zap.send_request
Send custom HTTP requests through ZAP proxy for security testing, enabling vulnerability assessment and penetration testing with controlled traffic analysis.
Instructions
Send a custom HTTP request through ZAP proxy
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Target URL | |
| method | No | HTTP method (GET, POST, PUT, DELETE, etc.) | GET |
| headers | No | HTTP headers (optional) | |
| body | No | Request body (optional) |
Implementation Reference
- src/tools/zap.ts:263-298 (registration)Registers the 'zap.send_request' tool on the MCP server, including input schema, description, and the handler function that checks ZAP client and calls sendRequest on it.server.tool( 'zap.send_request', { description: 'Send a custom HTTP request through ZAP proxy', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL', }, method: { type: 'string', description: 'HTTP method (GET, POST, PUT, DELETE, etc.)', default: 'GET', }, headers: { type: 'object', description: 'HTTP headers (optional)', }, body: { type: 'string', description: 'Request body (optional)', }, }, required: ['url'], }, }, async ({ url, method = 'GET', headers, body }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.sendRequest(url, method, headers, body); return formatToolResult(result.success, result.data, result.error); }
- src/tools/zap.ts:291-298 (handler)The MCP tool handler for zap.send_request, which invokes ZAPClient.sendRequest and formats the result.async ({ url, method = 'GET', headers, body }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.sendRequest(url, method, headers, body); return formatToolResult(result.success, result.data, result.error); }
- src/tools/zap.ts:265-289 (schema)Input schema for the zap.send_request tool, defining parameters for URL, method, headers, and body.{ description: 'Send a custom HTTP request through ZAP proxy', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL', }, method: { type: 'string', description: 'HTTP method (GET, POST, PUT, DELETE, etc.)', default: 'GET', }, headers: { type: 'object', description: 'HTTP headers (optional)', }, body: { type: 'string', description: 'Request body (optional)', }, }, required: ['url'], },
- src/integrations/zap.ts:293-326 (helper)ZAPClient.sendRequest helper method that constructs parameters and calls ZAP's REST API to send the HTTP request, with fallback endpoint.async sendRequest(url: string, method: string = 'GET', headers?: Record<string, string>, body?: string): Promise<ZAPScanResult> { try { const params: any = { url, method }; if (headers) { // ZAP expects headers as a string in format "HeaderName: HeaderValue" params.headers = Object.entries(headers) .filter(([k]) => k.toLowerCase() !== 'content-length') // Remove content-length, ZAP will add it .map(([k, v]) => `${k}: ${v}`) .join('\n'); } if (body) params.body = body; // Try /core/action/sendRequest/ first, fallback to /httpSender/action/sendRequest/ try { const response = await this.client.get('/core/action/sendRequest/', { params }); return { success: true, data: response.data, }; } catch (coreError: any) { // Fallback to httpSender endpoint const response = await this.client.get('/httpSender/action/sendRequest/', { params }); return { success: true, data: response.data, }; } } catch (error: any) { return { success: false, error: error.message || 'Failed to send request', }; } }
- src/index.ts:49-49 (registration)Top-level call to registerZAPTools, which includes registration of zap.send_request among other ZAP tools.registerZAPTools(server);