How to enable pulg and hack feature in OWASP ZAP - owasp

I have recently downloaded OWASP ZAP to perform security testing. But there is no option for plug and hack feature so that I can incorporate it with Firefox? Can anyone tell me why is it not there and how can I add it?
ZAP version 2.6.0
Ubuntu 16.04
No plug and hack feature

It may be because mozilla firefox has restricted plug and hack feature in new versions for security concerns.
If you still wish to do so, try using older firefox versions.

The add-on used features that are now no longer available in Firefox, unless you trust unsigned add-ons. It is being reworked, but no eta I'm afraid.
You can still install it from the ZAP Marketplace - just click on the 'Manage Add-ons' button, 'Check for Updates' and search for 'plug' in the 'Marketplace' tab.
You can now also use the new 'browser launch' feature. Just make sure you're running the latest version of ZAP (currently 2.6.0) and that all of your add-ons are up to date. You'll then get the option to lauch any browser from ZAP, automatically configured to proxy through ZAP and ignore certificate issues. More details in this blog post: https://zaproxy.blogspot.com/2017/08/zap-browser-launch.html

Related

Can't create GitHub account

I want to create a GitHub account, but something is blocking me from doing that
As you see, it's asking me to do captcha test over and over again.
Should I report this as a bug? is this also happening to you?
I suggest to wait some minutes and try it later. Or you can just try to do the following steps:
Ensure JavaScript is enabled on your browser.
Ensure your browser is supported. If your browser isn't supported, upgrade your browser or install a supported browser. For a list of supported browsers, see "Supported browsers".
Ensure your network configuration is not blocking https://octocaptcha.com/ or https://arkoselabs.com/. If you're behind a corporate firewall, contact your IT administrator to allow those domains. To verify access to these domains, visit https://octocaptcha.com/test and ensure the text "Connection successfully made!" is displayed, then visit https://client-demo.arkoselabs.com/github and ensure you are able to load the captcha.
Ensure your browser does not have plug-ins or extensions that may be interfering with GitHub. If so, temporarily disable the plug-ins or extensions during captcha verification.
Otherwise everything works according to the status page.
In Debian: apt install epiphany-browser
It just bypassed github's signup "barriers" in a way that fresh installations of Firefox ESR / Firefox latest / Chromium... in Debian, Windows, Android... could not!
I tried many times, but I couldn't create an account on Github. After that, I tried to create an account on GitHub using my mobile google chrome, then I successfully created an account in Github. Thanks.

eZ Publish Site Package Error

I am installing ez publish(CMS) in my xampp...
however in this section of installation
SITE PACKAGE
I can't proceed even though I can click next.. I bet the site package is mandatory... I need your help guys... btw, I am installing 2013.5 version
here's the error
Error
Invalid package
Remote repository URL: http://packages.ez.no/ezpublish/5.0/5.0.0/
I've tried uploading the ezwebin_site.ezpkg in the remote repository still I can't proceed... thanks in advance.
Site Package selection step within the Setup Wizard is more or less required (you must select one package using the ratio buttons) to complete a proper eZ Publish installation first time.
Notice the 'Help' sidebar content, "The type of site will choose some basic settings for toolbars, menus, color and functionality. It is possible to change these settings at a later time.".
This is to remind new users that you first use the setup wizard for your first time installation of eZ Publish and then you can re-configure eZ Publish settings, design, extensions, etc manually as much as you desire / require. You can customize almost any part of eZ Publish, once you have it installed and setup properly.
It is recommended for new users to install the 'Website Interface' (with content) package for your first installation. Again you can change all it all after you have completed the default installation and have a working default installation.
More experienced developers may choose to use the 'Plain site' package (with no content, and significantly less default functionality and helpful tools) but this option often causes extreme confusion to new users / developers (who need the tools provided in the 'Website Interface' package to get started using eZ Publish quickly) as it omits expected content classes, default content use case examples, roles / policies, default settings use case examples, ezwebin design extension and much more. As such any package choice other than 'Website Interface' (with the version of eZ Publish you are using) is very strongly discouraged.
Advanced Developers with an already setup installation can create their own site packages to reuse in the future to simplify configuration of a default installation.
Resolution Edit: During an extensive stackoverflow and irc chat it was determined that the user asking the question lacked the WAMP server (PHP modules) support required by eZ Publish 5.x which is why the user was having installation setup problems. Specifically the user was missing the required php curl module which is used / required by the setup wizard to download site packages. The user was strongly recommended to replace Xampp (on win32) with Bitnami (for eZ) which provides for all the requirements of eZ Publish 5.x by default and has already been heavily tested and customized for use with eZ Publish 5.x. Also the user was using an older version of eZ Publish 5.x (2013.5 community build) which only supports PHP 5.3 and the user's Xampp PHP version was PHP 5.6.8 which requires at the very least eZ Publish 5.x (2014.11 community build).

