pentestMCP

config.xml•77.1 kB

<?xml version="1.0" encoding="UTF-8" standalone="no"?> <config> <start> <checkForUpdates>true</checkForUpdates> <downloadNewRelease>false</downloadNewRelease> <checkAddonUpdates>true</checkAddonUpdates> <installAddonUpdates>true</installAddonUpdates> <installScannerRules>true</installScannerRules> <reportReleaseAddons>true</reportReleaseAddons> <reportBetaAddons>true</reportBetaAddons> <reportAlphaAddons>true</reportAlphaAddons> <dayLastChecked>2025-04-27</dayLastChecked> <downloadDir>C:\Users\ramka\ZAP\plugin</downloadDir> </start> <pscans version="5"> <scanOnlyInScope>false</scanOnlyInScope> <scanFuzzerMessages>false</scanFuzzerMessages> <threads>16</threads> <maxAlertsPerRule>0</maxAlertsPerRule> <maxBodySizeInBytes>0</maxBodySizeInBytes> <confirmRemoveAutoTagScanner>true</confirmRemoveAutoTagScanner> <autoTagScanners> <scanner> <name>html_tag_form</name> <type>TAG</type> <config>Form</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex><form</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_tag_password</name> <type>TAG</type> <config>Password</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex><password\s</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_type_password</name> <type>TAG</type> <config>Password</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex>type\s*=\s*['"]?password['"]?</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_type_hidden</name> <type>TAG</type> <config>Hidden</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex>type\s*=\s*['"]?hidden['"]?</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_type_upload</name> <type>TAG</type> <config>Upload</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex>type\s*=\s*['"]?file['"]?</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_tag_object</name> <type>TAG</type> <config>Object</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex><object\s</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_tag_script</name> <type>TAG</type> <config>Script</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex><script</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_mailto</name> <type>TAG</type> <config>MailTo</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex>href\s*=\s*['"]?mailto:</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_setcookie</name> <type>TAG</type> <config>SetCookie</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex>set-cookie</resHeadRegex> <resBodyRegex/> <enabled>true</enabled> </scanner> <scanner> <name>html_comment1</name> <type>TAG</type> <config>Comment</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex>/\*</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>html_comment2</name> <type>TAG</type> <config>Comment</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex/> <resBodyRegex><!--</resBodyRegex> <enabled>true</enabled> </scanner> <scanner> <name>response_json</name> <type>TAG</type> <config>JSON</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex>type\s*:\s*application\/json</resHeadRegex> <resBodyRegex/> <enabled>true</enabled> </scanner> <scanner> <name>json_extended</name> <type>TAG</type> <config>JSON</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex>content-type:\s{0,10}.{1,20}\/.{0,100}json</resHeadRegex> <resBodyRegex/> <enabled>false</enabled> </scanner> <scanner> <name>response_yaml</name> <type>TAG</type> <config>YAML</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex>content-type:\s{0,10}.{1,20}\/.{0,100}yaml</resHeadRegex> <resBodyRegex/> <enabled>false</enabled> </scanner> <scanner> <name>response_xml</name> <type>TAG</type> <config>XML</config> <reqUrlRegex/> <reqHeadRegex/> <resHeadRegex>content-type:\s{0,10}.{1,20}\/.{0,100}xml</resHeadRegex> <resBodyRegex/> <enabled>false</enabled> </scanner> </autoTagScanners> </pscans> <version>20016000</version> <reveal version="1"> <enabled>false</enabled> </reveal> <bruteforce version="1"> <threadPerHost>32</threadPerHost> <recursive>true</recursive> <defaultFile/> <browsefileswithoutextension>false</browsefileswithoutextension> <browsefiles>false</browsefiles> <fileextensions/> <extensionsToMiss>jpg, gif, jpeg, ico, tiff, png, bmp</extensionsToMiss> <failCaseString>thereIsNoWayThat-You-CanBeThere</failCaseString> </bruteforce> <script> <console version="1"> <defaultScriptChangedBehaviour>ASK_EACH_TIME</defaultScriptChangedBehaviour> <font> <name>Monospaced</name> <size>12</size> </font> <codeStyle> <tabSize>4</tabSize> <useTabCharacter>false</useTabCharacter> </codeStyle> </console> <confRemdir>true</confRemdir> <enableScriptsFromDirs>false</enableScriptsFromDirs> </script> <encoder version="1"> <base64dobreaklines>true</base64dobreaklines> <base64charset>UTF-8</base64charset> <hashers> <lowercase>true</lowercase> </hashers> </encoder> <encode> <param> <base64charset>UTF-8</base64charset> </param> </encode> <wappalyzer