diff --git a/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_kaa.properties b/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_kaa.properties new file mode 100644 index 00000000000..31def08f7cc --- /dev/null +++ b/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_kaa.properties @@ -0,0 +1,60 @@ +accessControl.accessRule.allowed = Allowed +accessControl.accessRule.denied = Denied +accessControl.accessRule.inherited = Inherited +accessControl.accessRule.unknown = Unknown +accessControl.activeActionPrefix = Access Control: {0} +accessControl.alert.authentication.name = Access Control Issue - Improper Authentication +accessControl.alert.authentication.otherinfo = Accessed as an unauthenticated user.\n\nRequest detected as authorized: {0}. The defined access rule for resource is that access should be: {1}. + +accessControl.alert.authorization.name = Access Control Issue - Improper Authorization +accessControl.alert.authorization.otherinfo = Accessed as user: {0}\n\nRequest detected as authorized: {1}. The defined access rule for resource is that access should be: {2}. + +accessControl.api.action.scan = Starts an Access Control scan with the given \ncontext ID and user ID. (Optional parameters: user ID for Unauthenticated \nuser, boolean identifying whether or not Alerts are raised, and the Risk level \nfor the Alerts.) [This assumes the Access Control rules were previously established \nvia ZAP gui and the necessary Context exported/imported.] +accessControl.api.action.writeHTMLreport = Generates an Access Control report for the given context ID and saves it based on the provided filename (path). +accessControl.api.view.getScanProgress = Gets the Access Control scan progress (percentage integer) for the given context ID. +accessControl.api.view.getScanStatus = Gets the Access Control scan status (description string) for the given context ID. +accessControl.contextPanel.label.description = This is where you can control the access rules for the web application. +accessControl.contextPanel.label.user = Access rules for User: +accessControl.contextPanel.label.warning = Warning: Changes to the Structural Parameters or Separators on the Structure panel will be visible after restarting this dialog and may cause the loss of some existing rules. +accessControl.contextPanel.title = Access Control +accessControl.contextPanel.user.unauthenticated = <> +accessControl.contextTree.hanging = Older rules +accessControl.contextTree.root = Context access rules +accessControl.desc = Add-on that adds a set of tools for testing access control in web applications. +accessControl.options.title = Access Control Options +accessControl.panel.title = Access Control +accessControl.report.button.all = Show All +accessControl.report.button.illegal = Show Illegal +accessControl.report.button.valid = Show Valid +accessControl.report.table.field.authorized = Yes +accessControl.report.table.field.unauthorized = No +accessControl.report.table.header.accessControl = Access Control +accessControl.report.table.header.authorization = Authorized? +accessControl.report.table.header.method = Method +accessControl.report.table.header.url = URL +accessControl.report.title = ZAP Access Control Report +accessControl.results.table.header.authorized = Authorized +accessControl.results.table.header.result = Result +accessControl.results.table.header.rule = Access Rule +accessControl.results.table.header.user = User +accessControl.scanOptions.button.scan = Start +accessControl.scanOptions.error.mode.protected = The following context is not allowed in ''Protected'' mode:\n{0} +accessControl.scanOptions.error.mode.safe = Access control testing is not allowed in 'Safe' mode. +accessControl.scanOptions.error.noContext = You must select a starting Context for the scan. +accessControl.scanOptions.error.noUsers = You must select at least an User in order to start the scan. +accessControl.scanOptions.label.alertsRisk = Risk level for raised alerts: +accessControl.scanOptions.label.context = Context to scan: +accessControl.scanOptions.label.raiseAlerts = Raise alerts for identified issues: +accessControl.scanOptions.label.users = Users to scan as (at least 