 2 +-
.../resources/help_pt_BR/contents/webdriverlinux.html | 2 +-
.../resources/help_ro_RO/contents/webdriverlinux.html | 2 +-
.../resources/help_ru_RU/contents/webdriverlinux.html | 2 +-
.../resources/help_sr_CS/contents/webdriverlinux.html | 2 +-
.../resources/help_tr_TR/contents/webdriverlinux.html | 2 +-
.../resources/help_ur_PK/contents/webdriverlinux.html | 2 +-
.../resources/help_zh_CN/contents/webdriverlinux.html | 2 +-
.../resources/help_ar_SA/contents/webdrivermacos.html | 2 +-
.../resources/help_az_AZ/contents/webdrivermacos.html | 2 +-
.../resources/help_bs_BA/contents/webdrivermacos.html | 2 +-
.../resources/help_da_DK/contents/webdrivermacos.html | 2 +-
.../resources/help_de_DE/contents/webdrivermacos.html | 2 +-
.../resources/help_el_GR/contents/webdrivermacos.html | 2 +-
.../resources/help_es_ES/contents/webdrivermacos.html | 2 +-
.../resources/help_fa_IR/contents/webdrivermacos.html | 2 +-
.../resources/help_fil_PH/contents/webdrivermacos.html | 2 +-
.../resources/help_fr_FR/contents/webdrivermacos.html | 2 +-
.../resources/help_hi_IN/contents/webdrivermacos.html | 2 +-
.../resources/help_hu_HU/contents/webdrivermacos.html | 2 +-
.../resources/help_id_ID/contents/webdrivermacos.html | 2 +-
.../resources/help_it_IT/contents/webdrivermacos.html | 2 +-
.../resources/help_ja_JP/contents/webdrivermacos.html | 2 +-
.../resources/help_ms_MY/contents/webdrivermacos.html | 2 +-
.../resources/help_pl_PL/contents/webdrivermacos.html | 2 +-
.../resources/help_pt_BR/contents/webdrivermacos.html | 2 +-
.../resources/help_ro_RO/contents/webdrivermacos.html | 2 +-
.../resources/help_ru_RU/contents/webdrivermacos.html | 2 +-
.../resources/help_sr_CS/contents/webdrivermacos.html | 2 +-
.../resources/help_tr_TR/contents/webdrivermacos.html | 2 +-
.../resources/help_ur_PK/contents/webdrivermacos.html | 2 +-
.../resources/help_zh_CN/contents/webdrivermacos.html | 2 +-
.../resources/help_ar_SA/contents/webdriverwindows.html | 2 +-
.../resources/help_az_AZ/contents/webdriverwindows.html | 2 +-
.../resources/help_bs_BA/contents/webdriverwindows.html | 2 +-
.../resources/help_da_DK/contents/webdriverwindows.html | 2 +-
.../resources/help_de_DE/contents/webdriverwindows.html | 2 +-
.../resources/help_el_GR/contents/webdriverwindows.html | 2 +-
.../resources/help_es_ES/contents/webdriverwindows.html | 2 +-
.../resources/help_fa_IR/contents/webdriverwindows.html | 2 +-
.../resources/help_fil_PH/contents/webdriverwindows.html | 2 +-
.../resources/help_fr_FR/contents/webdriverwindows.html | 2 +-
.../resources/help_hi_IN/contents/webdriverwindows.html | 2 +-
.../resources/help_hu_HU/contents/webdriverwindows.html | 2 +-
.../resources/help_id_ID/contents/webdriverwindows.html | 2 +-
.../resources/help_it_IT/contents/webdriverwindows.html | 2 +-
.../resources/help_ja_JP/contents/webdriverwindows.html | 2 +-
.../resources/help_ms_MY/contents/webdriverwindows.html | 2 +-
.../resources/help_pl_PL/contents/webdriverwindows.html | 2 +-
.../resources/help_pt_BR/contents/webdriverwindows.html | 2 +-
.../resources/help_ro_RO/contents/webdriverwindows.html | 2 +-
.../resources/help_ru_RU/contents/webdriverwindows.html | 2 +-
.../resources/help_sr_CS/contents/webdriverwindows.html | 2 +-
.../resources/help_tr_TR/contents/webdriverwindows.html | 2 +-
.../resources/help_ur_PK/contents/webdriverwindows.html | 2 +-
.../resources/help_zh_CN/contents/webdriverwindows.html | 2 +-
72 files changed, 72 insertions(+), 72 deletions(-)
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ar_SA/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ar_SA/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ar_SA/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ar_SA/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_az_AZ/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_az_AZ/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_az_AZ/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_az_AZ/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_bs_BA/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_bs_BA/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_bs_BA/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_bs_BA/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_da_DK/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_da_DK/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_da_DK/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_da_DK/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_de_DE/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_de_DE/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_de_DE/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_de_DE/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_el_GR/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_el_GR/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_el_GR/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_el_GR/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_es_ES/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_es_ES/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_es_ES/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_es_ES/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fa_IR/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fa_IR/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fa_IR/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fa_IR/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fil_PH/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fil_PH/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fil_PH/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fil_PH/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fr_FR/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fr_FR/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fr_FR/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_fr_FR/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hi_IN/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hi_IN/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hi_IN/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hi_IN/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hu_HU/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hu_HU/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hu_HU/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_hu_HU/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_id_ID/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_id_ID/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_id_ID/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_id_ID/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_it_IT/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_it_IT/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_it_IT/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_it_IT/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ja_JP/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ja_JP/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ja_JP/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ja_JP/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ms_MY/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ms_MY/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ms_MY/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ms_MY/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pl_PL/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pl_PL/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pl_PL/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pl_PL/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pt_BR/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pt_BR/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pt_BR/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_pt_BR/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ro_RO/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ro_RO/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ro_RO/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ro_RO/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ru_RU/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ru_RU/contents/webdriverlinux.html
index 5a63be684e1..3e0bed90f2f 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ru_RU/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ru_RU/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Веб-драйверы Linux
Надстройка Linux WebDrivers предоставляет веб-драйверы для следующих браузеров:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_sr_CS/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_sr_CS/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_sr_CS/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_sr_CS/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_tr_TR/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_tr_TR/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_tr_TR/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_tr_TR/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ur_PK/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ur_PK/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ur_PK/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_ur_PK/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_zh_CN/contents/webdriverlinux.html b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_zh_CN/contents/webdriverlinux.html
index 20beef066cd..d7d99953763 100644
--- a/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_zh_CN/contents/webdriverlinux.html
+++ b/addOns/webdrivers/webdriverlinux/src/main/javahelp/org/zaproxy/zap/extension/webdriverlinux/resources/help_zh_CN/contents/webdriverlinux.html
@@ -9,7 +9,7 @@ Linux WebDrivers
The Linux WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ar_SA/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ar_SA/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ar_SA/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ar_SA/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_az_AZ/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_az_AZ/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_az_AZ/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_az_AZ/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_bs_BA/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_bs_BA/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_bs_BA/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_bs_BA/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_da_DK/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_da_DK/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_da_DK/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_da_DK/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_de_DE/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_de_DE/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_de_DE/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_de_DE/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_el_GR/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_el_GR/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_el_GR/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_el_GR/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_es_ES/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_es_ES/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_es_ES/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_es_ES/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fa_IR/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fa_IR/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fa_IR/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fa_IR/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fil_PH/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fil_PH/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fil_PH/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fil_PH/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fr_FR/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fr_FR/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fr_FR/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_fr_FR/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hi_IN/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hi_IN/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hi_IN/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hi_IN/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hu_HU/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hu_HU/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hu_HU/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_hu_HU/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_id_ID/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_id_ID/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_id_ID/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_id_ID/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_it_IT/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_it_IT/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_it_IT/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_it_IT/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ja_JP/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ja_JP/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ja_JP/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ja_JP/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ms_MY/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ms_MY/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ms_MY/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ms_MY/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pl_PL/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pl_PL/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pl_PL/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pl_PL/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pt_BR/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pt_BR/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pt_BR/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_pt_BR/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ro_RO/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ro_RO/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ro_RO/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ro_RO/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ru_RU/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ru_RU/contents/webdrivermacos.html
index ae09b4b4441..c2df726be33 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ru_RU/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ru_RU/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ Веб-драйверы MacOS