version="1"/> <requester version="2"> <autoFocus>true</autoFocus> </requester> <ajaxSpider version="6"> <enableExtensions>false</enableExtensions> <clickElemsOnce>true</clickElemsOnce> <clickDefaultElems>true</clickDefaultElems> <randomInputs>true</randomInputs> <numberOfBrowsers>16</numberOfBrowsers> <maxCrawlDepth>10</maxCrawlDepth> <maxCrawlStates>0</maxCrawlStates> <maxDuration>60</maxDuration> <eventWait>1000</eventWait> <reloadWait>1000</reloadWait> <confirmRemoveElem>true</confirmRemoveElem> <browserId>chrome-headless</browserId> <confirmRemoveAllowedResource>true</confirmRemoveAllowedResource> <showAdvOptions>true</showAdvOptions> <elems> <elem> <name>a</name> <enabled>true</enabled> </elem> <elem> <name>button</name> <enabled>true</enabled> </elem> <elem> <name>td</name> <enabled>true</enabled> </elem> <elem> <name>span</name> <enabled>true</enabled> </elem> <elem> <name>div</name> <enabled>true</enabled> </elem> <elem> <name>tr</name> <enabled>true</enabled> </elem> <elem> <name>ol</name> <enabled>true</enabled> </elem> <elem> <name>li</name> <enabled>true</enabled> </elem> <elem> <name>radio</name> <enabled>true</enabled> </elem> <elem> <name>form</name> <enabled>true</enabled> </elem> <elem> <name>select</name> <enabled>true</enabled> </elem> <elem> <name>input</name> <enabled>true</enabled> </elem> <elem> <name>option</name> <enabled>true</enabled> </elem> <elem> <name>img</name> <enabled>true</enabled> </elem> <elem> <name>p</name> <enabled>true</enabled> </elem> <elem> <name>abbr</name> <enabled>true</enabled> </elem> <elem> <name>address</name> <enabled>true</enabled> </elem> <elem> <name>area</name> <enabled>true</enabled> </elem> <elem> <name>article</name> <enabled>true</enabled> </elem> <elem> <name>aside</name> <enabled>true</enabled> </elem> <elem> <name>audio</name> <enabled>true</enabled> </elem> <elem> <name>canvas</name> <enabled>true</enabled> </elem> <elem> <name>details</name> <enabled>true</enabled> </elem> <elem> <name>footer</name> <enabled>true</enabled> </elem> <elem> <name>header</name> <enabled>true</enabled> </elem> <elem> <name>label</name> <enabled>true</enabled> </elem> <elem> <name>nav</name> <enabled>true</enabled> </elem> <elem> <name>section</name> <enabled>true</enabled> </elem> <elem> <name>summary</name> <enabled>true</enabled> </elem> <elem> <name>table</name> <enabled>true</enabled> </elem> <elem> <name>textarea</name> <enabled>true</enabled> </elem> <elem> <name>th</name> <enabled>true</enabled> </elem> <elem> <name>ul</name> <enabled>true</enabled> </elem> <elem> <name>video</name> <enabled>true</enabled> </elem> </elems> <allowedResources> <allowedResource> <regex>^http.*\.js(?:\?.*)?$</regex> <enabled>true</enabled> </allowedResource> <allowedResource> <regex>^http.*\.css(?:\?.*)?$</regex> <enabled>true</enabled> </allowedResource> </allowedResources> </ajaxSpider> <selenium version="3"> <chromeDriver>C:\Users\ramka\ZAP\webdriver\windows\64\chromedriver.exe</chromeDriver> <firefoxDriver>C:\Users\ramka\ZAP\webdriver\windows\64\geckodriver.exe</firefoxDriver> <confirmRemoveBrowserArg>true</confirmRemoveBrowserArg> <chromeArgs> <arg> <argument>--headless</argument> <enabled>true</enabled> </arg> <arg> <argument>--disable-gpu</argument> <enabled>true</enabled> </arg> <arg> <argument>--no-sandbox</argument> <enabled>true</enabled> </arg> </chromeArgs> </selenium> <callhome version="1"> <tel> <uuid>5bc1e4a3-b2c8-4947-bebc-79172f2c667c</uuid> <enabled>true</enabled> </tel> </callhome> <network> <serverCertificates version="1"> <rootCa> <certValidityDays>365</certValidityDays> <ks>MIIMSgIBAzCCC_QGCSqGSIb3DQEHAaCCC-UEggvhMIIL3TCCBcQGCSqGSIb3DQEHAaCCBbUEggWxMIIFrTCCBakGCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFPD51-XZN4fMA3fV3n1B7hXQfGlBAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQGW6jbEGJKFGvrjWVFjWevwSCBNCTNCWoyvfdaLfhZnSuY3TkVameEytqU9lVnoI57NLoCLjIdaPN2QIFtTuVwns7BJyWzrbYdkrvJD1Yk_QgO59qg5R410MD8N2Wg8s29x397FZKQC1A197HO8kj10phevdm5BijcH4X5L2xQiabY_Jhz9Mm3Xr3VRhQu4idaBuiB6gCsmEPPlIc3_P2KeJNtf1S7qCt3GY4TbvxEVM6ElfIV4aBxv93L3C-Tf_NYzY8kx9OzUBIOubGsejfr4l-hbMkB_l_KOT0cdxuJiQE4TiVFkDb9cwv6cTQZwF-0NgV19bknYDVDd7f1-LI27ax_g2G2mytkLX0urjOQD70egwSATuD6PoUlBAP2B-LFOcoXHgt82lN8sF6WTCD5JF3MHK3AjzUorNRwGDEHwCXX7Kq6WqUyOwXfdlykQqnpFi50O43W5qYId_9vSY3FCLMzUTYASJPpB6H_RwXEDs3Q8ygjCY0L_6EJpHtAMpF9FPm1vtWlSDC72Oa4rpozZtANkn5uctRtOQCFa6JxWs-4FFGmqsMI8jLWDQM9QP6-Y8jEe2FxO-XOoeY45fAUAoy5oQonYulG4kdsWwIWX3pkO8fu65AQ7KfY9jikBzJiQLkGpnatMkEUBp6C03T8s92-J9syETK4OXSweoRPtpmQvl_tlTFiGOcwoiHf15USUNz6I-rAoHHnDej765oqsDYdF-3npYvQVaVzZ-IQps0mtN3m6YFMxzr5oGx45DXN7mCtAGDUXXbt5iglXwA6_BOGqWiaLcQTkg8Gr31p_M3S2YmEuQ3rHTRiYwStbzpeqdfMLG5Oga07m2hq-WCApmYulTP47grb-sU1F8hNhhmQarMsm-exwRYfd3eIHH95c2S4VS_iuwi1-1B_9abFmVf_u-zUQKMNaJpFVT4spCABXNKhW3ec2ha6nBH_Oam2rzNanm-ysONmg8Mk1rIkv9UKU_iP7LTSvO4KOyeM7h9wvw6iMfUW_dGSTaD20ltjHJqhd4qQOtAY047aoAQVPEE4tixIwfoUFjg0EAUzL2h1scmxFuoXPzO_1VLBo74lhZfZquOTJQ02NCSIomOmXGat_ii2b70abiQNKjuSLBpHLJZeDKMqkbfxzK5IDiGWzUkxxFlSHbhsXyfMjvm-J9eHDuhNBkvb75j3tWcmAjmtqxt-nyWXkwM9zNeEh8Hx7B5T9LU2F_LFgrE-pBJhrB8UgZVYORpa7-oWnJKSWcKTx1SyEwDnQlL5-wdhF1Wz6jSuDhWpAIsenFgl45OUA4z8ZLpEtEHdnTNmjbeg56XJBJHkqel2DK0mf9ZM_Kc2R1u0T8e_3h7HzTnX3P0lDwBXhayFUwa2NparGcOeLjCqVdgezfBUjV2EGRE56M2KxbNEXu1ulDqCnc4CjGMYgQF3U_I-JqXGv9prXlkGQOSoYnpIoKR4h0Y-dd-YKPXU-A0RnGN6ItCjDi1nNMHp_hecFJPtmRx-ACmerk2nc2qU2Ly3qBoGJU2pg8EhWMME5yZqvUd-zVhrjHFUqBUXCKeP9wXLzWDb58SD57-UbTbAlWHVkWxYCElQ7qbAZ2fEXHWXlNC9HhX_1INGoP1jmWowuGz6Ro6DHinAf0i1WZavCobwXAh7594PUxzsUWDcw47OzFWMDEGCSqGSIb3DQEJFDEkHiIAbwB3AGEAcwBwAF8AegBhAHAAXwByAG8AbwB0AF8AYwBhMCEGCSqGSIb3DQEJFTEUBBJUaW1lIDE3NDUyMjA2NDU4OTgwggYRBgkqhkiG9w0BBwagggYCMIIF_gIBADCCBfcGCSqGSIb3DQEHATBmBgkqhkiG9w0BBQ0wWTA4BgkqhkiG9w0BBQwwKwQUyyy2WNLbeQzI1eQ8UHRXKRgs_QMCAicQAgEgMAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBdfBYZwRZFXwSc0H65LzYDgIIFgOhhwVwar2fX14EVAGEURtwA711k-nDipgIkDwOt2xtFtYHRz3LyZpokokucBarZyxxEu-TbPWLuJ7SYg-U1mgaH4dq9WJgZgW2xAJsh3TDZHeqlTuoCJq0CFDIyOyIEkvx1ObmhHQnN_PBjoJjsopIvBsyGa4WalrjgTifXQQ67Luy9XfylTHATVCTIRyzDY3BEhPs-NZcECW_K_zhZd-lhMSYMZAAKKR4DkjB-E-ukfV68VqB9TVAxiixVTRX8e2uR8dGQnD6f9_qjPurdw1PbsUuNPs39aUl1HpGSPGk8dVTSonh_jJXTR2Cyk8ud-9vsAB4GGSA-a2pgtzCzPe9hp1kQFY4LGDYsHxkYiVgIrMph78NwhAEvm_eior5RtsCecCRlbilfdFfE6qpYWm2GMWU_tb02KUeTIZgrzourn5hHt3hyOCpoJwVItXuMdmloUK6n7_VWGjtctn4fi_YOfqDw4zDMp8472kBOVI7Iue7rj1YCRDnhzT0wdTmoWjqlj4EQYe1YY7abKZWzDlft1iTpVxKmlcGizi-jw5YgnO_eWk9BTrfu2dt9G7eoIRKsHqts20-4EzHadCRusNTqippz9ItrA9QDYui9dNsuoy2WXBrXKlkExRyqo0M2yTUssVoVWcxR2zdIG7QcN4pqFKEKNqZYdcRYoneY-mK8-ahrQq2nokpN9N28h5FrQM6HwKFxPG2wq0Oji09ummmaF5oPPTA4Be_6mbjLQiCZVnvlAI5g3NTBtscREAxcAKVqNkbWVayrCajt3XUqX7H-Hf_YZJ_9TwAbXY5n5Pk6fcDD3YfQ4us4pgx3ZRIkrNwr5-YPkFlxDtb2l5n7s5EHQdv-PoNe8yDC7Z1Gl_QFlKxQcq-m21i4NXLWOKQQn3xk6fXcKjuWUImUh0Y0Z2S5qss71t-18ps603jOStE8sHp2b976EMuD_-Nl1YOJcayhCPI8zsImg9GN18kIyKSnA2Vk8JyHmUnqzwpod2HOESspozshU4H0AFXikBvo7Ez1Fw4769cNV96at8vX-UuW9GI_LwPqKbtsEASsX7mcKiHHnL_oyz7Oz5LS-cWiJ74oC1PcweF6ojxGO6nAK4xBe872199H2GRN_pvnNqORhTcaXfElNypDU8wURWwRsHTkal1R-Ls8Tp3txsRt8Q003-KIkUmpA3TG3Z2Oew09nR7eIIAShgGefy8GEMFPirP1ib7dmS4xvRBt0f2HZjuWVbVUqH-6g_MPIOB_td6vvUpgl9_uJv_s1KkE8FF3jnN87E63T9vemg0hEYQfuDWCBh-8XwX0ZRi2Mt-U2X34v7TFhD8NoUF-khOeTTonkaXsVgY2q1uOZCOA3QdbH6J_AWODd7nJo4K2K5Efj_VQTPPs7o7e0-H8wBFAfBgWmZAu0sRWeq4K-I8agDSgZ-fy2s881YIms7kxtTLX58oiKXubsL-6RdvscsThdZ2CTx7EAG7xoCqtduJcrwmGW4BitJxtHOblJ7t-X7GLcUYH2tFIyA42RZZJ-nzivjQ4DMDwroN6zmKkpnucziW9u6maZ0bpCE9D-S-0WTYAAVB411Sy4TE3bEFJXACABD_Hc3Qly9KLfLt8xt7AuYB-mrigArdKOEsdfpidjpNqeY5to4popmnQPQwsV0hXjSDQ2SEFGoYnq8motZqE8c2Myamhs5w4Yf1ZNLW18vqisJrwHPEfmnhBRfls1RoGHHcsaD4rjVDeIcuNcPPtnM-wgdS4JM7TQSlvzYEk20wJfQmtP8ExB-W_PK_-cDFobi0Bnj5OPNeMIGJI2ow8LUyNBUQIQUYbjr7pQZSZ2hEMVrbT48LHTwbqK7aa3Sb-erNdRsF5Q_oMutrqtQAvpzftTaIwTTAxMA0GCWCGSAFlAwQCAQUABCAElHO9kuz-gaRfV6k_Nl8gfwRc-GOFlY8Y99nltO6MfwQUSi4CebhtxsSgAPwzXhuABdq4v_YCAicQ</ks> </rootCa> <server> <certValidityDays>368</certValidityDays> <crlDistributionPoint/> </server> </serverCertificates> <localServers version="1"> <mainProxy> <enabled>true</enabled> <proxy>true</proxy> <api>true</api> <address>127.0.0.1</address> <port>8888</port> <alpn> <enabled>true</enabled> <protocols> <protocol>http/1.1</protocol> <protocol>h2</protocol> </protocols> </alpn> <behindNat>false</behindNat> <removeAcceptEncoding>true</removeAcceptEncoding> <decodeResponse>true</decodeResponse> <tlsProtocols> <protocol>TLSv1.2</protocol> <protocol>TLSv1.3</protocol> </tlsProtocols> </mainProxy> <servers> <confirmRemove>true</confirmRemove> </servers> <aliases> <confirmRemove>true</confirmRemove> </aliases> <passThroughs> <confirmRemove>true</confirmRemove> </passThroughs> </localServers> <ratelimit version="1"/> <globalExclusions version="1"> <exclusions> <confirmRemove>true</confirmRemove> <exclusion> <name>Extension - Image (ends with .extension)</name> <value>^.*\.(?:gif|jpe?g|png|ico|icns|bmp)$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Extension - Audio/Video (ends with .extension)</name> <value>^.*\.(?:mp[34]|mpe?g|m4[ap]|aac|avi|mov|wmv|og[gav])$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Extension - PDF & Office (ends with .extension)</name> <value>^.*\.(?:pdf|docx?|xlsx?|pptx?)$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Extension - Stylesheet, JavaScript (ends with .extension)</name> <value>^.*\.(?:css|js)$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Extension - Flash & related (ends with .extension)</name> <value>^.*\.(?:sw[fa]|flv)$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - Image (extension plus ?params=values)</name> <value>^[^\?]*\.(?:gif|jpe?g|png|ico|icns|bmp)\?.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - Audio/Video (extension plus ?params=values)</name> <value>^[^\?]