1): +accessControl.scanOptions.title = Access Control scan options +accessControl.scanOptions.unauthenticatedUser = << Unauthenticated >> +accessControl.scanResult.illegal = Invalid +accessControl.scanResult.unknown = Unknown +accessControl.scanResult.valid = Valid +accessControl.toolbar.button.options = Options +accessControl.toolbar.button.pause = Pause +accessControl.toolbar.button.report = Generate report +accessControl.toolbar.button.start = Start +accessControl.toolbar.button.stop = Stop +accessControl.toolbar.button.unpause = Unpause +accessControl.toolbar.context.label = Context: diff --git a/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_nl_NL.properties b/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_nl_NL.properties index d368a91da1e..7a2afbecb07 100644 --- a/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_nl_NL.properties +++ b/addOns/accessControl/src/main/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_nl_NL.properties @@ -26,15 +26,15 @@ accessControl.scanOptions.label.users = Gebruikers om mee te scannen (ten mins accessControl.scanOptions.label.raiseAlerts = Geef waarschuwingen voor ge\u00efdentificeerde kwesties\: accessControl.scanOptions.label.alertsRisk = Risiconiveau voor gegeven waarschuwingen\: accessControl.scanOptions.button.scan = Start -accessControl.scanOptions.error.mode.safe = Access control testing is not allowed in 'Safe' mode. -accessControl.scanOptions.error.mode.protected = The following context is not allowed in ''Protected'' mode\:\n{0} +accessControl.scanOptions.error.mode.safe = Het testen van toegangscontrole is niet toegestaan in veilige modus. +accessControl.scanOptions.error.mode.protected = De volgende context is niet toegestaan in ''Beschermde'' modus\:\n{0} accessControl.scanOptions.error.noContext = U moet een startomvang selecteren voor de scan. accessControl.scanOptions.error.noUsers = U moet een Gebruiker selecteren om mee te scannen. accessControl.scanOptions.unauthenticatedUser = << Niet geauthenticeerd >> accessControl.contextPanel.title = Toegangsbeheer accessControl.contextPanel.label.description = Hier kunt u de toegangsregels voor de web applicatie bepalen. accessControl.contextPanel.label.user = Toegangsregels voor Gebruiker\: -accessControl.contextPanel.label.warning = Warning\: Changes to the Structural Parameters or Separators on the Structure panel will be visible after restarting this dialog and may cause the loss of some existing rules. +accessControl.contextPanel.label.warning = Waarschuwing\: Veranderingen aan Structurele Parameters of Separatoren in het Structuur paneel worden zichtbaar na het herstarten van dit dialoog en kan leiden tot verlies van enkele bestaande regels. accessControl.contextPanel.user.unauthenticated = <> accessControl.report.title = ZAP Toegangsbeheer Rapport accessControl.report.button.all = Toon alle diff --git a/addOns/alertFilters/src/main/resources/org/zaproxy/zap/extension/alertFilters/resources/Messages_kaa.properties b/addOns/alertFilters/src/main/resources/org/zaproxy/zap/extension/alertFilters/resources/Messages_kaa.properties new file mode 100644 index 00000000000..f641c6132a2 --- /dev/null +++ b/addOns/alertFilters/src/main/resources/org/zaproxy/zap/extension/alertFilters/resources/Messages_kaa.properties @@ -0,0 +1,113 @@ +alertFilters.api.action.addAlertFilter = Adds a new alert filter for the context with the given ID. +alertFilters.api.action.addGlobalAlertFilter = Adds a new global alert filter. +alertFilters.api.action.applyAll = Applies all currently enabled Global and Context alert filters. +alertFilters.api.action.applyContext = Applies all currently enabled Context alert filters. +alertFilters.api.action.applyGlobal = Applies all currently enabled Global alert filters. +alertFilters.api.action.removeAlertFilter = Removes an alert filter from the context with the given ID. +alertFilters.api.action.removeGlobalAlertFilter = Removes a global alert filter. +alertFilters.api.action.testAll = Tests all currently enabled Global and Context alert filters. +alertFilters.api.action.testContext = Tests all currently enabled Context alert filters. +alertFilters.api.action.testGlobal = Tests all currently