Надстройка MacOS WebDrivers предоставляет веб-драйверы для следующих браузеров:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_sr_CS/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_sr_CS/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_sr_CS/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_sr_CS/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_tr_TR/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_tr_TR/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_tr_TR/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_tr_TR/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ur_PK/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ur_PK/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ur_PK/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_ur_PK/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_zh_CN/contents/webdrivermacos.html b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_zh_CN/contents/webdrivermacos.html
index 5c4fa84b9d6..cc64d5fba55 100644
--- a/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_zh_CN/contents/webdrivermacos.html
+++ b/addOns/webdrivers/webdrivermacos/src/main/javahelp/org/zaproxy/zap/extension/webdrivermacos/resources/help_zh_CN/contents/webdrivermacos.html
@@ -9,7 +9,7 @@ MacOS WebDrivers
The MacOS WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ar_SA/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ar_SA/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ar_SA/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ar_SA/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_az_AZ/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_az_AZ/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_az_AZ/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_az_AZ/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_bs_BA/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_bs_BA/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_bs_BA/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_bs_BA/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_da_DK/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_da_DK/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_da_DK/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_da_DK/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_de_DE/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_de_DE/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_de_DE/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_de_DE/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_el_GR/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_el_GR/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_el_GR/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_el_GR/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_es_ES/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_es_ES/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_es_ES/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_es_ES/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fa_IR/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fa_IR/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fa_IR/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fa_IR/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fil_PH/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fil_PH/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fil_PH/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fil_PH/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fr_FR/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fr_FR/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fr_FR/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_fr_FR/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hi_IN/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hi_IN/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hi_IN/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hi_IN/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hu_HU/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hu_HU/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hu_HU/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_hu_HU/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_id_ID/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_id_ID/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_id_ID/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_id_ID/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_it_IT/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_it_IT/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_it_IT/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_it_IT/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ja_JP/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ja_JP/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ja_JP/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ja_JP/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ms_MY/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ms_MY/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ms_MY/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ms_MY/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pl_PL/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pl_PL/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pl_PL/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pl_PL/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pt_BR/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pt_BR/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pt_BR/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_pt_BR/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ro_RO/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ro_RO/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ro_RO/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ro_RO/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ru_RU/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ru_RU/contents/webdriverwindows.html
index 1e36031394a..c20fb1cc76c 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ru_RU/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ru_RU/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Веб-драйверы Windows
Надстройка Windows WebDrivers предоставляет веб-драйверы для следующих браузеров:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_sr_CS/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_sr_CS/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_sr_CS/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_sr_CS/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_tr_TR/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_tr_TR/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_tr_TR/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_tr_TR/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ur_PK/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ur_PK/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ur_PK/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_ur_PK/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
diff --git a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_zh_CN/contents/webdriverwindows.html b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_zh_CN/contents/webdriverwindows.html
index cadedaca21e..cc0760c0032 100644
--- a/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_zh_CN/contents/webdriverwindows.html
+++ b/addOns/webdrivers/webdriverwindows/src/main/javahelp/org/zaproxy/zap/extension/webdriverwindows/resources/help_zh_CN/contents/webdriverwindows.html
@@ -9,7 +9,7 @@ Windows WebDrivers
The Windows WebDrivers add-on provides WebDrivers for the following browsers:
- Chrome - ChromeDriver 138.0.7204.183
+ Chrome - ChromeDriver 139.0.7258.66
Firefox - geckodriver 0.36.0
From 02aaf7be5974d3fbacad191a0e6cacf63e2be8ac Mon Sep 17 00:00:00 2001
From: kingthorin
Date: Wed, 6 Aug 2025 20:54:20 -0400
Subject: [PATCH 05/94] authhelper: import ctx use defaults for new BBA and CSA
properties
Signed-off-by: kingthorin
---
.../BrowserBasedAuthenticationMethodType.java | 6 +-
...ntScriptBasedAuthenticationMethodType.java | 5 +-
...BasedAuthenticationMethodTypeUnitTest.java | 18 +++++
...BasedAuthenticationMethodTypeUnitTest.java | 66 +++++++++++++++++++
4 files changed, 91 insertions(+), 4 deletions(-)
create mode 100644 addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodTypeUnitTest.java
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
index 7ac897e4a34..604dc9b3f64 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
@@ -122,6 +122,7 @@ public class BrowserBasedAuthenticationMethodType extends AuthenticationMethodTy
public static final String DEFAULT_BROWSER_ID = Browser.FIREFOX_HEADLESS.getId();
private static final int DEFAULT_PAGE_WAIT = 5;
+ private static final int DEFAULT_STEP_DELAY = 0;
private static final Logger LOGGER =
LogManager.getLogger(BrowserBasedAuthenticationMethodType.class);
@@ -655,7 +656,8 @@ public void importData(Configuration config, AuthenticationMethod authMethod)
throw new ConfigurationException(e);
}
try {
- method.setStepDelay(config.getInt(CONTEXT_CONFIG_AUTH_BROWSER_STEPDELAY));
+ method.setStepDelay(
+ config.getInt(CONTEXT_CONFIG_AUTH_BROWSER_STEPDELAY, DEFAULT_STEP_DELAY));
} catch (Exception e) {
throw new ConfigurationException(e);
}
@@ -835,7 +837,7 @@ public BrowserBasedAuthenticationMethodOptionsPanel(Context context) {
this.add(loginUrlWait, LayoutHelper.getGBC(1, y, 1, 1.0d, 0.0d));
y++;
- stepDelay = new ZapNumberSpinner(0, 0, Integer.MAX_VALUE);
+ stepDelay = new ZapNumberSpinner(0, DEFAULT_STEP_DELAY, Integer.MAX_VALUE);
JLabel stepDelayLabel =
new JLabel(
Constant.messages.getString(
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
index d7973c6724a..3a15cf24d12 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
@@ -88,6 +88,7 @@ public class ClientScriptBasedAuthenticationMethodType extends ScriptBasedAuthen
CONTEXT_CONFIG_AUTH_SCRIPT + ".minwaitfor";
private static final int DEFAULT_PAGE_WAIT = 5;
+ private static final int DEFAULT_MIN_WAIT_FOR = 0;
private ExtensionScript extensionScript;
@@ -679,7 +680,7 @@ public ClientScriptBasedAuthenticationMethodOptionsPanel() {
this.add(loginPageWait, LayoutHelper.getGBC(1, y, 2, 1.0d, 0.0d));
y++;
- minWaitFor = new ZapNumberSpinner(0, 0, Integer.MAX_VALUE);
+ minWaitFor = new ZapNumberSpinner(0, DEFAULT_MIN_WAIT_FOR, Integer.MAX_VALUE);
JLabel minWaitForLabel =
new JLabel(
Constant.messages.getString(
@@ -797,7 +798,7 @@ public void importData(Configuration config, AuthenticationMethod authMethod)
throw new ConfigurationException(e);
}
try {
- method.setMinWaitFor(config.getInt(CONTEXT_CONFIG_MIN_WAIT_FOR));
+ method.setMinWaitFor(config.getInt(CONTEXT_CONFIG_MIN_WAIT_FOR, DEFAULT_MIN_WAIT_FOR));
} catch (Exception e) {
throw new ConfigurationException(e);
}
diff --git a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodTypeUnitTest.java b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodTypeUnitTest.java
index 72f13f6725a..b5654a57a71 100644
--- a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodTypeUnitTest.java
+++ b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodTypeUnitTest.java
@@ -23,6 +23,7 @@
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.BDDMockito.given;
@@ -127,6 +128,23 @@ void shouldExportAndImportData() throws Exception {
assertThat(method2.getBrowserId(), is(equalTo("example")));
}
+ @Test
+ void shouldLoadContextExportV0() {
+ // Given
+ String loginUrl = "https://www.example.com";
+ BrowserBasedAuthenticationMethodType type = new BrowserBasedAuthenticationMethodType();
+ BrowserBasedAuthenticationMethod method1 = type.createAuthenticationMethod(0);
+ ZapXmlConfiguration config = new ZapXmlConfiguration();
+ config.setProperty("context.authentication.browser.loginpageurl", loginUrl);
+ config.setProperty("context.authentication.browser.loginpagewait", 2);
+ // When
+ assertDoesNotThrow(() -> method1.getType().importData(config, method1));
+ // Then
+ assertThat(method1.getLoginPageUrl(), is(equalTo(loginUrl)));
+ assertThat(method1.getLoginPageWait(), is(equalTo(2)));
+ assertThat(method1.getStepDelay(), is(equalTo(0)));
+ }
+
@Test
void shouldPersistAndLoadFromSession() throws Exception {
// Given
diff --git a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodTypeUnitTest.java b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodTypeUnitTest.java
new file mode 100644
index 00000000000..84ca4c94702
--- /dev/null
+++ b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodTypeUnitTest.java
@@ -0,0 +1,66 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.addon.authhelper;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.parosproxy.paros.Constant;
+import org.parosproxy.paros.control.Control;
+import org.parosproxy.paros.extension.ExtensionLoader;
+import org.parosproxy.paros.model.Model;
+import org.zaproxy.addon.authhelper.ClientScriptBasedAuthenticationMethodType.ClientScriptBasedAuthenticationMethod;
+import org.zaproxy.zap.extension.script.ScriptWrapper;
+import org.zaproxy.zap.utils.I18N;
+import org.zaproxy.zap.utils.ZapXmlConfiguration;
+
+class ClientScriptBasedAuthenticationMethodTypeUnitTest {
+
+ @BeforeAll
+ static void beforeAll() {
+ Constant.messages = mock(I18N.class);
+ Control.initSingletonForTesting(mock(Model.class), mock(ExtensionLoader.class));
+ }
+
+ @Test
+ void shouldLoadContextExportV0() {
+ // Given
+ ScriptWrapper scriptWrapper = mock(ScriptWrapper.class);
+ given(scriptWrapper.getName()).willReturn("test_auth_script");
+
+ ClientScriptBasedAuthenticationMethodType type =
+ new ClientScriptBasedAuthenticationMethodType();
+ ClientScriptBasedAuthenticationMethod method1 = type.createAuthenticationMethod(0);
+ ZapXmlConfiguration config = new ZapXmlConfiguration();
+ method1.setScriptWrapper(scriptWrapper);
+ config.setProperty("context.authentication.script.loginpagewait", 2);
+ // When
+ assertDoesNotThrow(() -> method1.getType().importData(config, method1));
+ // Then
+ assertThat(method1.getLoginPageWait(), is(equalTo(2)));
+ assertThat(method1.getMinWaitFor(), is(equalTo(0)));
+ }
+}
From 379a84456342edd88c478cc0faaf5c232d6d8d94 Mon Sep 17 00:00:00 2001
From: Simon Bennetts
Date: Tue, 5 Aug 2025 13:37:07 +0100
Subject: [PATCH 06/94] automation: Support active scan URL parameter
Signed-off-by: Simon Bennetts
---
addOns/automation/CHANGELOG.md | 1 +
.../automation/gui/ActiveScanJobDialog.java | 11 ++++
.../addon/automation/jobs/ActiveScanJob.java | 28 +++++++++-
.../resources/help/contents/job-ascan.html | 1 +
.../automation/resources/Messages.properties | 2 +
.../automation/resources/activeScan-max.yaml | 1 +
.../automation/resources/activeScan-min.yaml | 1 +
.../jobs/ActiveScanJobUnitTest.java | 51 +++++++++++++++++++
.../automation/resources/template-max.yaml | 1 +
.../automation/resources/template-min.yaml | 1 +
10 files changed, 97 insertions(+), 1 deletion(-)
diff --git a/addOns/automation/CHANGELOG.md b/addOns/automation/CHANGELOG.md
index 1d48543ea7c..8c7078003ee 100644
--- a/addOns/automation/CHANGELOG.md
+++ b/addOns/automation/CHANGELOG.md
@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Added
- Support for step delay in Browser Based Authentication.
