Dpatrick has uploaded a new change for review. https://gerrit.wikimedia.org/r/238241
Change subject: Update ZAP config from server ...................................................................... Update ZAP config from server Change-Id: I5d1a62a8a49e70f54cb988f9546bca36108513a1 --- A ZAP/config.xml 1 file changed, 1,710 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/wikimedia/security/automated-scanning refs/changes/41/238241/1 diff --git a/ZAP/config.xml b/ZAP/config.xml new file mode 100644 index 0000000..af2b7fc --- /dev/null +++ b/ZAP/config.xml @@ -0,0 +1,1710 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<config> +<version>2004001</version> +<userDir>/home/dpatrick/.ZAP_D/session</userDir> +<connection> + <proxyChain> + <hostName>localhost</hostName> + <port>8091</port> + + <realm/> + <userName/> + <password/> + <prompt>false</prompt> + <enabled>false</enabled> +<confirmRemoveExcludedDomain>true</confirmRemoveExcludedDomain> +<authEnabled>false</authEnabled> +</proxyChain> + <auth/> + + <timeoutInSecs>20</timeoutInSecs> +<singleCookieRequestHeader>true</singleCookieRequestHeader> + + + + +<defaultUserAgent>Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0</defaultUserAgent> + + + +<securityProtocolsEnabled> +<protocol>SSLv3</protocol> +<protocol>TLSv1</protocol> +<protocol>TLSv1.2</protocol> +<protocol>TLSv1.1</protocol> +</securityProtocolsEnabled> +</connection> +<proxy> + <ip>127.0.0.1</ip> + <port>8090</port> + <reverseProxy> + <use>0</use> + <ip>10.1.10.105</ip> + <httpPort>80</httpPort> + <httpsPort>443</httpsPort> + </reverseProxy> + + <modifyAcceptEncoding>true</modifyAcceptEncoding> +<decodeGzip>true</decodeGzip> + + + + + + + +<securityProtocolsEnabled> +<protocol>SSLv3</protocol> +<protocol>TLSv1</protocol> +<protocol>TLSv1.2</protocol> +<protocol>TLSv1.1</protocol> +</securityProtocolsEnabled> +</proxy> +<view> + <processImages>0</processImages> + <displayOption>1</displayOption> + <editorView>2</editorView> + <brkPanelView>0</brkPanelView> + <showMainToolbar>1</showMainToolbar> + <messagePanelsPosition> +<lastSelectedPosition>TABS_SIDE_BY_SIDE</lastSelectedPosition> +</messagePanelsPosition> +<locale>en_GB</locale> +<mode>standard</mode> +<showTabNames>true</showTabNames> +<splashScreen>true</splashScreen> +<advancedview>0</advancedview> +<askOnExit>1</askOnExit> +<uiWmHandling>0</uiWmHandling> +<outputTabsTimeStampsOption>false</outputTabsTimeStampsOption> +<outputTabsTimeStampsFormat>yyyy-MM-dd HH:mm:ss</outputTabsTimeStampsFormat> +<largeRequest>100000</largeRequest> +<largeResponse>100000</largeResponse> +<fontSize>-1</fontSize> +<fontName> </fontName> +<scaleImages>true</scaleImages> +<main> +<request> +<httppanel> +<defaultcomponent>RequestSplit</defaultcomponent> +<components> +<dividerLocation>165</dividerLocation> +<split> +<header> +<defaultview>HttpRequestHeaderSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpRequestBodySyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +<all> +<defaultview>HttpRequestSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<pnhClient> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</pnhClient> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +</components> +</httppanel> +</request> +<response> +<httppanel> +<defaultcomponent>ResponseAll</defaultcomponent> +<components> +<pnhClient> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</pnhClient> +<all> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +<dividerLocation>165</dividerLocation> +<split> +<header> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +</components> +</httppanel> +</response> +</main> +<resend> +<verticalDividerLocation>-1</verticalDividerLocation> +<horizontalDividerLocation>-1</horizontalDividerLocation> +<selectedlayout>0</selectedlayout> +<request> +<httppanel> +<defaultcomponent>RequestSplit</defaultcomponent> +<