enabled Global alert filters. +alertFilters.api.view.alertFilterList = Lists the alert filters of the context with the given ID. +alertFilters.api.view.globalAlertFilterList = Lists the global alert filters. + +alertFilters.automation.desc = Alert Filters Automation Framework Integration +alertFilters.automation.dialog.addfilter.attack = Attack: +alertFilters.automation.dialog.addfilter.attackregex = Attack is Regex: +alertFilters.automation.dialog.addfilter.context = Context: +alertFilters.automation.dialog.addfilter.evidence = Evidence: +alertFilters.automation.dialog.addfilter.evidenceregex = Evidence is Regex: +alertFilters.automation.dialog.addfilter.newrisk = New Risk: +alertFilters.automation.dialog.addfilter.param = Parameter: +alertFilters.automation.dialog.addfilter.paramregex = Parameter is Regex: +alertFilters.automation.dialog.addfilter.rule = Scan Rule: +alertFilters.automation.dialog.addfilter.title = Add Alert Filter +alertFilters.automation.dialog.addfilter.url = URL: +alertFilters.automation.dialog.addfilter.urlregex = URL is Regex: +alertFilters.automation.dialog.deleteglobal = Delete Global Alerts: +alertFilters.automation.dialog.summary = Alert Filter Count: {0} +alertFilters.automation.dialog.tab.filters = Filters +alertFilters.automation.dialog.tab.params = Parameters +alertFilters.automation.dialog.table.header.context = Context +alertFilters.automation.dialog.table.header.name = Rule +alertFilters.automation.dialog.table.header.newrisk = New Risk +alertFilters.automation.dialog.title = Alert Filters Job +alertFilters.automation.error.badattackregex = Job: {0} Invalid attack regex: {1} +alertFilters.automation.error.badevidenceregex = Job: {0} Invalid evidence regex: {1} +alertFilters.automation.error.badfilter = Job: {0} Invalid alert filter format: {1} +alertFilters.automation.error.badfilters = Job: {0} The alertFilters element is not a list +alertFilters.automation.error.badparamregex = Job: {0} Invalid parameter regex: {1} +alertFilters.automation.error.badrisk = Job: {0} Missing or invalid alert filter newRisk: {1} +alertFilters.automation.error.badurlregex = Job: {0} Invalid URL regex: {1} +alertFilters.automation.error.invalidruleid = Job: {0} Invalid ruleId: {1} +alertFilters.automation.error.nofilters = Job: {0} No alertFilters element defined +alertFilters.automation.info.contextadd = Job: {0} Added context filter for context: {1} alertId: {2} new risk: {3} +alertFilters.automation.info.globaladd = Job: {0} Added global filter for alertId: {1} new risk: {2} +alertFilters.automation.info.globaldelete = Job: {0} Deleted all global alert filters +alertFilters.automation.name = Alert Filters Automation + +alertFilters.desc = Context alert rules filter + +alertFilters.dialog.add.button.confirm = Confirm +alertFilters.dialog.add.field.label.alert = Alert Type: +alertFilters.dialog.add.field.label.apply = Apply Filter: +alertFilters.dialog.add.field.label.attack = Attack: +alertFilters.dialog.add.field.label.attackregex = Attack is Regex? +alertFilters.dialog.add.field.label.enabled = Enabled: +alertFilters.dialog.add.field.label.evidence = Evidence: +alertFilters.dialog.add.field.label.evidenceregex = Evidence is Regex? +alertFilters.dialog.add.field.label.newlevel = New Risk Level: +alertFilters.dialog.add.field.label.param = Parameter: +alertFilters.dialog.add.field.label.paramregex = Parameter is Regex? +alertFilters.dialog.add.field.label.scope = Scope: +alertFilters.dialog.add.field.label.test = Test Filter: +alertFilters.dialog.add.field.label.url = URL: +alertFilters.dialog.add.field.label.urlregex = URL is Regex? +alertFilters.dialog.add.label.scope.global = Global +alertFilters.dialog.add.title = Add Alert Filter +alertFilters.dialog.button.apply = Apply +alertFilters.dialog.button.test = Test +alertFilters.dialog.error.badregex.attack = The provided regular expression for 'Attack' is invalid +alertFilters.dialog.error.badregex.evidence = The provided regular expression for 'Evidence' is invalid +alertFilters.dialog.error.badregex.param = The provided regular expression for 'Parameter' is invalid +alertFilters.dialog.error.badregex.url = The provided regular expression for 'URL' is