ZAP by Checkmarx Recorder

Summary

This extension allows you to record all of the actions you take in the browser as a Zest script. It can be used to record things like authentication scripts or other complex interactions. Zest scripts can be replayed in ZAP, whether in the desktop or in automation.

When the extension is recording then a notification panel will be shown at the bottom of the page. Clicking on the "Stop and Download Recording" button will stop the recording and automatically download the recording as detailed below.

You can also stop the recording via the extension dialog and then download the recording using a filename you specify.

If you are using the full ZAP extension and start recording in ZAP then the Zest script will be automatically updated in the ZAP Script Console so you do not need to download it manually.

Recorder Advice and Guidance

If you are going to use the recorded script for authentication then you need to make sure that the browser will be in the same state as when it is launched from ZAP.

If the login URL is static then you can open that page before starting to record.
If the URL is dynamic then you should enter a suitable static URL in the Recorder Dialog. This URL will then be recorded in the script and the browser will handle the dynamic redirects as required.

In all cases you should start to record before dismissing any dialogs, such as cookie warnings and other disclaimers, as ZAP will need to do the same things.

It is often better to use private/incognito mode when recording so that the browser will not have any existing application state.

The 'buttons' on some modern web apps can be complicated HTML components that are sometimes hard to click on using automation. If your forms can be submitted using the RETURN key then that is often a better option to use when recording.

Recorder Dialog

Clicking on the ZAP Extension icon will display the Recorder Dialog.
This dialog has the following components:

Start / Stop Recording Button

Click to start and stop the recording.

Login URL Field

By default ZAP will start recording based on the URL in the current tab. If that is a suitable URL then you do not need to use this field.
However in some cases you might not be able to choose a suitable URL.
For example if the initial URL you need to choose automatically redirects to a one-time URL then by default the recorder would start from the one-time URL. In cases like this enter the URL the recorder should start from in this Login URL field. When you click on the Start Recording button then the extension will start recording using the URL you have given and open it in a new tab.

Script Name Field

The name of the script that the recorder will download from this dialog.

If you stop recording via the "Stop and Download Recording" button in the notification panel then the extension will automatically download the recording using an auto-generated filename.

Download Script Button

Clicking on this button will download any recorded script using the name in the above field. You must have recorded something and specified a script name.

Config Button

Shows the extension configuration screen. This is only available in the full ZAP extension, the recorder extension does not have this button or any configuration options.

Help Button

Shows this screen.

Notification Panel

When you are recording a script then a notification panel is shown on the current browser tab. The panel will display the Zest elements recorded and then revert to showing a button: "Stop and Download Recording". Clicking on this button will stop the recording and automatically download it using a filename based on the hostname of the current page and the current date / time.

If you want to stop recording without automatically downloading the script then you can do that via the Recorder Dialog.

If the notification panel obscures part of the site that you need to interact with then you can drag it to anywhere else on the screen.