components> +<dividerLocation>224</dividerLocation> +<split> +<header> +<defaultview>HttpRequestHeaderSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpRequestBodySyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +<all> +<defaultview>HttpRequestSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +</components> +</httppanel> +</request> +<response> +<httppanel> +<defaultcomponent>ResponseSplit</defaultcomponent> +<components> +<all> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<dividerLocation>225</dividerLocation> +<split> +<header> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +</components> +</httppanel> +</response> +</resend> +<manual> +<verticalDividerLocation>-1</verticalDividerLocation> +<horizontalDividerLocation>-1</horizontalDividerLocation> +<selectedlayout>0</selectedlayout> +<request> +<httppanel> +<defaultcomponent>RequestSplit</defaultcomponent> +<components> +<dividerLocation>224</dividerLocation> +<split> +<header> +<defaultview>HttpRequestHeaderSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpRequestBodySyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +<all> +<defaultview>HttpRequestSyntaxTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<pnhClient> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</pnhClient> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +</components> +</httppanel> +</request> +<response> +<httppanel> +<defaultcomponent>ResponseSplit</defaultcomponent> +<components> +<pnhClient> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</pnhClient> +<all> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</all> +<websocket> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</websocket> +<dividerLocation>-1</dividerLocation> +<split> +<header> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +</HttpPanelSyntaxHighlightTextView> +</views> +</header> +<body> +<defaultview>HttpPanelSyntaxHighlightTextView</defaultview> +<views> +<HttpPanelSyntaxHighlightTextView> +<aa>true</aa> +<linenumbers>false</linenumbers> +<wordwrap>true</wordwrap> +<highlightline>false</highlightline> +<fadehighlightline>false</fadehighlightline> +<whitespaces>false</whitespaces> +<newlines>false</newlines> +<markocurrences>false</markocurrences> +<roundedselection>false</roundedselection> +<bracketmatch>false</bracketmatch> +<animatedbracketmatch>false</animatedbracketmatch> +<syntax> +<autodetect>true</autodetect> +</syntax> +</HttpPanelSyntaxHighlightTextView> +</views> +</body> +</split> +</components> +</httppanel> +</response> +</manual> +</view> +<start> + <checkForUpdates>false</checkForUpdates> + <dayLastChecked>Never</dayLastChecked> +<downloadNewRelease>false</downloadNewRelease> +<checkAddonUpdates>false</checkAddonUpdates> +<installAddonUpdates>false</installAddonUpdates> +<installScannerRules>false</installScannerRules> +<reportReleaseAddons>false</reportReleaseAddons> +<reportBetaAddons>false</reportBetaAddons> +<reportAlphaAddons>false</reportAlphaAddons> +</start> +<certificate> + <use>0</use> + <clientCertLocation/> + <experimentalSlotListIndex>false</experimentalSlotListIndex> + </certificate> +<spider> + <thread>2</thread> + <maxDepth>1</maxDepth> + + <postform>true</postform> + <processform>true</processform> + <sendCookies>false</sendCookies> + <skipurl/> + <requestwait>200</requestwait> + <parseComments>true</parseComments> + <parseRobotsTxt>true</parseRobotsTxt> + <handleParameters>USE_ALL</handleParameters> +<confirmRemoveDomainAlwaysInScope>true</confirmRemoveDomainAlwaysInScope> +<parseSitemapXml>true</parseSitemapXml> +<parseSVNentries>false</parseSVNentries> +<parseGit>false</parseGit> +<handleODataParameters>false</handleODataParameters> +<advDialog>true</advDialog> +</spider> +<scanner> + <hostPerScan>2</hostPerScan> + <threadPerHost>2</threadPerHost> + <advDialog>true</advDialog> +<injectable>3</injectable> +<enabledRPC>63</enabledRPC> +<delayInMs>0</delayInMs> +<maxResults>1000</maxResults> +<antiCSFR>false</antiCSFR> +<attackPrompt>false</attackPrompt> +<attackRescan>true</attackRescan> +<attackOnStart>false</attackOnStart> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<pluginHeader>false</pluginHeader> +<defaultPolicy>Default policy</defaultPolicy> +<attackPolicy>Default policy</attackPolicy> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<excludedParameters> +<name>(?i)ASP.NET_SessionId</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>(?i)ASPSESSIONID.