- Support for min wait for in Client Script Authentication.
+- Support for url in activeScan job.
### Changed
- Refer to output panel for errors.
diff --git a/addOns/automation/src/main/java/org/zaproxy/addon/automation/gui/ActiveScanJobDialog.java b/addOns/automation/src/main/java/org/zaproxy/addon/automation/gui/ActiveScanJobDialog.java
index 33f7086422f..2914ae33bb6 100644
--- a/addOns/automation/src/main/java/org/zaproxy/addon/automation/gui/ActiveScanJobDialog.java
+++ b/addOns/automation/src/main/java/org/zaproxy/addon/automation/gui/ActiveScanJobDialog.java
@@ -19,9 +19,11 @@
*/
package org.zaproxy.addon.automation.gui;
+import java.awt.Component;
import java.util.ArrayList;
import java.util.List;
import javax.swing.JButton;
+import javax.swing.JTextField;
import org.parosproxy.paros.core.scanner.Plugin.AlertThreshold;
import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
import org.zaproxy.addon.automation.jobs.ActiveScanJob;
@@ -45,6 +47,7 @@ public class ActiveScanJobDialog extends ActiveScanPolicyDialog {
private static final String TITLE = "automation.dialog.ascan.title";
private static final String NAME_PARAM = "automation.dialog.all.name";
private static final String CONTEXT_PARAM = "automation.dialog.ascan.context";
+ private static final String URL_PARAM = "automation.dialog.ascan.url";
private static final String USER_PARAM = "automation.dialog.all.user";
private static final String POLICY_PARAM = "automation.dialog.ascan.policy";
private static final String MAX_RULE_DURATION_PARAM = "automation.dialog.ascan.maxruleduration";
@@ -77,6 +80,13 @@ public ActiveScanJobDialog(ActiveScanJob job) {
users.add(0, "");
this.addComboField(0, USER_PARAM, users, this.job.getData().getParameters().getUser());
+ // Cannot select the node as it might not be present in the Sites tree
+ this.addNodeSelectField(0, URL_PARAM, null, true, false);
+ Component urlField = this.getField(URL_PARAM);
+ if (urlField instanceof JTextField) {
+ ((JTextField) urlField).setText(this.job.getParameters().getUrl());
+ }
+
this.addTextField(0, POLICY_PARAM, this.job.getParameters().getPolicy());
this.addNumberField(
0,
@@ -195,6 +205,7 @@ public void save() {
this.job.getData().setName(this.getStringValue(NAME_PARAM));
this.job.getParameters().setContext(this.getStringValue(CONTEXT_PARAM));
this.job.getParameters().setUser(this.getStringValue(USER_PARAM));
+ this.job.getParameters().setUrl(this.getStringValue(URL_PARAM));
this.job.getParameters().setPolicy(this.getStringValue(POLICY_PARAM));
this.job
.getParameters()
diff --git a/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java b/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java
index 6f62d0f6f5b..471bdbec24f 100644
--- a/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java
+++ b/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java
@@ -27,9 +27,13 @@
import lombok.Getter;
import lombok.Setter;
import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.httpclient.URI;
import org.apache.commons.lang3.StringUtils;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
+import org.parosproxy.paros.model.Model;
+import org.parosproxy.paros.model.SiteMap;
+import org.parosproxy.paros.model.SiteNode;
import org.zaproxy.addon.automation.AutomationData;
import org.zaproxy.addon.automation.AutomationEnvironment;
import org.zaproxy.addon.automation.AutomationJob;
@@ -52,6 +56,7 @@ public class ActiveScanJob extends AutomationJob {
private static final String PARAM_CONTEXT = "context";
private static final String PARAM_POLICY = "policy";
private static final String PARAM_USER = "user";
+ private static final String PARAM_URL = "url";
private ExtensionActiveScan extAScan;
@@ -122,7 +127,7 @@ public void applyParameters(AutomationProgress progress) {
this.parameters,
JobUtils.getJobOptions(this, progress),
this.getName(),
- new String[] {PARAM_POLICY, PARAM_CONTEXT, PARAM_USER},
+ new String[] {PARAM_POLICY, PARAM_CONTEXT, PARAM_USER, PARAM_URL},
progress,
this.getPlan().getEnv());
}
@@ -163,6 +168,26 @@ public void runJob(AutomationEnvironment env, AutomationProgress progress) {
List contextSpecificObjects = new ArrayList<>();
User user = this.getUser(this.getParameters().getUser(), progress);
+ String urlStr = parameters.getUrl();
+ try {
+ if (StringUtils.isNotEmpty(urlStr)) {
+ urlStr = env.replaceVars(urlStr);
+ URI uri = new URI(urlStr, true);
+ SiteMap tree = Model.getSingleton().getSession().getSiteTree();
+ SiteNode node = tree.findNode(uri);
+ if (node == null) {
+ progress.error(
+ Constant.messages.getString("automation.error.job.nourl", urlStr));
+ return;
+ } else {
+ target.setStartNode(node);
+ }
+ }
+ } catch (Exception e1) {
+ progress.error(Constant.messages.getString("automation.error.context.badurl", urlStr));
+ return;
+ }
+
ScanPolicy scanPolicy = null;
if (!StringUtils.isEmpty(this.getParameters().getPolicy())) {
try {
@@ -315,6 +340,7 @@ public Data(AutomationJob job, Parameters parameters, PolicyDefinition policyDef
public static class Parameters extends AutomationData {
private String context = "";
private String user = "";
+ private String url = "";
private String policy = "";
private Integer maxRuleDurationInMins = 0;
private Integer maxScanDurationInMins = 0;
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help/contents/job-ascan.html
index 212df5cef5e..805b22bb22e 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help/contents/job-ascan.html
@@ -23,6 +23,7 @@ YAML
parameters:
context: # String: Name of the context to attack, default: first context
user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: The subtree to active scan, default: all URLs of the context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages.properties
index 3706f7c0f54..635da01d890 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages.properties
@@ -85,6 +85,7 @@ automation.dialog.ascan.table.header.strength = Strength
automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascan.url = URL:
automation.dialog.ascanconfig.defaultpolicy = Default Policy:
automation.dialog.ascanconfig.error.excregex = Invalid ''Exclude'' RegEx: {0}
@@ -348,6 +349,7 @@ automation.error.job.enabled = Unsupported job enabled format: {0}
automation.error.job.internal = Job {0} internal error: {1}
automation.error.job.name = Unsupported job name format: {0}
automation.error.job.notype = Missing job type: {0}
+automation.error.job.nourl = URL Does not Exist for job {0} : {1}
automation.error.job.template = Failed to get template for job type: {0}
automation.error.job.unknown = Unrecognised job type: {0}
automation.error.nofile = Cannot access file: {0}
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-max.yaml b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-max.yaml
index 77e551a8aa6..f48c4382343 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-max.yaml
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-max.yaml
@@ -2,6 +2,7 @@
parameters:
context: # String: Name of the context to attack, default: first context
user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: The subtree to active scan, default: all URLs of the context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-min.yaml b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-min.yaml
index 304a3620789..40d74b7c134 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-min.yaml
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/activeScan-min.yaml
@@ -2,6 +2,7 @@
parameters:
context: # String: Name of the context to attack, default: first context
user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: The subtree to active scan, default: all URLs of the context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
diff --git a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java
index 8e501db6c1e..0e380ba55f1 100644
--- a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java
+++ b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java
@@ -794,4 +794,55 @@ void shouldWarnOnInvalidIntThreshold() throws MalformedURLException {
progress.getWarnings().get(0), is(equalTo("!automation.error.ascan.threshold!")));
assertThat(progress.hasErrors(), is(equalTo(false)));
}
+
+ @Test
+ void shouldVerifyParameters() {
+ // Given
+ AutomationEnvironment env = mock(AutomationEnvironment.class);
