Jump to: navigation, search


The ZAProxy (Zed Attack Proxy) included in the Co-browse Server installation package is based on the OWASP Zed Attack Proxy Project. In addition to acting as a proxy, the ZAProxy also provides a UI for validating the vulnerabilities in your website. For details, see Testing with ZAProxy SecurityTesting.

Complete the procedures below to configure and run the ZAProxy.

While Genesys Co-browse requires a minimum of Java version 1.6, the ZAProxy requires JDK 1.7 or higher. If there are several Java installations and the system-wide Java is not Java 7, you should explicitly specify the path to the required Java installation in the zap.bat (Windows) or zap.sh (Linux) file.

Start/Stop the Proxy

Start the Proxy

Navigate to your Co-browse Server installation directory and launch tools\zapproxy\zap.bat (on Windows) or tools\zapproxy\zap.sh (on Linux). The proxy starts and opens the UI, which you can use to configure proxy settings, update the instrumentation script, and test the security of your site.


Stop the Proxy

To stop the ZAProxy, simply close the UI window.

Configure ZAProxy Host and Port


  1. Open Tools > Options > Local proxy.
  2. In the Local proxy panel, specify the host and port of this proxy. Do not use "localhost" or "" for the host name.
  3. Note the values of the host and port — you will use these to Set up your Web Browser.
  4. If you changed the settings, restart the proxy.


Update the Instrumentation Script

ZAProxy includes the default Co-browse instrumentation script, which you can view by completing the steps below.


  1. Open Tools > Filter.
  2. In the dialog that opens, click the small oval with the ellipses (...), located near the checked box for the "Replace HTTP response body..." item.
  3. In the dialog that opens, select the line and click Edit.

    The Edit pattern dialog opens.
  4. To save the changes, click OK on the current dialog and on the two parent dialogs.


Configure the URL Filter

To configure URLs that the proxy should ignore, use one of the following ways:

  • Select File > Session Properties. In the Session Properties dialog, select Exclude from proxy, double-click URL regexs and add your URL. Click OK.

  • In the Sites tab, right-click on a site and select Exclude from > Proxy.


If you want the proxy to remember the excluded URLs beyond the current session, select File > Persist session... and select a file to save your session.

Set up your Web Browser


  1. Start your web browser.
  2. Open your Internet settings. For instance, in Firefox, select Tools > Options. The Options dialog window appears.
  3. Select Advanced and in the Network tab, click Settings.... The Connection Settings dialog window opens.
  4. Select the Manual proxy configuration option and do the following:
    • Enter your host IP address in the HTTP Proxy text box.
    • Enter the port used by the ZAProxy in the Port text box. This is the port you made note of in Configure ZAProxy Host and Port.
    • Select the Use this proxy server for all protocols option.
      ZAProxy used in Firefox
    • In the "No Proxy for:" text box, list the IP address or domain name as it appears in the data-gcb-url attribute of the Co-browse JavaScript (see Basic Instrumentation). This ensures that communication with Co-browse server is not proxied. Note: If the proxy and Co-browser Server are running on the same machine, this value will be the same as the IP in the HTTP Proxy text box.
  5. Click OK. Now your browser is using the ZAProxy, which will inject the Co-browse JavaScript code into all web pages except those you specified in Configure the URL Filter.


This page was last edited on December 1, 2014, at 18:55.
blog comments powered by Disqus