*</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>(?i)PHPSESSID</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>(?i)SITESERVER</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>(?i)sessid</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>__VIEWSTATE</name> +<type>2</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>__EVENTVALIDATION</name> +<type>2</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>__EVENTTARGET</name> +<type>2</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>__EVENTARGUMENT</name> +<type>2</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>(?i)jsessionid</name> +<type>-1</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>cfid</name> +<type>4</type> +<url>*</url> +</excludedParameters> +<excludedParameters> +<name>cftoken</name> +<type>4</type> +<url>*</url> +</excludedParameters> +</scanner> +<portscan> + <threadPerHost>5</threadPerHost> + <maxPort>10240</maxPort> + </portscan> +<addons> +<block/> +</addons> +<reveal version="1"> +<enabled>false</enabled> +</reveal> +<plugins> +<p6> +<enabled>1</enabled> +</p6> +<p7> +<enabled>1</enabled> +</p7> +<p40009> +<enabled>1</enabled> +</p40009> +<p40012> +<enabled>1</enabled> +</p40012> +<p40014> +<enabled>1</enabled> +</p40014> +<p40018> +<enabled>1</enabled> +</p40018> +<p90019> +<enabled>1</enabled> +</p90019> +<p90020> +<enabled>1</enabled> +</p90020> +<p0> +<enabled>1</enabled> +</p0> +<p20019> +<enabled>1</enabled> +</p20019> +<p40003> +<enabled>1</enabled> +</p40003> +<p40008> +<enabled>1</enabled> +</p40008> +<p40016> +<enabled>1</enabled> +</p40016> +<p40017> +<enabled>1</enabled> +</p40017> +<p50000> +<enabled>1</enabled> +</p50000> +</plugins> +<ajaxSpider version="3"> +<clickElemsOnce>true</clickElemsOnce> +<clickDefaultElems>true</clickDefaultElems> +<randomInputs>true</randomInputs> +<numberOfBrowsers>1</numberOfBrowsers> +<maxCrawlDepth>10</maxCrawlDepth> +<maxCrawlStates>0</maxCrawlStates> +<maxDuration>60</maxDuration> +<eventWait>1000</eventWait> +<reloadWait>1000</reloadWait> +<browserId>firefox</browserId> + +<showAdvOptions>false</showAdvOptions> +<elems> +<elem> +<name>a</name> +<enabled>true</enabled> +</elem> +<elem> +<name>button</name> +<enabled>true</enabled> +</elem> +<elem> +<name>td</name> +<enabled>true</enabled> +</elem> +<elem> +<name>span</name> +<enabled>true</enabled> +</elem> +<elem> +<name>div</name> +<enabled>true</enabled> +</elem> +<elem> +<name>tr</name> +<enabled>true</enabled> +</elem> +<elem> +<name>ol</name> +<enabled>true</enabled> +</elem> +<elem> +<name>li</name> +<enabled>true</enabled> +</elem> +<elem> +<name>radio</name> +<enabled>true</enabled> +</elem> +<elem> +<name>form</name> +<enabled>true</enabled> +</elem> +<elem> +<name>select</name> +<enabled>true</enabled> +</elem> +<elem> +<name>input</name> +<enabled>true</enabled> +</elem> +<elem> +<name>option</name> +<enabled>true</enabled> +</elem> +<elem> +<name>img</name> +<enabled>true</enabled> +</elem> +<elem> +<name>p</name> +<enabled>true</enabled> +</elem> +<elem> +<name>abbr</name> +<enabled>true</enabled> +</elem> +<elem> +<name>address</name> +<enabled>true</enabled> +</elem> +<elem> +<name>area</name> +<enabled>true</enabled> +</elem> +<elem> +<name>article</name> +<enabled>true</enabled> +</elem> +<elem> +<name>aside