can't get Replacer to work at all

Question

can't get Replacer to work at all

godbout opened this issue 2 months ago · comments

Describe the bug

Replacer doesn't seem to be replacing anything at all. tried on two distinct computers, and one VM. with Brave and Firefox. Zap 2.14.0 with all extensions up to date.

Steps to reproduce the behavior

add a Replacer rule
enable it
set break on all requests and responses
visit any site in the pre-configured browser

Expected behavior

i expect the request headers to be changed according to my Replacer rule

Software versions

macOS

14.4.1 (23E224)

Brave

Version 1.64.113 Chromium: 123.0.6312.86 (Official Build) (arm64)

Firefox

124.0.1 (64-bit)

ZAP

Version: 2.14.0

Installed Add-ons: [[id=alertFilters, version=19.0.0],
[id=ascanrules, version=65.0.0], [id=authhelper,
version=0.12.0], [id=automation, version=0.37.0],
[id=bruteforce, version=15.0.0], [id=callhome,
version=0.11.0], [id=commonlib, version=1.23.0],
[id=database, version=0.3.0], [id=diff, version=14.0.0],
[id=directorylistv1, version=7.0.0], [id=domxss,
version=18.0.0], [id=encoder, version=1.4.0], [id=exim,
version=0.8.0], [id=formhandler, version=6.5.0], [id=fuzz,
version=13.12.0], [id=gettingStarted, version=16.0.0],
[id=graaljs, version=0.5.0], [id=graphql, version=0.23.0],
[id=help, version=17.0.0], [id=hud, version=0.18.0],
[id=invoke, version=14.0.0], [id=network, version=0.15.0],
[id=oast, version=0.17.0], [id=onlineMenu, version=12.0.0],
[id=openapi, version=39.0.0], [id=postman, version=0.2.0],
[id=pscanrules, version=57.0.0], [id=quickstart,
version=45.0.0], [id=replacer, version=16.0.0], [id=reports,
version=0.31.0], [id=requester, version=7.5.0], [id=retest,
version=0.8.0], [id=retire, version=0.33.0], [id=reveal,
version=7.0.0], [id=scripts, version=45.1.0], [id=selenium,
version=15.20.0], [id=soap, version=22.0.0], [id=spider,
version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips,
version=12.0.0], [id=webdrivermacos, version=77.0.0],
[id=websocket, version=30.0.0], [id=zest, version=43.0.0]]

Operating System: Mac OS X
Architecture: aarch64
Java Version: Eclipse Adoptium 11.0.20.1
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_US
Default Charset: UTF-8
ZAP Home Directory: /Users/guill/Library/Application Support/ZAP/
ZAP Installation Directory: /Applications/ZAP.app/Contents/Java/./
Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)

Screenshots

Screen.Recording.2024-04-02.at.02.49.58.mov

Errors from the zap.log file

zap.log

Additional context

No response

Would you like to help fix this issue?

Yes

G. · Answer 1 · Tue Apr 02 2024 03:02:55 GMT+0800 (China Standard Time)

btw, tried other headers and got the same results.

thc202 · Answer 2 · Tue Apr 02 2024 03:15:17 GMT+0800 (China Standard Time)

The replacement happens when the message is sent not while caught in the Break tab.

G. · Answer 3 · Tue Apr 02 2024 03:18:51 GMT+0800 (China Standard Time)

@thc202 oh. all the tutorials i've seen catch the change through breakpoints.

G. · Answer 4 · Tue Apr 02 2024 03:27:04 GMT+0800 (China Standard Time)

@thc202 alright, i can see if i use the HUD. once i step on the response, i can go back to the request and see that the User-Agent was changed. the HUD has been a hit and miss for me so i tend not to use it. 90% of the time it's empty, no tools shown, and if i want to add any the dropdowns are empty too. thanks for the clarification tho.