HelpAddonsJxbrowserJxbrowser
JxBrowser is an embedded browser based on Chromium. It has no other external dependencies so you can be sure that it will work out of the box. The version of JxBrowser supported is 6.23.1 (in the OS specific add-ons). You can launch as many instances as you like and they will all be automatically configured to proxy via ZAP. It also now accepts 'invalid' certificates by default, which includes the ZAP root certificate.
You can still use any other browser to proxy via ZAP but you will need to manually configure those browsers to proxy via ZAP.
The lack of external dependencies makes JxBrowser particularly useful for automated testing. The JxBrowser can be selected, for use with other functionalities (e.g. AJAX Spider), through the command line or the ZAP API using the ID jxbrowser.
It is not a headless browser but it can be run headless using technologies such as virtual frame buffers. The ZAP docker images contain a script that starts ZAP with xvfb.
JxBrowser http://www.teamdev.com/jxbrowser is a proprietary software. The use of JxBrowser is governed by JxBrowser Product Licence Agreement http://www.teamdev.com/jxbrowser-licence-agreement. If you would like to use JxBrowser in your development, please contact TeamDev.
As a ZAP user you will be able to use the ZAP JxBrowser add-on for any purposes. However if you change the ZAP source code and call the JxBrowser API from one of your own products then you will need to arrange a suitable licence with TeamDev. It is also worth noting that while JxBrowser does not ‘phone home’ the internal Chromium functionality may call 3rd party services (spell checking, geolocation, etc) in a similar way to other browsers.
Many thanks to TeamDev for generously granting us a permanent free license to allow us to redistribute JxBrowser with ZAP.
For details of which systems are supported please see the JxBrowser website: https://jxbrowser.support.teamdev.com/support/solutions/articles/9000013733-system-requirements.
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