</name> +<enabled>true</enabled> +</elem> +<elem> +<name>audio</name> +<enabled>true</enabled> +</elem> +<elem> +<name>canvas</name> +<enabled>true</enabled> +</elem> +<elem> +<name>details</name> +<enabled>true</enabled> +</elem> +<elem> +<name>footer</name> +<enabled>true</enabled> +</elem> +<elem> +<name>header</name> +<enabled>true</enabled> +</elem> +<elem> +<name>label</name> +<enabled>true</enabled> +</elem> +<elem> +<name>nav</name> +<enabled>true</enabled> +</elem> +<elem> +<name>section</name> +<enabled>true</enabled> +</elem> +<elem> +<name>summary</name> +<enabled>true</enabled> +</elem> +<elem> +<name>table</name> +<enabled>true</enabled> +</elem> +<elem> +<name>textarea</name> +<enabled>true</enabled> +</elem> +<elem> +<name>th</name> +<enabled>true</enabled> +</elem> +<elem> +<name>ul</name> +<enabled>true</enabled> +</elem> +<elem> +<name>video</name> +<enabled>true</enabled> +</elem> +</elems> + + + + + + +</ajaxSpider> +<fuzz version="1"> +<defaultThreadsPerFuzzer>5</defaultThreadsPerFuzzer> +<defaultFuzzDelayInMs>0</defaultFuzzDelayInMs> +<customFuzzerLastSelectedDirectory/> +<isCustomDefaultCategory>true</isCustomDefaultCategory> +</fuzz> +<selenium version="1"> +<chromeDriver>/usr/lib/chromium-browser/chromedriver</chromeDriver> +<phantomJsBinary>/usr/bin/phantomjs</phantomJsBinary> +</selenium> +<dynssl> +<param> +<rootca>_u3-7QAAAAIAAAABAAAAAQARb3dhc3BfemFwX3Jvb3RfY2EAAAFO1cpgMgAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOjOyBR8VjKi8cCmh6Ink_61t0aKpx7WyRaNl870bFezPoph43vtenu28xe1Day1Ly06YP6hWas5cZmROlxTnmXUx1u0VfsxZXDn0iI6N4PILRAUuKW8wZtgbfjpnzViqfPCC7hAyb6-ERcg3Aqe-PuOvDTMKSRtn1JcfnoiF1ykZqt0G35QfPKkkHhdXZUPLU4u3YOdiSuAhz2RlZ_lT36-_-CbCRSGFx6fWN5OM8E9u7nMIniJ5AFTuVhEVny8WwjjnJM551N40ftKavrFAv25G-1WFNDCrljzTsdRwszNr17IzAHvBJoId5XcB6Qe3w9dZ91d6OceSrKvEXX9SconV1o4xMHVjwrEf2lVur4TbJUfRZGyZcjC6oUxNQmlvwYTzHJq4Z5qmc5dbzjw1VUHuFz0DyiCOksotV-7eJ-uot2xuVcfHYKxSAEhPTbDxL2qfOR7yx1J89tOukwBlXvHF5Uhvu5O3RJ9W8sflcX0cdnHo5i0jqZPpDjC14zy52o0OPSiET5a5t9MVZUSReXsXCuW8uGeIMwTWhC-dLJKjq4ipvN26hkUez1Z3axHcBsFoBbbwqfpsXpSscWi9i1mcDFZaeFM2cWRy5W-Ve7DDN-LULsnbrf3EY4tl0tH16_QsQgkG7E_tGxiKvbQYUF2no5dKlAMSbkNEJ-kpHiAqTJ3aoX5RIEORhp2MDEhzTTRTeOWbs8IMtuGDTxcp6iQGqNunu6a1RNqDgAx37ZtY7cn4l5NGJOLi2ZEgN7RsQinvUVOvjvHPN0Ko08cOlCXf_pfY9ZJmDrbdTsPbE-3_KxZqykzP1uFzu5aj7iTzmyoaC07uhRbOFsqDYJjFGq_nPUcFIiFKQsv-xIOHKOvU5ij32ALlVYPIWbEnxh6oDhnmqpoOKTm9vk6DDyCLZWD7OHexRemu6IO77Xpz0uc431Sk5-BbrpanE3vCv00cCVXHNlFM9s-xhxln2GiUc7G8CiyibRdSzWtkFOdqNjQ50V9DK9YkgSA9sgJQ4gPeqrIR-Bdh7jwcvY8K_9ccByBuBLfS7IDKfXGVJe01Lzt2CEzqkEyeCws4SLwRz7zvFiZU-RHFAwkQZavI32eaM8a_4iqR6hyq82RSBSvh-kbaMHuLDb6UwzNq2cwRoP9qOH1xHcU-7Gk2GUBtnuH-3mpBuJI9j0pzAbgBKFWXTzGWgJwDTybvhEzAr3pWMf_EK9J931byXc6JTYtRySOMShMkOkmjXigDPzXSlkDZeiUXbtUdFogsjPCrR1qEG4VnmnIPlxSEGZzf37HK7VvQnraf70lvGPhhQ8FT3pLMTBR5P7vFSzshxC7HIEODhh2LyNjx7SA2MmEEn5Ld6VmtHln5zRBIJqqOtpqYMBLB3BkKLjL3P4P_SfVi2wcdx4IL6_apiAsiXB4SoU_2iBv-_iV-f7SjrT48rlq3i8QHxhehi6420vHZCQmbEqaBUHl25Dr-VFVT0GGLG9QapKNjO6Sd63-dvcdsF9eSxidq_2-ykKJ1tezKiIdF-XFLCwjmpjpsDW_slf4Zi2LBGIBlCItFevV2UfHhUlzITnES9tDMFyvGlSlU9u4e1Wn1rcxs4_mzqu2P6ZQtVsVleLvVHVjoQ4J3avqCiipBCZImfLkPB8Yuz0izQbF2adKhCiYFrATA76ea-p8ngAAAAEABVguNTA5AAAD8jCCA-4wggLWoAMCAQICBAXS0rYwDQYJKoZIhvcNAQEFBQAwgYUxJzAlBgNVBAMMHk9XQVNQIFplZCBBdHRhY2sgUHJveHkgUm9vdCBDQTEZMBcGA1UEBwwQNjRjZDk3MWU1NDEyMDE1NDEWMBQGA1UECgwNT1dBU1AgUm9vdCBDQTEaMBgGA1UECwwRT1dBU1AgWkFQIFJvb3QgQ0ExCzAJBgNVBAYTAnh4MB4XDTE1MDcyODE3NTEyNVoXDTE2MDcyNzE3NTEyNVowgYUxJzAlBgNVBAMMHk9XQVNQIFplZCBBdHRhY2sgUHJveHkgUm9vdCBDQTEZMBcGA1UEBwwQNjRjZDk3MWU1NDEyMDE1NDEWMBQGA1UECgwNT1dBU1AgUm9vdCBDQTEaMBgGA1UECwwRT1dBU1AgWkFQIFJvb3QgQ0ExCzAJBgNVBAYTAnh4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gg6Ks1w9sXSciE_z5jMOkb4NuOHsdYIED3fq_2kTre3dfVXivbAfm4zt39XR-aIY77GUPf-xXgDIEntqstPCtXiZ1LfQaC6iWWilZOh-V4JRD0musWQ6ZOpZ9U_UOBh8Q5RB0DiBIdfO-9mMzCs0Bbr2o4lUe1Kxl2YCscXnRluuBpe6h7awYD0dUlfm3ma