-
Notifications
You must be signed in to change notification settings - Fork 1
HelpAddonsReplacerReplacer
The replacer is an easy way to replace strings in requests and responses.
It is accessible via the Options and by default it can be quickly accessed via the ' R' hotkey.
The Replacer Options panel allows you to define as many replacement rules as you need. Each rule is defined by the following fields:
A description that allows you to identify the rule.
May be one of:
In this case the 'Match String' will be treated as a header name. If the header is present then its value will be replaced by the replacement text. If the replacement text is empty then the header will be removed (if present). If the header is not present and the replacement text is not empty then the header will be added.
In this case the 'Match String' will be treated as a string or regex expression. If it is present in the request header then it will be replaced by the replacement text.
In this case the 'Match String' will be treated as a string or regex expression. If it is present in the request body then it will be replaced by the replacement text.
In this case the 'Match String' will be treated as a header name. If the header is present then its value will be replaced by the replacement text. If the replacement text is empty then the header will be removed (if present). If the header is not present and the replacement text is not empty then the header will be added.
In this case the 'Match String' will be treated as a string or regex expression. If it is present in the response header then it will be replaced by the replacement text.
In this case the 'Match String' will be treated as a string or regex expression. If it is present in the response body then it will be replaced by the replacement text.
The string that will be used to identify what should be replaced - see Match Type for details.
If set then the Match String will be treated as a regex expression. This option is disabled when matching actual headers.
The new string that will replace the specified selection.
If not set then the rule will not apply.
Allows you to specify which 'initiators' the rule should apply to. Each ZAP component which can send and receive messages is a separate initiator, so this gives you a very fine grain control over exactly when the rule should apply.
If you need even more control over when and how text should be replaced then you can use the ZAP Script Console which gives you complete control over the ZAP messages.
- Introduction
-
2.0 Add-ons
- Add-ons: Release
- Add-ons: Beta
-
Add-ons: Alpha
- Active Scan Rules - alpha
- Access Control Testing
- All In One Notes
- Authentication Statistics
- Browser View
- Bug Tracker
- Code Dx
- Community Scripts
- Custom Payloads
- Custom Report
- DOM XSS Active Scan Rule
- Export Report
- Form Handler
- Groovy Scripting
- HTTPS Info Add-on
- Open API Specification Support
- Passive Scan Rules - alpha
- Replacer
- Revisit
- Server-Sent Events
- Sequence Scanner
- Simple Example
- SOAP Scanner
- SNI Terminator
- Technology Detection
- TLS Debug
- Add-on Development
- Add-on Structure
- Add-on Debugging
- Examples
- Upgrade
- Code Structure
- 1.4 Add-ons
(This is work in progress;)