zap.send_request
Send custom HTTP requests through ZAP proxy for security testing and vulnerability assessment in bug bounty hunting workflows.
Instructions
Send a custom HTTP request through ZAP proxy
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Target URL | |
| method | No | HTTP method (GET, POST, PUT, DELETE, etc.) | GET |
| headers | No | HTTP headers (optional) | |
| body | No | Request body (optional) |
Implementation Reference
- src/tools/zap.ts:291-298 (handler)MCP tool handler for 'zap.send_request' that delegates to ZAPClient.sendRequest
async ({ url, method = 'GET', headers, body }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.sendRequest(url, method, headers, body); return formatToolResult(result.success, result.data, result.error); } - src/tools/zap.ts:267-289 (schema)Input schema definition for the 'zap.send_request' tool
inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL', }, method: { type: 'string', description: 'HTTP method (GET, POST, PUT, DELETE, etc.)', default: 'GET', }, headers: { type: 'object', description: 'HTTP headers (optional)', }, body: { type: 'string', description: 'Request body (optional)', }, }, required: ['url'], }, - src/tools/zap.ts:263-299 (registration)Registration of the 'zap.send_request' tool within registerZAPTools function
server.tool( 'zap.send_request', { description: 'Send a custom HTTP request through ZAP proxy', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Target URL', }, method: { type: 'string', description: 'HTTP method (GET, POST, PUT, DELETE, etc.)', default: 'GET', }, headers: { type: 'object', description: 'HTTP headers (optional)', }, body: { type: 'string', description: 'Request body (optional)', }, }, required: ['url'], }, }, async ({ url, method = 'GET', headers, body }: any): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.sendRequest(url, method, headers, body); return formatToolResult(result.success, result.data, result.error); } ); - src/integrations/zap.ts:293-326 (helper)Core ZAPClient.sendRequest method that implements the HTTP request sending via ZAP's REST API endpoints
async sendRequest(url: string, method: string = 'GET', headers?: Record<string, string>, body?: string): Promise<ZAPScanResult> { try { const params: any = { url, method }; if (headers) { // ZAP expects headers as a string in format "HeaderName: HeaderValue" params.headers = Object.entries(headers) .filter(([k]) => k.toLowerCase() !== 'content-length') // Remove content-length, ZAP will add it .map(([k, v]) => `${k}: ${v}`) .join('\n'); } if (body) params.body = body; // Try /core/action/sendRequest/ first, fallback to /httpSender/action/sendRequest/ try { const response = await this.client.get('/core/action/sendRequest/', { params }); return { success: true, data: response.data, }; } catch (coreError: any) { // Fallback to httpSender endpoint const response = await this.client.get('/httpSender/action/sendRequest/', { params }); return { success: true, data: response.data, }; } } catch (error: any) { return { success: false, error: error.message || 'Failed to send request', }; } } - src/index.ts:49-49 (registration)Invocation of registerZAPTools where all ZAP tools including 'zap.send_request' are registered to the MCP server.
registerZAPTools(server);