6EkDRcJhLOFerSa6Gcz2LY_fYoK4MmJAf8lEnK8-y-6rKByGn5Qqqy6DcoMB34XnG0AlXB1ynPYuNhRjomq8Susi3R7YNuOeCEfxZfwLrvEqxYRsI1xK-t5gDdWaAsUbARYmoN1QIvOFAetQ-uKJLQIDAQABo2QwYjAdBgNVHQ4EFgQUPsujYnhJ9WTpR4c5NgGF97i2rVgwDwYDVR0TAQH_BAUwAwEB_zALBgNVHQ8EBAMCAbYwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBBQUAA4IBAQDZxjGJ85yTKlYL21_2KM0heDbnvBkhgZu04rFFtWd59_hvz9vLkZGayPQTimkewm_CxjILuNNMA_c7kLYjRZiW5D0UrOH9vhj04GElwkebdRyh2tNr1Fnh77-uPJMnyVNL1vq1WNAeHWwfVAlqi3zHK7vlL5u3MN2AhwBD9UnJSSqdlA5-_XgczjwUpkVNaMgfVxcQtiNjtvg4MzOsXhEiIKkVkoqYtCM8jHCP7Ix7eh6qhg6ZFs_GeeXtBIasavDl9uJoqRzP3PJBbHvYiAKNcHYCRiTKtorqnK2Ql65LDN9f5-K4oK0pdF1Mqry6dSw6-bN9FJWctybvMsUPGxZVgXOk-uVsOjsleP3MzIoCHPbkf6s</rootca> +</param> +</dynssl> +<database> +<newsession>3</newsession> +<newsessionprompt>false</newsessionprompt> +<compact>false</compact> +<request> +<bodysize>16777216</bodysize> +</request> +<response> +<bodysize>16777216</bodysize> +</response> +</database> +<httpsessions> +<proxyOnly>false</proxyOnly> +<confirmRemoveToken>true</confirmRemoveToken> + + + + + + + +<tokens> +<token> +<name>asp.net_sessionid</name> +<enabled>true</enabled> +</token> +<token> +<name>aspsessionid</name> +<enabled>true</enabled> +</token> +<token> +<name>siteserver</name> +<enabled>true</enabled> +</token> +<token> +<name>cfid</name> +<enabled>true</enabled> +</token> +<token> +<name>cftoken</name> +<enabled>true</enabled> +</token> +<token> +<name>jsessionid</name> +<enabled>true</enabled> +</token> +<token> +<name>phpsessid</name> +<enabled>true</enabled> +</token> +<token> +<name>sessid</name> +<enabled>true</enabled> +</token> +<token> +<name>sid</name> +<enabled>true</enabled> +</token> +<token> +<name>viewstate</name> +<enabled>true</enabled> +</token> +<token> +<name>zenid</name> +<enabled>true</enabled> +</token> +<token> +<name>wiki_session</name> +<enabled>true</enabled> +</token> +</tokens> +</httpsessions> +<pscans> +<confirmRemoveAutoTagScanner>true</confirmRemoveAutoTagScanner> +<org> +<zaproxy> +<zap> +<extension> +<pscan> +<scanner> +<ScriptsPassiveScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</ScriptsPassiveScanner> +</scanner> +</pscan> +<pscanrules> +<ApplicationErrorScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</ApplicationErrorScanner> +<CacheControlScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</CacheControlScanner> +<ContentTypeMissingScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</ContentTypeMissingScanner> +<CookieHttpOnlyScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</CookieHttpOnlyScanner> +<CookieSecureFlagScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</CookieSecureFlagScanner> +<CrossDomainScriptInclusionScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</CrossDomainScriptInclusionScanner> +<HeaderXssProtectionScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</HeaderXssProtectionScanner> +<MixedContentScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</MixedContentScanner> +<PasswordAutocompleteScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</PasswordAutocompleteScanner> +<TestInfoPrivateAddressDisclosure> +<enabled>true</enabled> +<level>MEDIUM</level> +</TestInfoPrivateAddressDisclosure> +<TestInfoSessionIdURL> +<enabled>true</enabled> +<level>MEDIUM</level> +</TestInfoSessionIdURL> +<XContentTypeOptionsScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</XContentTypeOptionsScanner> +<XFrameOptionScanner> +<enabled>true</enabled> +<level>MEDIUM</level> +</XFrameOptionScanner> +</pscanrules> +</extension> +</zap> +</zaproxy> +</org> + + + + + + + +<autoTagScanners> +<scanner> +<name>html_tag_form</name> +<type>TAG</type> +<config>Form</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><form</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_tag_password</name> +<type>TAG</type> +<config>Password</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><password\s</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_type_password</name> +<type>TAG</type> +<config>Password</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex>type\s*=\s*['"]?password['"]?