+ given(env.getAllUserNames()).willReturn(List.of("user0", "user1"));
+ ActiveScanJob job = new ActiveScanJob();
+ job.setEnv(env);
+ AutomationProgress progress = new AutomationProgress();
+
+ String yamlStr =
+ """
+ parameters:
+ context: "context1"
+ user: "user1"
+ policy: "policy1"
+ maxRuleDurationInMins: 1
+ maxScanDurationInMins: 10
+ addQueryParam: true
+ defaultPolicy: "policy2"
+ delayInMs: 10
+ handleAntiCSRFTokens: true
+ injectPluginIdInHeader: true
+ scanHeadersAllRequests: true
+ threadPerHost: 2
+ maxAlertsPerRule: 5
+ """;
+
+ Object data = new Yaml().load(yamlStr);
+ job.setJobData(((LinkedHashMap, ?>) data));
+
+ // When
+ job.verifyParameters(progress);
+
+ // Then
+ assertThat(progress.hasWarnings(), is(equalTo(false)));
+ assertThat(progress.hasErrors(), is(equalTo(false)));
+ assertThat(job.getParameters().getContext(), is(equalTo("context1")));
+ assertThat(job.getParameters().getUser(), is(equalTo("user1")));
+ assertThat(job.getParameters().getPolicy(), is(equalTo("policy1")));
+ assertThat(job.getParameters().getMaxRuleDurationInMins(), is(equalTo(1)));
+ assertThat(job.getParameters().getMaxScanDurationInMins(), is(equalTo(10)));
+ assertThat(job.getParameters().getAddQueryParam(), is(equalTo(true)));
+ assertThat(job.getParameters().getDefaultPolicy(), is(equalTo("policy2")));
+ assertThat(job.getParameters().getDelayInMs(), is(equalTo(10)));
+ assertThat(job.getParameters().getHandleAntiCSRFTokens(), is(equalTo(true)));
+ assertThat(job.getParameters().getInjectPluginIdInHeader(), is(equalTo(true)));
+ assertThat(job.getParameters().getScanHeadersAllRequests(), is(equalTo(true)));
+ assertThat(job.getParameters().getThreadPerHost(), is(equalTo(2)));
+ assertThat(job.getParameters().getMaxAlertsPerRule(), is(equalTo(5)));
+ }
}
diff --git a/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-max.yaml b/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-max.yaml
index 47770f5be5b..1b010b631c3 100644
--- a/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-max.yaml
+++ b/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-max.yaml
@@ -126,6 +126,7 @@ jobs:
parameters:
context: # String: Name of the context to attack, default: first context
user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: The subtree to active scan, default: all URLs of the context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
diff --git a/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-min.yaml b/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-min.yaml
index b12f3ee4d15..89fdcba1a08 100644
--- a/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-min.yaml
+++ b/addOns/automation/src/test/resources/org/zaproxy/addon/automation/resources/template-min.yaml
@@ -47,6 +47,7 @@ jobs:
parameters:
context: # String: Name of the context to attack, default: first context
user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: The subtree to active scan, default: all URLs of the context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
From e4940e2f3dfcd498c971dd362cb5b8f6fe425522 Mon Sep 17 00:00:00 2001
From: kingthorin
Date: Sat, 9 Aug 2025 09:38:49 -0400
Subject: [PATCH 07/94] llm: Correct
LlmCommunicationService#isPreviouslyReviewed
- Fix the logic in LlmCommunicationService#isPreviouslyReviewed
- Add tests LlmCommunicationServiceUnitTest
Signed-off-by: kingthorin
---
.../llm/services/LlmCommunicationService.java | 6 +-
.../LlmCommunicationServiceUnitTest.java | 65 +++++++++++++++++++
2 files changed, 68 insertions(+), 3 deletions(-)
create mode 100644 addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
diff --git a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
index 2afb152d001..9c41a10b358 100644
--- a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
+++ b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
@@ -53,7 +53,7 @@
public class LlmCommunicationService {
private static final Logger LOGGER = LogManager.getLogger(LlmCommunicationService.class);
- private static final String AI_REVIEWED_TAG_KEY = "AI-Reviewed";
+ protected static final String AI_REVIEWED_TAG_KEY = "AI-Reviewed";
private LlmAssistant llmAssistant;
private LlmResponseHandler listener;
@@ -206,8 +206,8 @@ public void reviewAlert(Alert alert) {
}
}
- private static boolean isPreviouslyReviewed(Alert alert) {
- return !alert.getTags().containsKey(AI_REVIEWED_TAG_KEY);
+ protected static boolean isPreviouslyReviewed(Alert alert) {
+ return alert.getTags().containsKey(AI_REVIEWED_TAG_KEY);
}
private static String getUpdatedOtherInfo(Alert alert, Confidence llmConfidence) {
diff --git a/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java b/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
new file mode 100644
index 00000000000..c104726792f
--- /dev/null
+++ b/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
@@ -0,0 +1,65 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.addon.llm.services;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.is;
+
+import java.util.Map;
+import org.junit.jupiter.api.Test;
+import org.parosproxy.paros.core.scanner.Alert;
+import org.zaproxy.zap.testutils.TestUtils;
+
+/** Unit test for {@link LlmCommunicationService}. */
+class LlmCommunicationServiceUnitTest extends TestUtils {
+
+ @Test
+ void shouldNotBeConsideredReviewdIfNoTags() {
+ // Given
+ Alert alert = new Alert(-1);
+ // When
+ boolean result = LlmCommunicationService.isPreviouslyReviewed(alert);
+ // Then
+ assertThat(result, is(equalTo(false)));
+ }
+
+ @Test
+ void shouldNotBeConsideredReviewdIfNotMarkedAsSuch() {
+ // Given
+ Alert alert = new Alert(-1);
+ alert.setTags(Map.of("test", "test"));
+ // When
+ boolean result = LlmCommunicationService.isPreviouslyReviewed(alert);
+ // Then
+ assertThat(result, is(equalTo(false)));
+ }
+
+ @Test
+ void shouldBeConsideredReviewdIfMarkedAsSuch() {
+ // Given
+ Alert alert = new Alert(-1);
+ alert.setTags(Map.of(LlmCommunicationService.AI_REVIEWED_TAG_KEY, ""));
+ // When
+ boolean result = LlmCommunicationService.isPreviouslyReviewed(alert);
+ // Then
+ assertThat(result, is(equalTo(true)));
+ }
+}
From 72c2ba0942313a8e56c41fedd8000d8374097878 Mon Sep 17 00:00:00 2001
From: Najam Ul Saqib
Date: Fri, 18 Jul 2025 17:26:03 +0500
Subject: [PATCH 08/94] pass otherinfo to llm
Signed-off-by: Najam Ul Saqib
---
.../addon/llm/services/LlmAssistant.java | 57 ++++++++++++-----
.../llm/services/LlmCommunicationService.java | 16 ++++-
.../LlmCommunicationServiceUnitTest.java | 62 +++++++++++++++++++
3 files changed, 116 insertions(+), 19 deletions(-)
diff --git a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmAssistant.java b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmAssistant.java
index 5870bb3db7d..10c05cb1c3d 100644
--- a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmAssistant.java
+++ b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmAssistant.java
@@ -34,22 +34,45 @@ public interface LlmAssistant {
"As a software architect, and based on your previous answer, generate other potential missing endpoints that are not mentioned in the OpenAPI file. For example, if there is GET /product/1, suggest DELETE /product/1 if it's not mentioned")
HttpRequestList complete();
- @SystemMessage(
- "You are a web application security expert reviewing potential false positives. Answer only in JSON.")
- @UserMessage(
- "Your task is to review the following finding from ZAP (Zed Attack Proxy).\n"
- + "The confidence level is a pull down field which allows you to specify how confident you are in the validity of the finding : \n"
- + "- 0 if it's False Positive\n"
- + "- 1 if it's Low\n"
- + "- 2 if it's Medium\n"
- + "- 3 if it's High\n"
- + "\n"
- + "The alert is described as follows : {{description}}\n"
- + "\n"
- + "As evidence, the HTTP response contains :\n"
- + "---\n"
- + "{{evidence}}\n"
- + "---\n"
- + "Provide a short consistent explanation of the new score.\n")
+ static final String ALERT_REVIEW_SYSTEM_MSG =
+ "You are a web application security expert reviewing potential false positives. Answer only in JSON.";
+ static final String ALERT_REVIEW_GOAL =
+ "Provide a short consistent explanation of the new score.\n";
+ static final String ALERT_REVIEW_PROMPT =
+ """
+ Your task is to review the following finding from ZAP (Zed Attack Proxy).
+ The confidence level is a pull down field which allows you to specify how confident you are in the validity of the finding:
+ - 0 if it's False Positive
+ - 1 if it's Low
+ - 2 if it's Medium
+ - 3 if it's High
+ The alert is described as follows: {{description}}
+
+ As evidence, the HTTP message contains:
+ ---
+ {{evidence}}
+ ---
+ """
+ + ALERT_REVIEW_GOAL;
+
+ static final String ALERT_REVIEW_OTHERINFO_PROMPT =
+ ALERT_REVIEW_PROMPT
+ + """
+ Also, here's some additional information that may be useful for you to reach your conclusion:
+ ---
+ {{otherinfo}}
+ ---
+ """
+ + ALERT_REVIEW_GOAL;
+
+ @SystemMessage(ALERT_REVIEW_SYSTEM_MSG)
+ @UserMessage(ALERT_REVIEW_PROMPT)
Confidence review(@V("description") String description, @V("evidence") String evidence);
+
+ @SystemMessage(ALERT_REVIEW_SYSTEM_MSG)
+ @UserMessage(ALERT_REVIEW_OTHERINFO_PROMPT)
+ Confidence review(
+ @V("description") String description,
+ @V("evidence") String evidence,
+ @V("otherinfo") String otherinfo);
}
diff --git a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
index 9c41a10b358..e51ee29f071 100644
--- a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
+++ b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java
@@ -32,6 +32,7 @@
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Paths;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@@ -75,6 +76,11 @@ public LlmCommunicationService(LlmOptions options) {
requestor = new Requestor(HttpSender.MANUAL_REQUEST_INITIATOR, new HistoryPersister());
}
+ /** For testing purposes only. */
+ LlmCommunicationService(LlmAssistant assistant) {
+ this.llmAssistant = assistant;
+ }
+
private ChatLanguageModel buildModel(LlmOptions options) {
return switch (options.getModelProvider()) {
case AZURE_OPENAI ->
@@ -170,7 +176,13 @@ public void reviewAlert(Alert alert) {
LOGGER.debug("Reviewing alert : {}", alert.getName());
LOGGER.debug("Confidence level from ZAP : {}", alert.getConfidence());
Stats.incCounter("stats.llm.alertreview.call");
- llmConfidence = llmAssistant.review(alert.getDescription(), alert.getEvidence());
+ if (alert.getOtherInfo().isBlank()) {
+ llmConfidence = llmAssistant.review(alert.getDescription(), alert.getEvidence());
+ } else {
+ llmConfidence =
+ llmAssistant.review(
+ alert.getDescription(), alert.getEvidence(), alert.getOtherInfo());
+ }
if (llmConfidence.getLevel() == alert.getConfidence()) {
Stats.incCounter("stats.llm.alertreview.result.same");
@@ -184,7 +196,7 @@ public void reviewAlert(Alert alert) {
llmConfidence.getExplanation());
updatedAlert.setConfidence(llmConfidence.getLevel());
updatedAlert.setOtherInfo(getUpdatedOtherInfo(alert, llmConfidence));
- Map alertTags = alert.getTags();
+ Map alertTags = new HashMap<>(alert.getTags());
alertTags.putIfAbsent(AI_REVIEWED_TAG_KEY, "");
updatedAlert.setTags(alertTags);
diff --git a/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java b/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
index c104726792f..3e8b67292c6 100644
--- a/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
+++ b/addOns/llm/src/test/java/org/zaproxy/addon/llm/services/LlmCommunicationServiceUnitTest.java
@@ -21,16 +21,35 @@
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.is;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
import java.util.Map;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.scanner.Alert;
+import org.zaproxy.addon.llm.communication.Confidence;
import org.zaproxy.zap.testutils.TestUtils;
+import org.zaproxy.zap.utils.I18N;
/** Unit test for {@link LlmCommunicationService}. */
class LlmCommunicationServiceUnitTest extends TestUtils {
+ private static final Confidence CONFIDENCE =
+ new Confidence(Alert.CONFIDENCE_MEDIUM, "explanation");
+
+ @BeforeAll
+ static void beforeAll() {
+ Constant.messages = mock(I18N.class);
+ }
+
@Test
void shouldNotBeConsideredReviewdIfNoTags() {
// Given
@@ -62,4 +81,47 @@ void shouldBeConsideredReviewdIfMarkedAsSuch() {
// Then
assertThat(result, is(equalTo(true)));
}
+
+ @ParameterizedTest
+ @ValueSource(strings = {"", " ", "\t", "\r", "\n"})
+ void shouldUseTwoParamReviewMethodWhenNoOtherInfo(String otherInfo) {
+ // Given
+ LlmAssistant assistant = mock();
+ LlmCommunicationService service = new LlmCommunicationService(assistant);
+
+ Alert alert = createBaseAlert();
+ alert.setOtherInfo(otherInfo);
+
+ given(assistant.review(anyString(), anyString())).willReturn(CONFIDENCE);
+ // When
+ service.reviewAlert(alert);
+ // Then
+ verify(assistant).review(anyString(), anyString());
+ assertThat(alert.getTags(), hasEntry(LlmCommunicationService.AI_REVIEWED_TAG_KEY, ""));
+ }
+
+ @Test
+ void shouldUseThreeParamReviewMethodWhenHasOtherInfo() {
+ // Given
+ LlmAssistant assistant = mock();
+ LlmCommunicationService service = new LlmCommunicationService(assistant);
+
+ Alert alert = createBaseAlert();
+ alert.setOtherInfo("other info");
+
+ given(assistant.review(anyString(), anyString(), anyString())).willReturn(CONFIDENCE);
+ // When
+ service.reviewAlert(alert);
+ // Then
+ verify(assistant).review(anyString(), anyString(), anyString());
+ assertThat(alert.getTags(), hasEntry(LlmCommunicationService.AI_REVIEWED_TAG_KEY, ""));
+ }
+
+ private static Alert createBaseAlert() {
+ return Alert.builder()
+ .setDescription("desc")
+ .setEvidence("evidence")
+ .setConfidence(Alert.CONFIDENCE_MEDIUM)
+ .build();
+ }
}
From 7238fbda5b9c3b5885f227995553dfe515df5b8c Mon Sep 17 00:00:00 2001
From: thc202
Date: Mon, 11 Aug 2025 13:06:55 +0100
Subject: [PATCH 09/94] authhelper: record auth step on error
Record a step on error to include the most information possible (e.g.
HTTP messages sent up to the error).
Signed-off-by: thc202
---
addOns/authhelper/CHANGELOG.md | 1 +
.../zaproxy/addon/authhelper/AuthUtils.java | 19 ++++++++++++++++++-
.../authhelper/AuthenticationDiagnostics.java | 12 ++++++++++++
.../BrowserBasedAuthenticationMethodType.java | 3 ++-
...ntScriptBasedAuthenticationMethodType.java | 2 ++
.../authhelper/resources/Messages.properties | 1 +
6 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md
index 44e36ec07fb..4886863ba8d 100644
--- a/addOns/authhelper/CHANGELOG.md
+++ b/addOns/authhelper/CHANGELOG.md
@@ -15,6 +15,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## Changed
- Send the referer header on verification if set on the original request.
- Removed requirement to set at least one header in the GUI for Header-Based Session Management.
+- Include step for errors in the authentication diagnostics.
### Fixed
- Do not fail the authentication on diagnostic errors.
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
index 3d3e39b81d3..448ed88e876 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
@@ -407,12 +407,29 @@ public static boolean authenticateAsUser(
new BrowserBasedAuthenticationMethodType().getName(),
user.getContext().getName(),
user.getName())) {
+ return authenticateAsUserWithErrorStep(
+ diags, wd, user, loginPageUrl, loginWaitInSecs, stepDelayInSecs, steps);
+ }
+ }
+
+ static boolean authenticateAsUserWithErrorStep(
+ AuthenticationDiagnostics diags,
+ WebDriver wd,
+ User user,
+ String loginPageUrl,
+ int loginWaitInSecs,
+ int stepDelayInSecs,
+ List steps) {
+ try {
return authenticateAsUserImpl(
diags, wd, user, loginPageUrl, loginWaitInSecs, stepDelayInSecs, steps);
+ } catch (Exception e) {
+ diags.recordErrorStep();
+ throw e;
}
}
- static boolean authenticateAsUserImpl(
+ private static boolean authenticateAsUserImpl(
AuthenticationDiagnostics diags,
WebDriver wd,
User user,
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
index 8aefb502dc6..0fb563b885a 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
@@ -444,6 +444,18 @@ private void finishCurrentStep(String url, String description) {
createStep();
}
+ public void recordErrorStep() {
+ if (!enabled) {
+ return;
+ }
+
+ try {
+ recordStep(Constant.messages.getString("authhelper.auth.method.diags.steps.error"));
+ } catch (Exception e) {
+ LOGGER.warn("An error occurred while recording the error step:", e);
+ }
+ }
+
public void recordStep(String description) {
if (!enabled) {
return;
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
index 7ac897e4a34..1bbc36f8e15 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
@@ -337,7 +337,7 @@ private WebSession authenticateImpl(
proxyHost,
proxyPort);
- if (AuthUtils.authenticateAsUserImpl(
+ if (AuthUtils.authenticateAsUserWithErrorStep(
diags,
wd,
user,
@@ -417,6 +417,7 @@ private WebSession authenticateImpl(
} catch (IOException e) {
LOGGER.error(e.getMessage(), e);
+ diags.recordErrorStep();
}
// Code based on Authentication.notifyOutputAuthFailure
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
index d7973c6724a..018cce6a937 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
@@ -476,6 +476,8 @@ public WebSession authenticate(
cred);
} catch (Exception e) {
+ diags.recordErrorStep();
+
// Catch Exception instead of ScriptException and IOException because script
// engine
// implementations might throw other exceptions on script errors (e.g.
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages.properties
index c4c24e76a34..816edf7d9ed 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages.properties
@@ -61,6 +61,7 @@ authhelper.auth.method.clientscript.name = Client Script Authentication
authhelper.auth.method.diags.steps.authenticated = Authenticated Message
authhelper.auth.method.diags.steps.authmessage = Authentication With Primary Message
authhelper.auth.method.diags.steps.emptysession = Authentication With Empty Session
+authhelper.auth.method.diags.steps.error = Error
authhelper.auth.method.diags.steps.finish = Finished Steps
authhelper.auth.method.diags.steps.loginlink = Login Link
authhelper.auth.method.diags.steps.password = Auto Fill Password
From 56a34ac503a3ededf11e747812007b392f67fdb3 Mon Sep 17 00:00:00 2001
From: Simon Bennetts
Date: Mon, 11 Aug 2025 17:26:03 +0100
Subject: [PATCH 10/94] authhelper: BBA to support HTTP auth
Signed-off-by: Simon Bennetts
---
addOns/authhelper/CHANGELOG.md | 2 +
addOns/authhelper/authhelper.gradle.kts | 2 +-
.../zaproxy/addon/authhelper/AuthUtils.java | 155 ++++++++++++++++--
.../VerificationDetectionScanRule.java | 27 ++-
.../VerificationRequestDetails.java | 8 +-
.../resources/help/contents/browser-auth.html | 2 +
addOns/network/CHANGELOG.md | 3 +
.../zaproxy/addon/network/NetworkUtils.java | 142 ++++++++++++++++
.../addon/network/NetworkUtilsUnitTest.java | 121 ++++++++++++++
9 files changed, 440 insertions(+), 22 deletions(-)
create mode 100644 addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java
create mode 100644 addOns/network/src/test/java/org/zaproxy/addon/network/NetworkUtilsUnitTest.java
diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md
index 4886863ba8d..4806068bec3 100644
--- a/addOns/authhelper/CHANGELOG.md
+++ b/addOns/authhelper/CHANGELOG.md
@@ -16,6 +16,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Send the referer header on verification if set on the original request.
- Removed requirement to set at least one header in the GUI for Header-Based Session Management.
- Include step for errors in the authentication diagnostics.
+- Browser based authentication to also support HTTP basic authentication for Firefox.
+- Verification rule to improve detection.