How to automatically upgrade a Firebreath plugin

Recently, I wrote a cross-browser plugin using Firebreath, and I made one installer for all browsers. I searched in stackoverflow for automatic plugin installation, and find a bunch of good answers,
FireBreath plugin automatic installation
Deploying a Firebreath plugin on a webpage without manual installation
Plugin Installation
Deployment of NPAPI plugin with minimal user steps
All answers points out that it needs users’ interaction to download and install the plugin.
My question is that does plugin upgrade follow the same process of first installation, which let users to download the latest installer and install it manually again? Is there any other options to make the plugin upgrade more automatically (less user interaction)?
I also searched this answer a little bit relevant, but it doesn’t tell the way to upgrade a plugin automatically.
firebreath plugin refresh after update
Or I should ask what is the best practice to upgrade firebreath plugin?
Basically there is no good answer to your question, unfortunately. I have had in-place updates working for all browsers (updating in the browser without a restart), but it's fraught with difficulty and extremely fragile. I don't really recommend it.
Probably the cleanest update experience I've seen is by using Google Omaha to do the install and automatic updates in the background. The biggest downside to Omaha is that it's a beast to get set up and working; even just building it requires a lot of work, and then you have to customize a lot of constants and such.
The way I do it is just require that the user download and install an update (MSI or .DMG w/ applescript, depending on the platform) and then just tell them they'll have to restart their browser to get the new version. It's not clean, but it drastically reduces the support requirements.

Problem on installing new software on Eclipse Galileo Platform

I want to install a subversion on my eclipse.
So I went to Help < Install New Software and when I pick the "Galileo - http://download.eclipse.org/releases/galileo" in the "Work with" dropdown, it tells me in the main box "No repository found at http://...".
It is appearing in my available software sites and when I test the connection it returns me an error saying Unknown host.
Can someone please help me, I really need to install that subversion :).
Anna
As mention in this thread, this could be a proxy issue:
I assume you mean you used a web browser to get that - if so, is it
configured to use a web proxy? If your browser is using a proxy then
you need to configure Eclipse to use one too (see the General/Network
Connections preference page).
Since 3.5 Galileo, The Network Connection page has been changed to better show the current proxy configuration.
Now if you go to Preferences > General > Network Connections, you are able to see and change Eclipse proxy settings as well as see settings provided by the operating system.
If you want to use your browser or Gnome settings, or you have your proxy configured using environmental variables on Linux, you can see them all in this new UI
So to set your proxy, you can follow this tutorial (How to configure Proxy Settings in Eclipse)
The severity of the bug is downgraded, since there is a workaround. Open the eclipse.ini file and add the following
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient
In a few words the above command says that Eclipse can access the web via the *.pac files of the HTTP clients (eg Internet Explorer or Firefox).
To summarize:
Add the above line at the ini file
ensure that your default system http client (eg Internet Explorer) has proxy settings configured
Go to Eclipse Window->Preferences->Network Connection and enter the proxy setting here as well
It should work with this workaround
I'm not sure which Subversion client you use but neither of them can be installed from the main Galileo site. Follow the instructions on the web page of the Subversion plug-in how to install it.

Windows authentication with Eclipse

I use Eclipse daily for software development and those of you that use it know that you download plugins and updates regularly. The company I work for has Bluecoat installed, which blocks all of the updates. However, the update URLs are not blocked in Internet Explorer. With this said, the problem seems to be that Eclipse is not using Windows authentication when it requests updates from the URLs. Is there a way to set Eclipse up so that it acts like IE?
That could be linked to the proxy and not to Bluecoat:
If IE does authorized the access to update URLs, it must do so through an authenticated proxy connection.
If you do have such a setting (proxyname:port , user/password), you should report that setting on your eclipse, in order for p2 within that eclipse to use those same settings.
(Menu Preferences : General / Network Connections)