</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_type_hidden</name> +<type>TAG</type> +<config>Hidden</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex>type\s*=\s*['"]?hidden['"]?</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_type_upload</name> +<type>TAG</type> +<config>Upload</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex>type\s*=\s*['"]?file['"]?</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_tag_object</name> +<type>TAG</type> +<config>Object</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><object\s</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_tag_script</name> +<type>TAG</type> +<config>Script</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><script</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_mailto</name> +<type>TAG</type> +<config>MailTo</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><.*href\s*['"]?mailto:</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_setcookie</name> +<type>TAG</type> +<config>SetCookie</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex>set-cookie</resHeadRegex> +<resBodyRegex/> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_comment1</name> +<type>TAG</type> +<config>Comment</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex>/\*</resBodyRegex> +<enabled>true</enabled> +</scanner> +<scanner> +<name>html_comment2</name> +<type>TAG</type> +<config>Comment</config> +<reqUrlRegex/> +<reqHeadRegex/> +<resHeadRegex/> +<resBodyRegex><!--</resBodyRegex> +<enabled>true</enabled> +</scanner> +</autoTagScanners> +</pscans> +<websocket> +<forwardAll>false</forwardAll> +<breakOnAll>false</breakOnAll> +<breakOnPingPong>false</breakOnPingPong> +</websocket> +<ext> +<ExtensionFuzz>true</ExtensionFuzz> +<ExtensionAPI>true</ExtensionAPI> +<ExtensionActiveScan>true</ExtensionActiveScan> +<ExtensionAlert>true</ExtensionAlert> +<ExtensionAntiCSRF>true</ExtensionAntiCSRF> +<ExtensionAscanRules>true</ExtensionAscanRules> +<ExtensionAuthentication>true</ExtensionAuthentication> +<ExtensionAuthorization>true</ExtensionAuthorization> +<ExtensionAutoUpdate>true</ExtensionAutoUpdate> +<ExtensionBreak>true</ExtensionBreak> +<ExtensionBruteForce>true</ExtensionBruteForce> +<ExtensionCompare>true</ExtensionCompare> +<ExtensionCoreLang>true</ExtensionCoreLang> +<ExtensionDiff>true</ExtensionDiff> +<ExtensionDynSSL>true</ExtensionDynSSL> +<ExtensionEdit>true</ExtensionEdit> +<ExtensionEncode2>true</ExtensionEncode2> +<ExtensionExtension>true</ExtensionExtension> +<ExtensionFilter>true</ExtensionFilter> +<ExtensionForcedUser>true</ExtensionForcedUser> +<ExtensionGettingStarted>true</ExtensionGettingStarted> +<ExtensionGlobalExcludeURL>true</ExtensionGlobalExcludeURL> +<ExtensionHelp>true</ExtensionHelp> +<ExtensionHistory>true</ExtensionHistory> +<ExtensionHttpPanelComponentonentAll>true</ExtensionHttpPanelComponentonentAll> +<ExtensionHttpPanelHexView>true</ExtensionHttpPanelHexView> +<ExtensionHttpPanelImageView>true</ExtensionHttpPanelImageView> +<ExtensionHttpPanelLargeRequestView>true</ExtensionHttpPanelLargeRequestView> +<ExtensionHttpPanelLargeResponseView>true</ExtensionHttpPanelLargeResponseView> +<ExtensionHttpPanelRequestFormTableView>true</ExtensionHttpPanelRequestFormTableView> +<ExtensionHttpPanelRequestQueryCookieTableView>true</ExtensionHttpPanelRequestQueryCookieTableView> +<ExtensionHttpPanelSyntaxHighlightTextView>true</ExtensionHttpPanelSyntaxHighlightTextView> +<ExtensionHttpSessions>true</ExtensionHttpSessions> +<ExtensionInvoke>true</ExtensionInvoke> +<ExtensionKeyboard>true</ExtensionKeyboard> +<ExtensionLog4j>true</ExtensionLog4j> +<ExtensionManualRequest>true</ExtensionManualRequest> +<ExtensionOnlineMenu>true</ExtensionOnlineMenu> +<ExtensionParams>true</ExtensionParams> +<ExtensionPassiveScan>true</ExtensionPassiveScan> +<ExtensionPlugNHack>true</ExtensionPlugNHack> +<ExtensionPscanRules>true</ExtensionPscanRules> +<ExtensionQuickStart>true</ExtensionQuickStart> +<ExtensionReport>true</ExtensionReport> +<ExtensionRequestPostTableView>true</ExtensionRequestPostTableView> +<ExtensionReveal>true</ExtensionReveal> +<ExtensionSaveRawHttpMessage>true</ExtensionSaveRawHttpMessage> +<ExtensionScript>true</ExtensionScript> +<ExtensionScripts>true</ExtensionScripts> +<ExtensionSearch2>true</ExtensionSearch2> +<ExtensionSessionManagement>true</ExtensionSessionManagement> +<ExtensionSitesRefresh>true</ExtensionSitesRefresh> +<ExtensionSpider>true</ExtensionSpider> +<ExtensionSpiderAjax>true</ExtensionSpiderAjax> +<ExtensionStandardMenus>true</ExtensionStandardMenus> +<ExtensionState>true</ExtensionState> +<ExtensionTipsAndTricks>true</ExtensionTipsAndTricks> +<ExtensionUiUtils>true</ExtensionUiUtils> +<ExtensionUserManagement>true</ExtensionUserManagement> +<ExtensionViewOption>true</ExtensionViewOption> +<ExtensionWebSocket>true</ExtensionWebSocket> +<ExtensionZest>true</ExtensionZest> +<ExtensionSelenium>true</ExtensionSelenium> +<org> +<zaproxy> +<zap> +<extension> +<fuzz> +<httpfuzzer> +<ExtensionHttpFuzzer>true</ExtensionHttpFuzzer> +</httpfuzzer> +</fuzz> +</extension> +</zap> +</zaproxy> +</org> +</ext> +<bruteforce> +<threadPerHost>10</threadPerHost> +<recursive>true</recursive> +<defaultFile/> +<browsefiles>false</browsefiles> +<fileextensions/> +</bruteforce> +<globalexcludeurl> +<confirmRemoveToken>true</confirmRemoveToken> + + + + + + + +<url_list> +<url> +<regex>^.*\.(gif|jpe?g|png|ico|icns|bmp)$</regex> +<description>Ext - Image (ends with .ext)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^.*\.(mp[34]|mpe?g|m4[ap]|aac|avi|mov|wmv|og[gav])$</regex> +<description>Ext - Audio/Video (ends with .ext)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^.*\.(pdf|docx?|xlsx?|pptx?)$</regex> +<description>Ext - PDF & Office (ends with .ext)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^.*\.(css|js)$</regex> +<description>Ext - Stylesheet, JavaScript (ends with .ext)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^.*\.(sw[fa]|flv)$</regex> +<description>Ext - Flash & related (ends with .ext)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*\.(gif|jpe?g|png|ico|icns|bmp)\?.*$</regex> +<description>Ext/Param - Image (ext plus ?params=values)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*\.(mp[34]|mpe?g|m4[ap]|aac|avi|mov|wmv|og[gav])\?.*$</regex> +<description>Ext/Param - Audio/Video (ext plus ?params=values)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*\.(pdf|docx?|xlsx?|pptx?)\?.*$</regex> +<description>Ext/Param - PDF & Office (ext plus ?params=values)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*\.(css|js)\?.*$</regex> +<description>Ext/Param - Stylesheet, JavaScript (ext plus ?params=values)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*\.(sw[fa]|flv)\?.*$</regex> +<description>Ext/Param - Flash & related (ext plus ?params=values)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^[^\?]*/(WebResource|ScriptResource)\.axd\?d=.*$</regex> +<description>Ext/Param - .NET adx resources (SR/WR.adx?d=)</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://api\.bing\.com/qsml\.aspx?query=.*$</regex> +<description>Site - Bing API queries</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://(safebrowsing-cache|sb-ssl|sb|safebrowsing\.clients)\.google\.com</regex> +<description>Site - Google malware detector updates</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://([^/])*\.?lastpass\.com</regex> +<description>Site - Lastpass manager</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://(.