*\.(?:mp[34]|mpe?g|m4[ap]|aac|avi|mov|wmv|og[gav])\?.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - PDF & Office (extension plus ?params=values)</name> <value>^[^\?]*\.(?:pdf|docx?|xlsx?|pptx?)\?.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - Stylesheet, JavaScript (extension plus ?params=values)</name> <value>^[^\?]*\.(?:css|js)\?.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - Flash & related (extension plus ?params=values)</name> <value>^[^\?]*\.(?:sw[fa]|flv)\?.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>ExtParam - .NET adx resources (SR/WR.adx?d=)</name> <value>^[^\?]*/(?:WebResource|ScriptResource)\.axd\?d=.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Bing API queries</name> <value>^https?://api\.bing\.com/qsml\.aspx?query=.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Google malware detector updates</name> <value>^https?://(?:safebrowsing-cache|sb-ssl|sb|safebrowsing).*\.(?:google|googleapis)\.com/.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Lastpass manager</name> <value>^https?://(?:[^/])*\.?lastpass\.com</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Firefox browser updates</name> <value>^https?://(?:.*addons|aus[0-9])\.mozilla\.(?:org|net|com)/.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Firefox extensions phoning home</name> <value>^https?://(?:[^/])*\.?(?:getfoxyproxy\.org|getfirebug\.com|noscript\.net)</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Microsoft Windows updates</name> <value>^https?://(?:.*update\.microsoft|.*\.windowsupdate)\.com/.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Google Chrome extension updates</name> <value>^https?://clients2\.google\.com/service/update2/crx.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Firefox captive portal detection</name> <value>^https?://detectportal\.firefox\.com.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Google Analytics</name> <value>^https?://www\.google-analytics\.com.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Firefox h264 codec download</name> <value>^https?://ciscobinary\.openh264\.org.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Fonts CDNs such as fonts.gstatic.com, etc.</name> <value>^https?://fonts.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Mozilla CDN (requests such as getpocket)</name> <value>^https?://.*\.cdn\.mozilla\.(?:com|org|net)/.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Firefox browser telemetry</name> <value>^https?://.*\.telemetry\.mozilla\.(?:com|org|net)/.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Adblockplus updates and notifications</name> <value>^https?://.*\.adblockplus\.org.*$</value> <enabled>false</enabled> </exclusion> <exclusion> <name>Site - Firefox services</name> <value>^https?://.*\.services\.mozilla\.com.*$</value> <enabled>true</enabled> </exclusion> <exclusion> <name>Site - Google updates</name> <value>^https?://.*\.gvt1\.com.*$</value> <enabled>true</enabled> </exclusion> </exclusions> </globalExclusions> <connection version="6"> <defaultUserAgent>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36</defaultUserAgent> <timeoutInSecs>20</timeoutInSecs> <useGlobalHttpState>false</useGlobalHttpState> <dnsTtlSuccessfulQueries>30</dnsTtlSuccessfulQueries> <httpProxy> <enabled>false</enabled> <authEnabled>false</authEnabled> <storePass>true</storePass> <password/> </httpProxy> <socksProxy> <enabled>false</enabled> </socksProxy> <tlsProtocols> <protocol>TLSv1.2</protocol> <protocol>TLSv1.3</protocol> </tlsProtocols> </connection> <clientCertificates version="1"> <pkcs12> <file/> <password/> <index>0</index> <store>false</store> </pkcs12> <pkcs11> <useSli>false</useSli> </pkcs11> <use>false</use> </clientCertificates> </network> <rules> <common> <sleep>15</sleep> </common> <csrf> <ignorelist/> <ignore> <attname/> <attvalue/> </ignore> </csrf> <cookie> <ignorelist/> </cookie> <domains> <trusted/> </domains> <domxss> <browserid/> </domxss> </rules> <globalalertfilter version="1"> <confirmRemoveFilter>true</confirmRemoveFilter> </globalalertfilter> <formhandler version="1"> <confirmRemoveField>true</confirmRemoveField> <fields> <field> <fieldId>color</fieldId> <value>#ffffff</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>email</fieldId> <value>zaproxy@example.com</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>name</fieldId> <value>ZAP</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>password</fieldId> <value>ZAP</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>phone</fieldId> <value>9999999999</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>url</fieldId> <value>https://zap.example.com</value> <enabled>true</enabled> <regex>false</regex> </field> <field> <fieldId>(?i)_?back[-_]?(?:link|uri|url)?