Jump to: navigation, search

UI-based ZAProxy

The ZAProxy requires JDK 1.7 or higher. If there are several Java installations and the system-wide Java is not Java 7+, you should explicitly specify the path to the required Java installation in the zap.bat (Windows) or zap.sh (Linux) file.

Start/Stop the Proxy

Start the Proxy

Navigate to your Co-browse Server installation directory and launch tools\zapproxy\zap.bat (on Windows) or tools\zapproxy\zap.sh (on Linux). The proxy starts and opens the UI, which you can use to configure proxy settings, update the instrumentation script, and test the security of your site.


Stop the Proxy

To stop the ZAProxy, simply close the UI window.

Configure ZAProxy Host and Port


  1. Open Tools > Options > Local proxy.
  2. In the Local proxy panel, specify the host and port of this proxy. Do not use "localhost" or "" for the host name.
  3. Note the values of the host and port — you will use these to Set up your Web Browser.
  4. If you changed the settings, restart the proxy.


Update the Instrumentation Script

ZAProxy includes the default Co-browse instrumentation script, which you can view by completing the steps below.


  1. Open Tools > Filter.
  2. In the dialog that opens, click the small oval with the ellipses (...), located near the checked box for the "Replace HTTP response body..." item.
  3. In the dialog that opens, select the line and click Edit.

    The Edit pattern dialog opens.
  4. To save the changes, click OK on the current dialog and on the two parent dialogs.


Configure the URL Filter

To configure URLs that the proxy should ignore, use one of the following ways:

  • Select File > Session Properties. In the Session Properties dialog, select Exclude from proxy, double-click URL regexs and add your URL. Click OK.

  • In the Sites tab, right-click a site and select Exclude from > Proxy.


If you want the proxy to remember the excluded URLs beyond the current session, select File > Persist session... and select a file to save your session.

Set up your Web Browser

To use the proxy you need to set up your Web Browser. See ZAProxy#Set_up_your_Web_Browser

Resolving the protocol_version error

After configuring the proxy in your browser, you may encounter the following error on some HTTPS sites:

ZAP Error [javax.net.ssl.SSLException]: Received fatal alert: protocol_version

This error happens when a site only supports older versions of the TLS protocol. To fix this error:

  1. Open Tools > Options > Connection.
  2. Un-check all checkboxes except for TLS 1 in the Security Protocols section.
    GCB ZAP single tls protocol config.png
  3. Click OK and reload the web page.
If you encounter this error on a site you want to instrument with Co-browse, update the corresponding clientTlsProtocols option to TLSv1
This page was last edited on March 2, 2018, at 17:55.
Comments or questions about this documentation? Contact us for support!