### Fixed
- Do not fail the authentication on diagnostic errors.
diff --git a/addOns/authhelper/authhelper.gradle.kts b/addOns/authhelper/authhelper.gradle.kts
index fdc52d8b28f..622dfc4790a 100644
--- a/addOns/authhelper/authhelper.gradle.kts
+++ b/addOns/authhelper/authhelper.gradle.kts
@@ -62,7 +62,7 @@ zapAddOn {
version.set(">=0.8.0 & < 1.0.0")
}
register("network") {
- version.set(">=0.6.0")
+ version.set(">=0.23.0")
}
register("pscan") {
version.set(">= 0.1.0 & < 1.0.0")
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
index 448ed88e876..d61c7d136c0 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
@@ -60,9 +60,11 @@
import org.openqa.selenium.Keys;
import org.openqa.selenium.NoSuchShadowRootException;
import org.openqa.selenium.StaleElementReferenceException;
+import org.openqa.selenium.UsernameAndPassword;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebDriverException;
import org.openqa.selenium.WebElement;
+import org.openqa.selenium.firefox.FirefoxDriver;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.extension.Extension;
@@ -71,10 +73,12 @@
import org.parosproxy.paros.network.HttpHeaderField;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpSender;
+import org.parosproxy.paros.network.HttpStatusCode;
import org.parosproxy.paros.view.View;
import org.zaproxy.addon.authhelper.BrowserBasedAuthenticationMethodType.BrowserBasedAuthenticationMethod;
import org.zaproxy.addon.authhelper.internal.AuthenticationStep;
import org.zaproxy.addon.commonlib.ResourceIdentificationUtils;
+import org.zaproxy.addon.network.NetworkUtils;
import org.zaproxy.zap.authentication.AuthenticationCredentials;
import org.zaproxy.zap.authentication.AuthenticationMethod;
import org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy;
@@ -104,6 +108,18 @@ public class AuthUtils {
public static final String AUTH_SESSION_TOKENS_MAX = "stats.auth.sessiontokens.max";
public static final String AUTH_BROWSER_PASSED_STATS = "stats.auth.browser.passed";
public static final String AUTH_BROWSER_FAILED_STATS = "stats.auth.browser.failed";
+ public static final String AUTH_BROWSER_HTTP_AUTH_BASIC_STATS = "stats.auth.browser.http.basic";
+ public static final String AUTH_BROWSER_HTTP_AUTH_DIGEST_STATS =
+ "stats.auth.browser.http.digest";
+ public static final String AUTH_BROWSER_HTTP_AUTH_ERROR_STATS = "stats.auth.browser.http.error";
+ public static final String AUTH_BROWSER_HTTP_AUTH_PASSED_STATS =
+ "stats.auth.browser.http.passed";
+ public static final String AUTH_BROWSER_HTTP_AUTH_FAILED_STATS =
+ "stats.auth.browser.http.failed";
+ public static final String AUTH_BROWSER_HTTP_AUTH_NOT_SUPPORTED_STATS =
+ "stats.auth.browser.http.notsupported";
+ public static final String AUTH_BROWSER_HTTP_AUTH_UNKNOWN_STATS =
+ "stats.auth.browser.http.unknown";
public static final String[] HEADERS = {HttpHeader.AUTHORIZATION, "X-CSRF-Token"};
public static final String[] JSON_IDS = {"accesstoken", "token"};
@@ -135,6 +151,8 @@ public class AuthUtils {
protected static List LOGIN_LABELS_P2 =
List.of("account", "signup", "sign up", "sign-up");
+ private static final String HTTP_AUTH_EXCEPTION_TEXT = "This site is asking you to sign in.";
+
protected static final int MIN_SESSION_COOKIE_LENGTH = 10;
public static final int TIME_TO_SLEEP_IN_MSECS = 100;
@@ -210,7 +228,10 @@ public void notifyMessageReceived(HttpMessage message) {
* The URLs (and methods) we've checked for finding good verification requests. These will only
* be recorded if the user has set verification to auto-detect.
*/
- private static Map> contextVerificationMap =
+ private static Map> contextVerificationCheckedMap =
+ Collections.synchronizedMap(new HashMap<>());
+
+ private static Map> contextVerificationAlwaysCheckMap =
Collections.synchronizedMap(new HashMap<>());
public static long getTimeToWaitMs() {
@@ -444,17 +465,24 @@ private static boolean authenticateAsUserImpl(
// Try with the given URL
wd.get(loginPageUrl);
-
- boolean auth =
- internalAuthenticateAsUser(
- diags,
- wd,
- context,
- loginPageUrl,
- credentials,
- loginWaitInSecs,
- stepDelayInSecs,
- steps);
+ boolean auth = false;
+ try {
+ auth =
+ internalAuthenticateAsUser(
+ diags,
+ wd,
+ context,
+ loginPageUrl,
+ credentials,
+ loginWaitInSecs,
+ stepDelayInSecs,
+ steps);
+ } catch (Exception e) {
+ if (e.getMessage() != null && e.getMessage().contains(HTTP_AUTH_EXCEPTION_TEXT)) {
+ return handleHttpAuth(wd, context, credentials, loginPageUrl);
+ }
+ throw e;
+ }
if (auth) {
return true;
@@ -494,6 +522,83 @@ private static boolean authenticateAsUserImpl(
return false;
}
+ private static boolean handleHttpAuth(
+ WebDriver wd,
+ Context context,
+ UsernamePasswordAuthenticationCredentials credentials,
+ String loginPageUrl) {
+ if (wd instanceof FirefoxDriver fxwd) {
+ // Selenium currently only supports FX
+ // Start by checking the creds with a direct request - its much easier to
+ // detect auth failures this way
+ // Will have already seen this URL before, but its probably a good verif one
+ // now
+ alwaysCheckContextVerificationMap(context, loginPageUrl);
+ try {
+ // Send an authenticated request so that we see what sort of HTTP auth is in use
+ HttpSender unauthSender =
+ new HttpSender(HttpSender.AUTHENTICATION_HELPER_INITIATOR);
+ unauthSender.setMaxRedirects(MAX_UNAUTH_REDIRECTIONS);
+
+ URI uri = new URI(loginPageUrl, true);
+ HttpMessage msg1 = new HttpMessage(uri);
+ unauthSender.sendAndReceive(msg1, REDIRECT_NOTIFIER_CONFIG);
+
+ String authHeader;
+ if (NetworkUtils.isHttpBasicAuth(msg1)) {
+ authHeader = NetworkUtils.getHttpBasicAuthorization(credentials);
+ incStatsCounter(uri, AUTH_BROWSER_HTTP_AUTH_BASIC_STATS);
+ } else if (NetworkUtils.isHttpDigestAuth(msg1)) {
+ // Do not currently support Digest auth, but lets record the stats
+ incStatsCounter(uri, AUTH_BROWSER_HTTP_AUTH_DIGEST_STATS);
+ return false;
+ } else {
+ incStatsCounter(uri, AUTH_BROWSER_HTTP_AUTH_UNKNOWN_STATS);
+ return false;
+ }
+
+ // Now try to send an auth request - this will fail if the creds are wrong
+ HttpMessage msg2 = new HttpMessage(uri);
+ msg2.getRequestHeader().setHeader(HttpHeader.AUTHORIZATION, authHeader);
+ unauthSender.sendAndReceive(msg2, REDIRECT_NOTIFIER_CONFIG);
+
+ if (HttpStatusCode.isClientError(msg2.getResponseHeader().getStatusCode())) {
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_HTTP_AUTH_FAILED_STATS);
+ return false;
+ }
+
+ } catch (Exception e1) {
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_HTTP_AUTH_FAILED_STATS);
+ LOGGER.debug(e1.getMessage(), e1);
+ return false;
+ }
+ try {
+ // Attempt to get selenium to handle HTTP Auth
+ fxwd.network()
+ .addAuthenticationHandler(
+ new UsernameAndPassword(
+ credentials.getUsername(), credentials.getPassword()));
+
+ // Need to wait for passive scanning of prev req to complete
+ sleep(AUTH_PAGE_SLEEP_IN_MSECS);
+
+ neverCheckContextVerificationMap(context, loginPageUrl);
+ fxwd.get(loginPageUrl);
+
+ incStatsCounter(loginPageUrl, AUTH_FOUND_FIELDS_STATS);
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_PASSED_STATS);
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_HTTP_AUTH_PASSED_STATS);
+ return true;
+ } catch (Exception e1) {
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_HTTP_AUTH_FAILED_STATS);
+ LOGGER.debug(e1.getMessage(), e1);
+ }
+ } else {
+ incStatsCounter(loginPageUrl, AUTH_BROWSER_HTTP_AUTH_NOT_SUPPORTED_STATS);
+ }
+ return false;
+ }
+
private static UsernamePasswordAuthenticationCredentials getCredentials(User user) {
AuthenticationCredentials credentials = user.getAuthenticationCredentials();
if (credentials instanceof UsernamePasswordAuthenticationCredentials creds) {
@@ -1117,7 +1222,8 @@ public static void clean() {
knownTokenMap.clear();
contextVerifMap.clear();
contextSessionMgmtMap.clear();
- contextVerificationMap.clear();
+ contextVerificationCheckedMap.clear();
+ contextVerificationAlwaysCheckMap.clear();
requestTokenMap.clear();
if (executorService != null) {
executorService.shutdown();
@@ -1181,6 +1287,18 @@ private static synchronized ExecutorService getExecutorService() {
return executorService;
}
+ private static void alwaysCheckContextVerificationMap(Context context, String url) {
+ contextVerificationAlwaysCheckMap
+ .computeIfAbsent(context.getId(), c -> Collections.synchronizedSet(new HashSet<>()))
+ .add("GET " + url);
+ }
+
+ private static void neverCheckContextVerificationMap(Context context, String url) {
+ contextVerificationAlwaysCheckMap
+ .computeIfAbsent(context.getId(), c -> Collections.synchronizedSet(new HashSet<>()))
+ .remove("GET " + url);
+ }
+