*addons|au[0-9])\.mozilla\.(org|net|com)</regex> +<description>Site - Mozilla Firefox browser updates</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://([^/])*\.?(getfoxyproxy\.org|getfirebug\.com|noscript\.net)</regex> +<description>Site - Mozilla Firefox extensions phoning home</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://(.*update\.microsoft|.*\.windowsupdate)\.com/.*$</regex> +<description>Site - Microsoft Windows updates</description> +<enabled>false</enabled> +</url> +<url> +<regex>^https?://clients2\.google\.com/service/update2/crx.*$</regex> +<description>Site - Google Chrome extension updates</description> +<enabled>false</enabled> +</url> +</url_list> +</globalexcludeurl> +<invoke> +<confirmRemoveApp>true</confirmRemoveApp> +</invoke> +<breakpoints> +<buttonMode>1</buttonMode> +</breakpoints> +<encode> +<param> +<base64charset>UTF-8</base64charset> +<base64dobreaklines>true</base64dobreaklines> +</param> +</encode> +<api> +<enabled>true</enabled> +<secure>false</secure> +<key>f3bsgqdaskkn11mfou65o2lm0</key> +<disablekey>false</disablekey> +<incerrordetails>false</incerrordetails> +<autofillkey>false</autofillkey> +<enablejsonp>false</enablejsonp> +</api> +<confRemdir>true</confRemdir> +<anticsrf> +<confirmRemoveToken>true</confirmRemoveToken> + + + + + + + +<tokens> +<token> +<name>anticsrf</name> +<enabled>true</enabled> +</token> +<token> +<name>CSRFToken</name> +<enabled>true</enabled> +</token> +<token> +<name>__RequestVerificationToken</name> +<enabled>true</enabled> +</token> +<token> +<name>csrfmiddlewaretoken</name> +<enabled>true</enabled> +</token> +</tokens> +</anticsrf> +<zest> +<incResponses>true</incResponses> +<ignoreHeaders>Accept</ignoreHeaders> +<ignoreHeaders>Accept-Encoding</ignoreHeaders> +<ignoreHeaders>Accept-Language</ignoreHeaders> +<ignoreHeaders>Cache-Control</ignoreHeaders> +<ignoreHeaders>Connection</ignoreHeaders> +<ignoreHeaders>Cookie</ignoreHeaders> +<ignoreHeaders>Host</ignoreHeaders> +<ignoreHeaders>If-Modified-Since</ignoreHeaders> +<ignoreHeaders>If-None-Match</ignoreHeaders> +<ignoreHeaders>Location</ignoreHeaders> +<ignoreHeaders>Pragma</ignoreHeaders> +<ignoreHeaders>Referer</ignoreHeaders> +<ignoreHeaders>Set-Cookie</ignoreHeaders> +<ignoreHeaders>Set-Cookie2</ignoreHeaders> +<ignoreHeaders>User-Agent</ignoreHeaders> +</zest> +<dirs>/home/dpatrick/workspace/automated-scanning/ZAP/scripts</dirs> +<runnableAddOns> +<addon> +<id>help_pt_BR</id> +<version>3</version> +</addon> +<addon> +<id>pscanrules</id> +<version>14</version> +</addon> +<addon> +<id>websocket</id> +<version>9</version> +</addon> +<addon> +<id>gettingStarted</id> +<version>4</version> +</addon> +<addon> +<id>help</id> +<version>3</version> +</addon> +<addon> +<id>directorylistv1</id> +<version>2</version> +</addon> +<addon> +<id>quickstart</id> +<version>16</version> +</addon> +<addon> +<id>coreLang</id> +<version>8</version> +</addon> +<addon> +<id>fuzzdb</id> +<version>3</version> +</addon> +<addon> +<id>saverawmessage</id> +<version>2</version> +</addon> +<addon> +<id>ascanrules</id> +<version>20</version> +</addon> +<addon> +<id>spiderAjax</id> +<version>13</version> +</addon> +<addon> +<id>onlineMenu</id> +<version>3</version> +</addon> +<addon> +<id>directorylistv2_3_lc</id> +<version>2</version> +</addon> +<addon> +<id>directorylistv2_3</id> +<version>2</version> +</addon> +<addon> +<id>selenium</id> +<version>3</version> +</addon> +<addon> +<id>reveal</id> +<version>2</version> +</addon> +</runnableAddOns> +</config> -- To view, visit https://gerrit.wikimedia.org/r/238241 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5d1a62a8a49e70f54cb988f9546bca36108513a1 Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/security/automated-scanning Gerrit-Branch: master Gerrit-Owner: Dpatrick <dpatr...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits