Tuesday, 22 August 2017

ZAP Browser Launch

We have just released a new feature for ZAP that allows you to launch browsers from within ZAP. The browsers are automatically configured to proxy via ZAP and ignore certificate warnings, making it much easier for people to get started with ZAP as well as for more experienced users who want to use ZAP with a variety of browsers. You can install and use Browser Launch right now via the ZAP Marketplace, which can be accessed via the 'Manage Add-ons' button in ZAP:

just 'Check for Updates':

and 'Update All':

You will now get a new 'Launch Browser' option in the Quick Start tab:

To see a demo of this feature see the following video:

Note that you must be using the latest version of ZAP (currently 2.6.0) and at least Java 8.
Version 2.6.0 does support Java 7, but this functionality requires Java 8. It’s worth noting that the next full release of ZAP will also require Java 8 as a minimum.

If you have any problems or questions about this new feature then please head over the the ZAP User Group.


  1. It is an excellent blog for ZAP, a very rare one. I have read all your posts. It would be beneficial if you post solution of common and unique zap problems like ZAP maintain session, csrf token login, ajax spidering and normal spidering differences, active scan for login protected pages with csrf token based, create active scan policies, fuzz injections including sql and xss and how to solve common alerts like cookie without secure flag, cookie with no http only flag, cross domain xss fie inclusion, xss protection not enabled etc. These types are so many problem we are facing while zap scan and there is no proper solution available on internet. Please expand your blog with these solutions, it will surely help to users like us. Thank You.

    1. Thanks Derek :)
      The best place to ask questions about ZAP is the User Group: https://groups.google.com/group/zaproxy-users