invalid +alertFilters.dialog.error.missing.rule = You must select one of the alert types +alertFilters.dialog.error.title = Invalid Field Value +alertFilters.dialog.filter.state.appliedto = Applied to {0} alerts +alertFilters.dialog.filter.state.appliesto = Applies to {0} alerts +alertFilters.dialog.filter.state.notapplied = Not applied +alertFilters.dialog.filter.state.nottested = Not tested +alertFilters.dialog.methods.button.add = Qosıw +alertFilters.dialog.methods.button.save = Saqlaw +alertFilters.dialog.methods.button.select = Tańlaw... +alertFilters.dialog.methods.label.custom = Custom: +alertFilters.dialog.methods.label.default = Default: +alertFilters.dialog.methods.label.method = HTTP Method: +alertFilters.dialog.methods.label.selected = Selected: +alertFilters.dialog.methods.title = Method Selection +alertFilters.dialog.modify.button.confirm = Confirm +alertFilters.dialog.modify.title = Modify Alert Filter +alertFilters.dialog.remove.button.cancel = Biykarlaw +alertFilters.dialog.remove.button.confirm = Alıp taslaw +alertFilters.dialog.remove.checkbox.label = Do not show this message again +alertFilters.dialog.remove.text = Are you sure you want to remove the selected Alert Filter? +alertFilters.dialog.remove.title = Remove Alert Filter + +alertFilters.error.nofile = File not found : {0} + +alertFilters.global.options.title = Global Alert Filters + +alertFilters.panel.description = Change the risk rating of alerts raised by the scanners. +alertFilters.panel.newalert.fp = False Positive +alertFilters.panel.newalert.high = Joqarı +alertFilters.panel.newalert.info = Info +alertFilters.panel.newalert.low = Tómen +alertFilters.panel.newalert.medium = Ortasha +alertFilters.panel.title = Alert Filters + +alertFilters.popup.createfilter = Create Alert Filter... + +alertFilters.table.header.alertid = Alert +alertFilters.table.header.enabled = Qosılǵan +alertFilters.table.header.newalert = New Risk Level +alertFilters.table.header.url = URL diff --git a/addOns/allinonenotes/src/main/resources/org/zaproxy/zap/extension/allinonenotes/resources/Messages_kaa.properties b/addOns/allinonenotes/src/main/resources/org/zaproxy/zap/extension/allinonenotes/resources/Messages_kaa.properties new file mode 100644 index 00000000000..b1d030b3f30 --- /dev/null +++ b/addOns/allinonenotes/src/main/resources/org/zaproxy/zap/extension/allinonenotes/resources/Messages_kaa.properties @@ -0,0 +1,5 @@ +allinonenotes.columnHeaders.noteContent = Note Content +allinonenotes.columnHeaders.requestId = Request ID +allinonenotes.desc = An All In One Notes Add-on +allinonenotes.panel.title = All In One Notes +allinonenotes.reload.button = Reload Notes diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_kaa.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_kaa.properties new file mode 100644 index 00000000000..1af92b24e32 --- /dev/null +++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_kaa.properties @@ -0,0 +1,234 @@ + +ascanrules.bufferoverflow.desc = Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way. +ascanrules.bufferoverflow.name = Buffer Overflow +ascanrules.bufferoverflow.other = Potential Buffer Overflow. The script closed the connection and threw a 500 Internal Server Error +ascanrules.bufferoverflow.refs = https://owasp.org/www-community/attacks/Buffer_overflow_attack +ascanrules.bufferoverflow.soln = Rewrite the background program using proper return length checking. This will require a recompile of the background executable. + +ascanrules.cloudmetadata.desc = The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.\nAll of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field. +ascanrules.cloudmetadata.name = Cloud Metadata Potentially Exposed +ascanrules.cloudmetadata.otherinfo = Based on the successful response status code cloud metadata may have been returned in the response. Check the response data to see if any cloud metadata has been returned.