public static void processVerificationDetails(
Context context,
VerificationRequestDetails details,
@@ -1191,9 +1309,14 @@ public static void processVerificationDetails(
+ " "
+ details.getMsg().getRequestHeader().getURI().toString();
- if (contextVerificationMap
- .computeIfAbsent(context.getId(), c -> Collections.synchronizedSet(new HashSet<>()))
- .add(methodUrl)) {
+ if (contextVerificationAlwaysCheckMap
+ .computeIfAbsent(
+ context.getId(), c -> Collections.synchronizedSet(new HashSet<>()))
+ .contains(methodUrl)
+ || contextVerificationCheckedMap
+ .computeIfAbsent(
+ context.getId(), c -> Collections.synchronizedSet(new HashSet<>()))
+ .add(methodUrl)) {
// Have not already checked this method + url
getExecutorService().submit(new VerificationDetectionProcessor(context, details, rule));
}
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java
index aef4b8b1e02..a116062224d 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java
@@ -27,10 +27,12 @@
import org.apache.logging.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.scanner.Alert;
+import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpRequestHeader;
import org.zaproxy.addon.authhelper.VerificationRequestDetails.VerificationComparator;
import org.zaproxy.addon.commonlib.AuthConstants;
+import org.zaproxy.addon.network.NetworkUtils;
import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
import org.zaproxy.zap.model.Context;
@@ -67,10 +69,33 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) {
Set sessionTokens = AuthUtils.getRequestSessionTokens(msg);
if (sessionTokens.isEmpty()) {
+ if (NetworkUtils.isHttpBasicAuth(msg) || NetworkUtils.isHttpDigestAuth(msg)) {
+ List contextList = AuthUtils.getRelatedContexts(msg);
+
+ for (Context context : contextList) {
+ VerificationRequestDetails currentVerifDetails =
+ AuthUtils.getVerificationDetailsForContext(context.getId());
+ VerificationRequestDetails newVerifDetails =
+ new VerificationRequestDetails(
+ msg,
+ msg.getRequestHeader().getHeader(HttpHeader.AUTHORIZATION),
+ context);
+ if (currentVerifDetails != null
+ && newVerifDetails.getScore() > 0
+ && COMPARATOR.compare(newVerifDetails, currentVerifDetails) > 0) {
+ // We've potentially found a better verification request
+ LOGGER.debug(
+ "Identified potentially better verification req {} for context {}",
+ msg.getRequestHeader().getURI(),
+ context.getName());
+ AuthUtils.processVerificationDetails(context, newVerifDetails, this);
+ }
+ }
+ }
+
return;
}
// We have at least one session token, so it might be of interest
-
for (SessionToken st : sessionTokens) {
String token = st.getValue();
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationRequestDetails.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationRequestDetails.java
index dc366b32a13..1f7a3353a48 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationRequestDetails.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationRequestDetails.java
@@ -28,6 +28,7 @@
import org.parosproxy.paros.core.scanner.Alert;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpStatusCode;
+import org.zaproxy.addon.commonlib.http.ComparableResponse;
import org.zaproxy.zap.authentication.AuthenticationCredentials;
import org.zaproxy.zap.authentication.UsernamePasswordAuthenticationCredentials;
import org.zaproxy.zap.extension.users.ExtensionUserManagement;
@@ -95,10 +96,9 @@ public VerificationRequestDetails(HttpMessage msg, String token, Context context
}
public boolean isConsistent(VerificationRequestDetails vrd) {
- return this.getResponseCode() == vrd.getResponseCode()
- && isStructuredResponse() == vrd.isStructuredResponse()
- && isContainsUserDetails() == vrd.isContainsUserDetails()
- && (getResponseSize() / 10) == (vrd.getResponseSize() / 10);
+ ComparableResponse cr1 = new ComparableResponse(this.getMsg(), "");
+ return isContainsUserDetails() == vrd.isContainsUserDetails()
+ && cr1.compareWith(new ComparableResponse(vrd.getMsg(), "")) > 0.8;
}
public boolean isIdentifiablyDifferent(VerificationRequestDetails vrd) {
diff --git a/addOns/authhelper/src/main/javahelp/org/zaproxy/addon/authhelper/resources/help/contents/browser-auth.html b/addOns/authhelper/src/main/javahelp/org/zaproxy/addon/authhelper/resources/help/contents/browser-auth.html
index 1692e702786..71c663fee5e 100644
--- a/addOns/authhelper/src/main/javahelp/org/zaproxy/addon/authhelper/resources/help/contents/browser-auth.html
+++ b/addOns/authhelper/src/main/javahelp/org/zaproxy/addon/authhelper/resources/help/contents/browser-auth.html
@@ -17,6 +17,8 @@ Browser Based Authentication
The plan is to keep enhancing this authentication method to handle all of the most commonly used login page formats.
If it does not work with your application's login page then please inform the ZAP team via the
ZAP User Group giving as many details as possible.
+
+This method also supports HTTP Basic Authentication for Firefox only (due to Selenium restrictions).
Authentication Steps
When the authentication method is not able to find suitable fields, or requires extra steps they can be manually specified by the user. The following steps are supported:
diff --git a/addOns/network/CHANGELOG.md b/addOns/network/CHANGELOG.md
index 80ac60ac218..01440fb739a 100644
--- a/addOns/network/CHANGELOG.md
+++ b/addOns/network/CHANGELOG.md
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## Unreleased
+### Added
+- NetworkUtils class.
+
### Changed
- Use only positive serial numbers for the Root CA certificate (Issue 8984).
diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java b/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java
new file mode 100644
index 00000000000..20fd93c42db
--- /dev/null
+++ b/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java
@@ -0,0 +1,142 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.addon.network;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+import java.util.List;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hc.client5.http.auth.AuthChallenge;
+import org.apache.hc.client5.http.auth.ChallengeType;
+import org.apache.hc.client5.http.auth.Credentials;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.impl.auth.AuthChallengeParser;
+import org.apache.hc.client5.http.impl.auth.DigestScheme;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.message.BasicHttpRequest;
+import org.apache.hc.core5.http.message.ParserCursor;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.parosproxy.paros.network.HttpHeader;
+import org.parosproxy.paros.network.HttpMessage;
+import org.zaproxy.zap.authentication.UsernamePasswordAuthenticationCredentials;
+
+/**
+ * @since 0.23.0
+ */
+public final class NetworkUtils {
+
+ private static final Logger LOGGER = LogManager.getLogger(NetworkUtils.class);
+
+ private NetworkUtils() {}
+
+ /**
+ * Returns true if the HTTP response indicates the site requires HTTP Basic authentication.
+ *
+ * @param msg the message to check
+ * @return true if the site requires HTTP Basic authentication.
+ */
+ public static boolean isHttpBasicAuth(HttpMessage msg) {
+ return StringUtils.startsWithIgnoreCase(
+ msg.getResponseHeader().getHeader(HttpHeader.WWW_AUTHENTICATE), "Basic");
+ }
+
+ /**
+ * Returns true if the HTTP response indicates the site requires HTTP Digest authentication.
+ *
+ * @param msg the message to check
+ * @return true if the site requires HTTP Digest authentication.
+ */
+ public static boolean isHttpDigestAuth(HttpMessage msg) {
+ return StringUtils.startsWithIgnoreCase(
+ msg.getResponseHeader().getHeader(HttpHeader.WWW_AUTHENTICATE), "Digest");
+ }
+
+ /**
+ * Returns the HTTP Basic Authorization header to use in a response for the credentials.
+ *
+ * @param credentials the users credentials.
+ * @return the HTTP Basic Authorization header.
+ */
+ public static String getHttpBasicAuthorization(
+ UsernamePasswordAuthenticationCredentials credentials) {
+ return "Basic " + encodeCreds(credentials);
+ }
+
+ private static String encodeCreds(UsernamePasswordAuthenticationCredentials creds) {
+ try {
+ return Base64.getEncoder()
+ .encodeToString(
+ (creds.getUsername() + ":" + creds.getPassword()).getBytes("UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ // Should never happen
+ return "";
+ }
+ }
+
+ /**
+ * Returns the HTTP Digest Authorization header to use in a response for the credentials. This
+ * is not sufficient to maintain an HTTP Digest session on its own and so may well change in the
+ * future.
+ *
+ * @param credentials the users credentials.
+ * @return the HTTP Digest Authorization header, or null if there has been a problem.
+ */
+ public static String getHttpDigestAuthorization(
+ HttpMessage msg, UsernamePasswordAuthenticationCredentials credentials) {
+ String authHeader = msg.getResponseHeader().getHeader(HttpHeader.WWW_AUTHENTICATE);
+ if (authHeader == null) {
+ LOGGER.error("Null auth header for request to {}", msg.getRequestHeader().getURI());
+ return null;
+ }
+ if (credentials.getPassword() == null) {
+ LOGGER.error("Null password for user {}", credentials.getUsername());
+ return null;
+ }
+ AuthChallengeParser acp = new AuthChallengeParser();
+ try {
+ List acs =
+ acp.parse(
+ ChallengeType.TARGET,
+ authHeader,
+ new ParserCursor(0, authHeader.length()));
+ if (!acs.isEmpty()) {
+ // Just handle 1 for now, this works on a test site
+ DigestScheme ds = new DigestScheme();
+ Credentials creds =
+ new UsernamePasswordCredentials(
+ credentials.getUsername(), credentials.getPassword().toCharArray());
+ ds.initPreemptive(creds, "", "");
+ ds.processChallenge(acs.get(0), null);
+ return ds.generateAuthResponse(
+ new HttpHost(
+ msg.getRequestHeader().getHostName(),
+ msg.getRequestHeader().getHostPort()),
+ new BasicHttpRequest(
+ msg.getRequestHeader().getMethod(),
+ msg.getRequestHeader().getURI().toString()),
+ null);
+ }
+ } catch (Exception e) {
+ LOGGER.error(e.getMessage(), e);
+ }
+ return null;
+ }
+}
diff --git a/addOns/network/src/test/java/org/zaproxy/addon/network/NetworkUtilsUnitTest.java b/addOns/network/src/test/java/org/zaproxy/addon/network/NetworkUtilsUnitTest.java
new file mode 100644
index 00000000000..734193a1d89
--- /dev/null
+++ b/addOns/network/src/test/java/org/zaproxy/addon/network/NetworkUtilsUnitTest.java
@@ -0,0 +1,121 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.addon.network;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.nullValue;
+
+import org.apache.commons.httpclient.URI;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.parosproxy.paros.network.HttpHeader;
+import org.parosproxy.paros.network.HttpMessage;
+import org.zaproxy.zap.authentication.UsernamePasswordAuthenticationCredentials;
+
+public class NetworkUtilsUnitTest {
+
+ @ParameterizedTest
+ @CsvSource({
+ "Basic, true",
+ "basiC, true",
+ "digest, false",
+ ", false",
+ })
+ void shouldIdBasicAuth(String header, String result) throws Exception {
+ // Given
+ HttpMessage msg = new HttpMessage(new URI("https://www.example.com/basic/", true));
+ msg.getResponseHeader().setHeader(HttpHeader.WWW_AUTHENTICATE, header);
+
+ // When
+ boolean basic = NetworkUtils.isHttpBasicAuth(msg);
+
+ // Then
+ assertThat(basic, is(equalTo(Boolean.parseBoolean(result))));
+ }
+
+ @ParameterizedTest
+ @CsvSource({
+ "Digest, true",
+ "diGEST, true",
+ "basic, false",
+ ", false",
+ })
+ void shouldIdDigestAuth(String header, String result) throws Exception {
+ // Given
+ HttpMessage msg = new HttpMessage(new URI("https://www.example.com/basic/", true));
+ msg.getResponseHeader().setHeader(HttpHeader.WWW_AUTHENTICATE, header);
+
+ // When
+ boolean basic = NetworkUtils.isHttpDigestAuth(msg);
+
+ // Then
+ assertThat(basic, is(equalTo(Boolean.parseBoolean(result))));
+ }
+
+ @Test
+ void shouldGenerateBasicAuth() throws Exception {
+ // Given
+ UsernamePasswordAuthenticationCredentials creds =
+ new UsernamePasswordAuthenticationCredentials("username", "password");
+
+ // When
+ String auth = NetworkUtils.getHttpBasicAuthorization(creds);
+
+ // Then
+ assertThat(auth, is(equalTo("Basic dXNlcm5hbWU6cGFzc3dvcmQ=")));
+ }
+
+ @Test
+ void shouldGenerateDigestAuth() throws Exception {
+ HttpMessage msg = new HttpMessage(new URI("https://www.example.com/digest/", true));
+ msg.getResponseHeader()
+ .setHeader(
+ HttpHeader.WWW_AUTHENTICATE,
+ "Digest realm=\"test\", domain=\"/HTTP/Digest\", nonce=\"e561a741e25a463317199abe129bb096\"");
+ UsernamePasswordAuthenticationCredentials creds =
+ new UsernamePasswordAuthenticationCredentials("username", "password");
+
+ // When
+ String auth = NetworkUtils.getHttpDigestAuthorization(msg, creds);
+
+ // Then
+ assertThat(
+ auth,
+ is(
+ equalTo(
+ "Digest username=\"username\", realm=\"test\", nonce=\"e561a741e25a463317199abe129bb096\", uri=\"/digest/\", response=\"d7aaee78d91c0e29bca8a57fa26f1ea9\", algorithm=MD5")));
+ }
+
+ @Test
+ void shouldHandleNoHeaderDigestAuth() throws Exception {
+ HttpMessage msg = new HttpMessage(new URI("https://www.example.com/digest/", true));
+ UsernamePasswordAuthenticationCredentials creds =
+ new UsernamePasswordAuthenticationCredentials("username", "password");
+
+ // When
+ String auth = NetworkUtils.getHttpDigestAuthorization(msg, creds);
+
+ // Then
+ assertThat(auth, is(nullValue()));
+ }
+}
From e89581ba003cfc9684fb4d8f39aa1c58b32e474d Mon Sep 17 00:00:00 2001
From: thc202
Date: Mon, 11 Aug 2025 18:31:52 +0100
Subject: [PATCH 11/94] authhelper: record more diags on error
Attempt to record also the state of the browser when an error occurs.
Signed-off-by: thc202
---
.../java/org/zaproxy/addon/authhelper/AuthUtils.java | 2 +-
.../addon/authhelper/AuthenticationDiagnostics.java | 10 ++++++++--
.../BrowserBasedAuthenticationMethodType.java | 2 +-
.../ClientScriptBasedAuthenticationMethodType.java | 9 ++++++++-
4 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
index 448ed88e876..e24a60c2996 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java
@@ -424,7 +424,7 @@ static boolean authenticateAsUserWithErrorStep(
return authenticateAsUserImpl(
diags, wd, user, loginPageUrl, loginWaitInSecs, stepDelayInSecs, steps);
} catch (Exception e) {
- diags.recordErrorStep();
+ diags.recordErrorStep(wd);
throw e;
}
}
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
index 0fb563b885a..b589ea699cb 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDiagnostics.java
@@ -444,13 +444,19 @@ private void finishCurrentStep(String url, String description) {
createStep();
}
- public void recordErrorStep() {
+ public void recordErrorStep(WebDriver webDriver) {
if (!enabled) {
return;
}
try {
- recordStep(Constant.messages.getString("authhelper.auth.method.diags.steps.error"));
+ String description =
+ Constant.messages.getString("authhelper.auth.method.diags.steps.error");
+ if (webDriver == null) {
+ recordStep(description);
+ } else {
+ recordStep(webDriver, description);
+ }
} catch (Exception e) {
LOGGER.warn("An error occurred while recording the error step:", e);
}
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
index 1bbc36f8e15..ab9f43ae887 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java
@@ -417,7 +417,7 @@ private WebSession authenticateImpl(
} catch (IOException e) {
LOGGER.error(e.getMessage(), e);
- diags.recordErrorStep();
+ diags.recordErrorStep(null);
}
// Code based on Authentication.notifyOutputAuthFailure
diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
index 018cce6a937..a3d16aca5f9 100644
--- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
+++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
@@ -476,7 +476,7 @@ public WebSession authenticate(
cred);
} catch (Exception e) {
- diags.recordErrorStep();
+ diags.recordErrorStep(getWebDriver(zestRunner));
// Catch Exception instead of ScriptException and IOException because script
// engine
@@ -600,6 +600,13 @@ public WebSession authenticate(
}
}
+ private static WebDriver getWebDriver(ZestAuthenticationRunner runner) {
+ if (runner != null && !runner.getWebDrivers().isEmpty()) {
+ return runner.getWebDrivers().get(0);
+ }
+ return null;
+ }
+
private void recordCloseStep(
ZestAuthenticationRunner zestRunner, AuthenticationDiagnostics diags) {
if (zestRunner == null || !diagnostics) {
From 0fd8f3b2e32c28b9a31c02ebc648f1f32408f2a2 Mon Sep 17 00:00:00 2001
From: thc202
Date: Tue, 12 Aug 2025 17:25:11 +0100
Subject: [PATCH 12/94] reports: include AF state in json-plus report
Include the errors/warns of the AF in a new section.
Signed-off-by: thc202
---
addOns/reports/CHANGELOG.md | 1 +
.../report-traditional-json-plus.html | 47 +++++++++++++++++--
.../traditional-json-plus/Messages.properties | 1 +
.../reports/traditional-json-plus/report.json | 8 +++-
.../traditional-json-plus/template.yaml | 1 +
.../basic-traditional-json-plus.json | 6 ++-
6 files changed, 58 insertions(+), 6 deletions(-)
diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md
index 7fab2b5682e..511b48ab17f 100644
--- a/addOns/reports/CHANGELOG.md
+++ b/addOns/reports/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## Unreleased
### Changed
- Provide/log details on report errors through the Automation Framework job.
+- Allow to include Automation Framework errors and warnings in the Traditional JSON Report with Requests and Responses report.
## [0.39.0] - 2025-06-20
### Changed
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
index 335a8fd0a76..62a2e360137 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
@@ -21,14 +21,20 @@ Sections
Sequence Details
sequencedetails
+
+ Automation Framework State
+ afstate
+
- Sample
- About riskdesc
+ About riskdesc
riskdesc - Is a combination identifier, showing Risk followed by
Confidence (in brackets). For example
High (Medium)
would indicate a High risk issue identified with Medium confidence.
+
+ Sample
+
{
"@version": "Dev Build",
@@ -98,7 +104,21 @@ About riskdesc
]
},
...
- ],
+ ]
+ }
+ ]
+}
+
+
+ Statistics Section
+ The report can also include statistics, per site and global, for
+ example:
+
+{
+ ...
+ "site":[
+ {
+ ...
"statistics": {
"site.specific.stat.a": 1,
"site.specific.stat.b": 2
@@ -109,13 +129,16 @@ About riskdesc
"global.stat.a": 1,
"global.stat.b": 2
}
-
+}
+ Sequence Details Section
The report can also include details of Sequences and related active
scanning results, for example:
+{
+ ...
"sequences": [
{
"name": "Seq name",
@@ -170,8 +193,24 @@ About riskdesc
]
}
]
+}
+ Automation Framework State Section
+ The report can also include Automation Framework errors and warnings,
+ for example:
+
+
+{
+ ...
+ "afPlanErrors": [
+ "AError A"
+ ],
+ "afPlanWarns": [
+ "Warning B"
+ ]
+}
+