HelpAddonsSpiderAjaxOptions
This screen allows you to configure the AJAX Spider options. The AJAX Spider is an add-on for a crawler called Crawljax. The add-on sets up a local proxy in ZAP to talk to Crawljax. The AJAX Spider allows you to crawl web applications written in AJAX in far more depth than the native Spider. Use the AJAX Spider if you may have web applications written in AJAX. You should also use the native Spider as well for complete coverage of a web application (e.g., to cover HTML comments).
|
Configuration Options |
||
|---|---|---|
| Field | Details | Default |
| Browser | AJAX Spider relies on an external browser to crawl the targeted site. You can specify which one you want to use. For more details on supported browsers refer to "Selenium" add-on help pages. | Firefox |
| Number of Browser Windows to Open | You can configure the number of windows to be used by AJAX Spider. The more windows, the faster the process will be. | 1 |
| Maximum Crawl Depth | The maximum depth that the crawler can reach. Zero means unlimited depth. | 10 |
| Maximum Crawl States | The maximum number of states that the crawler should crawl. Zero means unlimited crawl states. | 0 (unlimited) |
| Maximum Duration | The maximum time that the crawler is allowed to run. Zero means unlimited running time. | 60 minutes |
| Event Wait Time | The time to wait after a client side event is fired. | 1000 ms |
| Reload Wait Time | The time to wait after URL is loaded. | 1000 ms |
| Click Elements Once | When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. If this is not set, the crawler will attempt to click multiple times. Unsetting this option is more rigorous but may take considerably more time. | True |
| Use Random Values in Form Fields | When enabled, inserts random values into form fields. Otherwise, it uses empty values. | True |
| Click Default Elements Only | When enabled, only elements "a", "button" and "input" will be clicked during crawl. Otherwise, it uses the table below to determine which elements will be clicked. For more in depth analysis, disable this and configure the clickable elements in the table. | True |
| Select elements to click during crawl (table) | The list of elements to crawl. This table only applies when "click default elements only" is not enabled. Use "enable all" for a more in depth analysis, though it may take somewhat longer. | All enabled |
| AJAX Spider | for an overview of the AJAX Spider | |
| AJAX Spider tab | for an overview of the AJAX Spider Tab | |
| AJAX Spider dialog | for an overview of the AJAX Spider Dialog |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