</fieldId> <value>https://zap.example.com</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?bg[-_]?colou?r</fieldId> <value>#FFFFFF</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?query|find|keyword</fieldId> <value>ZAP</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?search[-_]?(?:term|word|param|parameter|string|text|value|keyword|query)?</fieldId> <value>ZAP</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?amount|amt|count|qty|quantity</fieldId> <value>3</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?lang|language</fieldId> <value>en</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?locale[-_]?(?:code)?</fieldId> <value>en-AU</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?(?:comment|subject|summary)?</fieldId> <value>Zaproxy dolore alias impedit expedita quisquam.</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?(?:description|message|(?:email|post)?[-_]?content)?</fieldId> <value>Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?state</fieldId> <value>Oklahoma</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?city</fieldId> <value>East Romaineburgh</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?address[_-]?1?</fieldId> <value>688 Zaproxy Ridge</value> <enabled>true</enabled> <regex>true</regex> </field> <field> <fieldId>(?i)_?address[_-]?2</fieldId> <value>Suite 473</value> <enabled>true</enabled> <regex>true</regex> </field> </fields> </formhandler> <fuzz version="2"> <defaultThreadsPerFuzzer>32</defaultThreadsPerFuzzer> <defaultFuzzDelayInMs>0</defaultFuzzDelayInMs> <customFuzzerLastSelectedDirectory/> <isCustomDefaultCategory>true</isCustomDefaultCategory> </fuzz> <graphql version="2"> <queryGenEnabled>true</queryGenEnabled> <maxQueryDepth>5</maxQueryDepth> <lenientMaxQueryDepth>true</lenientMaxQueryDepth> <maxAdditionalQueryDepth>5</maxAdditionalQueryDepth> <maxArgsDepth>5</maxArgsDepth> <optionalArgs>true</optionalArgs> <argsType>BOTH</argsType> <querySplitType>LEAF</querySplitType> <requestMethod>POST_JSON</requestMethod> </graphql> <hud version="4"> <newChangelog>true</newChangelog> <tutorialUpdates>History</tutorialUpdates> <tutorialUpdates>Comments</tutorialUpdates> <tutorialUpdates>ToggleScript</tutorialUpdates> <enabledForDesktop>false</enabledForDesktop> <enabledForDaemon>false</enabledForDaemon> <dir>C:\Users\ramka\ZAP\hud</dir> <inScopeOnly>false</inScopeOnly> <enableOnDomainMsgs>true</enableOnDomainMsgs> <showWelcomeScreen>true</showWelcomeScreen> <removeCsp>true</removeCsp> <tutorialSkipTasks>false</tutorialSkipTasks> <devMode>false</devMode> </hud> <oast version="1"> <boast version="2"> <pollingFrequency>60</pollingFrequency> <uri>https://odiss.eu:2096/events</uri> </boast> <callback version="1"/> <interactsh version="1"> <pollingFrequency>60</pollingFrequency> <serverUrl>https://interactsh.com</serverUrl> <authToken/> </interactsh> <activeScanService>None</activeScanService> <usePermanentDatabase>true</usePermanentDatabase> <daysToKeepRecords>45</daysToKeepRecords> </oast> <quickstart version="1"> <launch> <startPage>ZAP</startPage> <defaultBrowser>Chrome</defaultBrowser> </launch> <clearedNews>54</clearedNews> <recentUrls>https://ramkansal.com</recentUrls> </quickstart> <replacer version="1"> <confirmRemoveToken>true</confirmRemoveToken> <full_list> <description>Remove CSP</description> <url/> <enabled>false</enabled> <matchtype>RESP_HEADER</matchtype> <matchstr>Content-Security-Policy</matchstr> <regex>false</regex> <replacement/> <extraprocessing>false</extraprocessing> <initiators/> </full_list> <full_list> <description>Remove HSTS</description> <url/> <enabled>false</enabled> <matchtype>RESP_HEADER</matchtype> <matchstr>Strict-Transport-Security</matchstr> <regex>false</regex> <replacement/> <extraprocessing>false</extraprocessing> <initiators/> </full_list> <full_list> <description>Replace User-Agent with shellshock attack</description> <url/> <enabled>false</enabled> <matchtype>REQ_HEADER</matchtype> <matchstr>User-Agent</matchstr> <regex>false</regex> <replacement>() {:;}; /bin/cat /etc/passwd</replacement> <extraprocessing>false</extraprocessing> <initiators/> </full_list> <full_list> <description>Disable Report-To or Report-Uri (CSP, etc)</description> <url/> <enabled>false</enabled> <matchtype>RESP_HEADER_STR</matchtype> <matchstr>(?i)report-(?:to|uri)</matchstr> <regex>true</regex> <replacement>report-disabled</replacement> <extraprocessing>false</extraprocessing> <initiators/> </full_list> <full_list> <description>Require non-cached response (Modified)</description> <url/> <enabled>false</enabled> <matchtype>REQ_HEADER</matchtype> <matchstr>if-modified-since</matchstr> <regex>false</regex> <replacement/> <extraprocessing>false</extraprocessing> <initiators/> </full_list> <full_list> <description>Require non-cached response (Match)</description> <url/> <enabled>false</enabled> <matchtype>REQ_HEADER</matchtype> <matchstr>if-none-match</matchstr> <regex>false</regex> <replacement/> <extraprocessing>false</extraprocessing> <initiators/> </full_list> </replacer> <spider version="3"> <thread>32</thread> <maxDepth>5</maxDepth> <maxDuration>0</maxDuration> <maxChildren>0</maxChildren> <maxParseSizeBytes>2621440</maxParseSizeBytes> <confirmRemoveDomainAlwaysInScope>true</confirmRemoveDomainAlwaysInScope> <acceptCookies>true</acceptCookies> <processform>true</processform> <postform>true</postform> <parseComments>true</parseComments> <parseRobotsTxt>true</parseRobotsTxt> <parseSitemapXml>true</parseSitemapXml> <parseSVNentries>false</parseSVNentries> <parseGit>false</parseGit> <parseDsStore>false</parseDsStore> <handleParameters>USE_ALL</handleParameters> <handleODataParameters>false</handleODataParameters> <irrelevantParameters> <confirmRemove>true</confirmRemove> <irrelevantParameter> <name>utm_.*</name> <regex>true</regex> <enabled>true</enabled> </irrelevantParameter> </irrelevantParameters> </spider> <client version="1"> <pscanEnabled>true</pscanEnabled> </client> <custompayloads version="1"> <confirmRemoveToken>true</confirmRemoveToken> <categories> <category name="Username-Idor"> <payloads> <payload> <enabled>true</enabled> <payload>Admin</payload> </payload> <payload> <enabled>true</enabled> <payload>admin</payload> </payload> </payloads> </category> <category name="Application-Errors"/> <category name="Suspicious-Comments"> <payloads> <payload> <enabled>true</enabled> <payload>TODO</payload> </payload> <payload> <enabled>true</enabled> <payload>FIXME</payload> </payload> <payload> <enabled>true</enabled> <payload>BUG</payload> </payload> <payload> <enabled>true</enabled> <payload>BUGS</payload> </payload> <payload> <enabled>true</enabled> <payload>XXX</payload> </payload> <payload> <enabled>true</enabled> <payload>QUERY</payload> </payload> <payload> <enabled>true</enabled> <payload>DB</payload> </payload> <payload> <enabled>true</enabled> <payload>ADMIN</payload> </payload> <payload> <enabled>true</enabled> <payload>ADMINISTRATOR</payload> </payload> <payload> <enabled>true</enabled> <payload>USER</payload> </payload> <payload> <enabled>true</enabled> <payload>USERNAME</payload> </payload> <payload> <enabled>true</enabled> <payload>SELECT</payload> </payload> <payload> <enabled>true</enabled> <payload>WHERE</payload> </payload> <payload> <enabled>true</enabled> <payload>FROM</payload> </payload> <payload> <enabled>true</enabled> <payload>LATER</payload> </payload> <payload> <enabled>true</enabled> <payload>DEBUG</payload> </payload> </payloads> </category> </categories> </custompayloads> <jwt version="1"> <enableClientConfigurationScan>false</enableClientConfigurationScan> </jwt> <api> <key>l8milk7cvj97u8r6u48lo538sg</key> <enabled>true</enabled> <uienabled>true</uienabled> <secure>false</secure> <filexfer>false</filexfer> <disablekey>true</disablekey> <incerrordetails>false</incerrordetails> <autofillkey>true</autofillkey> <enablejsonp>false</enablejsonp> <reportpermerrors>false</reportpermerrors> <nokeyforsafeops>false</nokeyforsafeops> <addrs> <confirmRemoveAddr>true</confirmRemoveAddr> <addr> <name>127.0.0.1</name> <regex>false</regex> <enabled>true</enabled> </addr> <addr> <name>localhost</name> <regex>false</regex> <enabled>true</enabled> </addr> <addr> <name>zap</name> <regex>false</regex> <enabled>true</enabled> </addr> <addr> <name>0:0:0:0:0:0:0:1</name> <regex>false</regex> <enabled>true</enabled> </addr> </addrs> </api> <view> <showTabNames>true</showTabNames> <splashScreen>true</splashScreen> <processImages>0</processImages> <displayOption>1</displayOption> <messagePanelsPosition> <lastSelectedPosition>TABS_SIDE_BY_SIDE</lastSelectedPosition> </messagePanelsPosition> <brkPanelView>0</brkPanelView> <showMainToolbar>1</showMainToolbar> <advancedview>0</advancedview> <askOnExit>1</askOnExit> <uiWmHandling>0</uiWmHandling> <outputTabsTimeStampsOption>false</outputTabsTimeStampsOption> <outputTabsTimeStampsFormat>yyyy-MM-dd HH:mm:ss</outputTabsTimeStampsFormat> <fontSize>-1</fontSize> <fontName> </fontName> <workPanelsFontSize>-1</workPanelsFontSize> <workPanelsFontName> </workPanelsFontName> <scaleImages>true</scaleImages> <iconSize>16</iconSize> <allowAppsInContainers>false</allowAppsInContainers> <locale>en_GB</locale> <main> <request> <httppanel> <defaultcomponent>RequestSplit</defaultcomponent> <components> <dividerLocation>228</dividerLocation> <split> <header> <defaultview>HttpRequestHeaderSyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </header> <body> <defaultview>HttpRequestBodySyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <codefolding>false</codefolding> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </body> </split> <all> <defaultview>HttpRequestSyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </all> <websocket> <defaultview>WebSocketSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </websocket> </components> </httppanel> </request> <response> <httppanel> <defaultcomponent>ResponseSplit</defaultcomponent> <components> <all> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </all> <websocket> <defaultview>WebSocketSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </websocket> <dividerLocation>228</dividerLocation> <split> <header> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </header> <body> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <codefolding>false</codefolding> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </body> </split> </components> </httppanel> </response> </main> <break> <request> <httppanel> <defaultcomponent>RequestSplit</defaultcomponent> <components> <dividerLocation>-1</dividerLocation> <split> <header> <defaultview>HttpRequestHeaderSyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </header> <body> <defaultview>HttpRequestBodySyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <codefolding>false</codefolding> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </body> </split> <all> <defaultview>HttpRequestSyntaxTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </all> <websocket> <defaultview>WebSocketSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </websocket> </components> </httppanel> </request> <response> <httppanel> <defaultcomponent>ResponseSplit</defaultcomponent> <components> <all> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </all> <websocket> <defaultview>WebSocketSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </websocket> <dividerLocation>-1</dividerLocation> <split> <header> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> </HttpPanelSyntaxHighlightTextView> </views> </header> <body> <defaultview>HttpPanelSyntaxHighlightTextView</defaultview> <views> <HttpPanelSyntaxHighlightTextView> <aa>true</aa> <linenumbers>false</linenumbers> <codefolding>false</codefolding> <wordwrap>true</wordwrap> <highlightline>false</highlightline> <fadehighlightline>false</fadehighlightline> <whitespaces>false</whitespaces> <newlines>false</newlines> <markoccurrences>false</markoccurrences> <roundedselection>false</roundedselection> <bracketmatch>false</bracketmatch> <animatedbracketmatch>false</animatedbracketmatch> <syntax> <autodetect>true</autodetect> </syntax> </HttpPanelSyntaxHighlightTextView> </views> </body> </split> </components> </httppanel> </response> </break> <recentsessions> <path>C:\Users\ramka\ZAP\sessions\20250421-130745.session</path> </recentsessions> <deleteconfirmation> <sites>true</sites> </deleteconfirmation> </view> <breakpoints> <showIgnoreRequestsButtons>false</showIgnoreRequestsButtons> <inScopeOnly>false</inScopeOnly> <buttonMode>1</buttonMode> <javaScriptUrlRegex>.*\.js.*</javaScriptUrlRegex> <cssAndFontsUrlRegex>.*\.(?:css|woff|woff2|ttf).*</cssAndFontsUrlRegex> <multimediaUrlRegex>.*\.(?:png|gif|jpg|jpeg|svg|mp4|mp3|webm|webp|ico).*</multimediaUrlRegex> </breakpoints> <database> <compact>false</compact> <request> <bodysize>16777216</bodysize> </request> <response> <bodysize>16777216</bodysize> </response> <newsessionprompt>true</newsessionprompt> <newsession>3</newsession> <recoverylog>true</recoverylog> </database> <alert> <overridesFilename/> </alert> <scanner> <hostPerScan>2</hostPerScan> <threadPerHost>32</threadPerHost> <delayInMs>0</delayInMs> <maxResults>1000</maxResults> <maxRuleDurationInMins>0</maxRuleDurationInMins> <maxScanDurationInMins>0</maxScanDurationInMins> <maxAlertsPerRule>0</maxAlertsPerRule> <pluginHeader>false</pluginHeader> <antiCSRF>true</antiCSRF> <attackPrompt>true</attackPrompt> <attackRescan>true</attackRescan> <attackOnStart>false</attackOnStart> <chartTimeInMins>10</chartTimeInMins> <addQueryParam>false</addQueryParam> <injectable>3</injectable> <scanNullJsonValues>false</scanNullJsonValues> <enabledRPC>191</enabledRPC> <excludedParameters> <name>(?i)ASP.NET_SessionId</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>(?i)ASPSESSIONID.*</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>(?i)PHPSESSID</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>(?i)SITESERVER</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>(?i)sessid</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>__VIEWSTATE</name> <type>2</type> <url>*</url> </excludedParameters> <excludedParameters> <name>__EVENTVALIDATION</name> <type>2</type> <url>*</url> </excludedParameters> <excludedParameters> <name>__EVENTTARGET</name> <type>2</type> <url>*</url> </excludedParameters> <excludedParameters> <name>__EVENTARGUMENT</name> <type>2</type> <url>*</url> </excludedParameters> <excludedParameters> <name>javax.faces.ViewState</name> <type>2</type> <url>*</url> </excludedParameters> <excludedParameters> <name>(?i)jsessionid</name> <type>-1</type> <url>*</url> </excludedParameters> <excludedParameters> <name>cfid</name> <type>4</type> <url>*</url> </excludedParameters> <excludedParameters> <name>cftoken</name> <type>4</type> <url>*</url> </excludedParameters> </scanner> <invoke> <confirmRemoveApp>true</confirmRemoveApp> </invoke> <anticsrf> <confirmRemoveToken>true</confirmRemoveToken> <partialMatchingEnabled>true</partialMatchingEnabled> <tokens> <token> <name>anticsrf</name> <enabled>true</enabled> </token> <token> <name>CSRFToken</name> <enabled>true</enabled> </token> <token> <name>__RequestVerificationToken</name> <enabled>true</enabled> </token> <token> <name>csrfmiddlewaretoken</name> <enabled>true</enabled> </token> <token> <name>authenticity_token</name> <enabled>true</enabled> </token> <token> <name>OWASP_CSRFTOKEN</name> <enabled>true</enabled> </token> <token> <name>anoncsrf</name> <enabled>true</enabled> </token> <token> <name>csrf_token</name> <enabled>true</enabled> </token> <token> <name>_csrf</name> <enabled>true</enabled> </token> <token> <name>_csrfSecret</name> <enabled>true</enabled> </token> <token> <name>__csrf_magic</name> <enabled>true</enabled> </token> <token> <name>CSRF</name> <enabled>true</enabled> </token> <token> <name>_token</name> <enabled>true</enabled> </token> <token> <name>_csrf_token</name> <enabled>true</enabled> </token> </tokens> </anticsrf> <httpsessions> <proxyOnly>false</proxyOnly> <confirmRemoveToken>true</confirmRemoveToken> <tokens> <token> <name>asp.net_sessionid</name> <enabled>true</enabled> </token> <token> <name>aspsessionid</name> <enabled>true</enabled> </token> <token> <name>siteserver</name> <enabled>true</enabled> </token> <token> <name>cfid</name> <enabled>true</enabled> </token> <token> <name>cftoken</name> <enabled>true</enabled> </token> <token> <name>jsessionid</name> <enabled>true</enabled> </token> <token> <name>phpsessid</name> <enabled>true</enabled> </token> <token> <name>sessid</name> <enabled>true</enabled> </token> <token> <name>sid</name> <enabled>true</enabled> </token> <token> <name>viewstate</name> <enabled>true</enabled> </token> <token> <name>zenid</name> <enabled>true</enabled> </token> </tokens> </httpsessions> <zest> <incResponses>true</incResponses> <ignoreHeaders>Accept</ignoreHeaders> <ignoreHeaders>accept-encoding</ignoreHeaders> <ignoreHeaders>Accept-Language</ignoreHeaders> <ignoreHeaders>cache-control</ignoreHeaders> <ignoreHeaders>connection</ignoreHeaders> <ignoreHeaders>cookie</ignoreHeaders> <ignoreHeaders>Host</ignoreHeaders> <ignoreHeaders>if-modified-since</ignoreHeaders> <ignoreHeaders>if-none-match</ignoreHeaders> <ignoreHeaders>location</ignoreHeaders> <ignoreHeaders>pragma</ignoreHeaders> <ignoreHeaders>referer</ignoreHeaders> <ignoreHeaders>set-cookie</ignoreHeaders> <ignoreHeaders>set-cookie2</ignoreHeaders> <ignoreHeaders>user-agent</ignoreHeaders> <scriptFormat>JSON</scriptFormat> </zest> <websocket> <forwardAll>false</forwardAll> <breakOnAll>false</breakOnAll> <breakOnPingPong>false</breakOnPingPong> </websocket> <stats> <inmemory>true</inmemory> <statsd> <host/> </statsd> </stats> <automation> <last> <open>false</open> </last> </automation> <ColumnConfiguration_HistoryTableColumn> <ColumnName>ID</ColumnName> <ColumnIndex>0</ColumnIndex> <ColumnModelIndex>0</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Source</ColumnName> <ColumnIndex>1</ColumnIndex> <ColumnModelIndex>1</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Req. Timestamp</ColumnName> <ColumnIndex>2</ColumnIndex> <ColumnModelIndex>2</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Method</ColumnName> <ColumnIndex>3</ColumnIndex> <ColumnModelIndex>4</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>URL</ColumnName> <ColumnIndex>4</ColumnIndex> <ColumnModelIndex>5</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Code</ColumnName> <ColumnIndex>5</ColumnIndex> <ColumnModelIndex>8</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Reason</ColumnName> <ColumnIndex>6</ColumnIndex> <ColumnModelIndex>9</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>RTT</ColumnName> <ColumnIndex>7</ColumnIndex> <ColumnModelIndex>10</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Size Resp. Body</ColumnName> <ColumnIndex>8</ColumnIndex> <ColumnModelIndex>14</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Highest Alert</ColumnName> <ColumnIndex>9</ColumnIndex> <ColumnModelIndex>15</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Note</ColumnName> <ColumnIndex>10</ColumnIndex> <ColumnModelIndex>16</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> <ColumnConfiguration_HistoryTableColumn> <ColumnName>Tags</ColumnName> <ColumnIndex>11</ColumnIndex> <ColumnModelIndex>17</ColumnModelIndex> </ColumnConfiguration_HistoryTableColumn> </config>

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ramkansal/pentestMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

config.xml•77.1 kB