Skip to content

Feature Replay In Browser

Simon Bennetts edited this page Jul 23, 2018 · 2 revisions

The 'Replay In Browser' feature allows you to edit an existing request and then resend it so that the results are displayed in the browser. It allows you to change post requests and HTTP headers, which cannot usually be changed from code running in the browser.

In order to achieve this:

  1. The HUD posts the changed HTTP header and body to a HUD API endpoint
  2. This data is cached and the desired URL is returned with a UUID in a new zapHudReplaceReq url parameter
  3. The HUD performs a GET request on the URL, even if the user has asked to perform another operation (such as a POST)
  4. ZAP recognises the request with the UUID and replaces all the HTTP header and body, removing the zapHudReplaceReq parameter and changing the method if required
  5. The target application then responds to user's request, returning the result to the browser
  6. Finally, for consistency, the HUD code strips off the zapHudReplaceReq url parameter, which was never actually sent to the target application