\nThe meta data returned can include information that would allow an attacker to completely compromise the system. +ascanrules.cloudmetadata.refs = https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/ +ascanrules.cloudmetadata.soln = Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker. + +ascanrules.codeinjection.desc = A code injection may be possible including custom code that will be evaluated by the scripting engine +ascanrules.codeinjection.name = Server Side Code Injection +ascanrules.codeinjection.name.asp = Server Side Code Injection - ASP Code Injection +ascanrules.codeinjection.name.php = Server Side Code Injection - PHP Code Injection +ascanrules.codeinjection.refs = http://cwe.mitre.org/data/definitions/94.html\nhttps://owasp.org/www-community/attacks/Direct_Dynamic_Code_Evaluation_Eval%20Injection +ascanrules.codeinjection.soln = Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side and escape all data received from the client.\n Avoid the use of eval() functions combined with user input data. + +ascanrules.commandinjection.desc = Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs. +ascanrules.commandinjection.name = Remote OS Command Injection +ascanrules.commandinjection.otherinfo.feedback-based = The scan rule was able to retrieve the content of a file or command by sending [{0}] to the operating system running this application +ascanrules.commandinjection.otherinfo.time-based = The scan rule was able to control the timing of the application response by sending [{0}] to the operating system running this application +ascanrules.commandinjection.refs = http://cwe.mitre.org/data/definitions/78.html\nhttps://owasp.org/www-community/attacks/Command_Injection + +ascanrules.crlfinjection.desc = Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist. +ascanrules.crlfinjection.name = CRLF Injection +ascanrules.crlfinjection.refs = http://www.watchfire.com/resources/HTTPResponseSplitting.pdf\nhttp://webappfirewall.com/lib/crlf-injection.txtnull\nhttp://www.securityfocus.com/bid/9804 +ascanrules.crlfinjection.soln = Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF. + +ascanrules.crosssitescripting.json.desc = A XSS attack was reflected in a JSON response, this might leave content consumers vulnerable to attack if they don't appropriately handle the data (response). +ascanrules.crosssitescripting.json.name = Cross Site Scripting Weakness (Reflected in JSON Response) +ascanrules.crosssitescripting.name = Cross Site Scripting (Reflected) +ascanrules.crosssitescripting.otherinfo.accesskey = The accesskey attribute specifies a shortcut key to activate/focus an element. This attribute can trigger payloads for non-conventional or custom tags. +ascanrules.crosssitescripting.otherinfo.nothtml = Raised with LOW confidence as the Content-Type is not HTML + +ascanrules.desc = Release status active scan rules + +ascanrules.directorybrowsing.desc = It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information. +ascanrules.directorybrowsing.name = Directory Browsing +ascanrules.directorybrowsing.refs = http://httpd.apache.org/docs/mod/core.html#options\nhttp://alamo.satlug.org/pipermail/satlug/2002-February/000053.html +ascanrules.directorybrowsing.soln = Disable directory browsing. If this is required, make sure the listed files does not induce risks. + +ascanrules.elmah.desc = The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information. +ascanrules.elmah.name = ELMAH Information Leak +ascanrules.elmah.otherinfo = Based on response status code ELMAH may be protected by an authentication or authorization mechanism. +ascanrules.elmah.refs = https://www.troyhunt.com/aspnet-session-hijacking-with-google/\nhttps://www.nuget.org/packages/elmah\nhttps://elmah.github.io/ +ascanrules.elmah.soln = Consider whether or not ELMAH is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization. See also: https://elmah.github.io/a/securing-error-log-pages/ + +ascanrules.envfiles.desc = One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information. +ascanrules.envfiles.name = .env Information Leak +ascanrules.envfiles.otherinfo = Based on response status code the .env file may be protected by an authentication or authorization mechanism. +ascanrules.envfiles.refs = https://www.google.com/search?q=db_password+filetype%3Aenv\nhttps://mobile.twitter.com/svblxyz/status/1045013939904532482 +ascanrules.envfiles.soln = Ensure the .env file is not accessible. + +ascanrules.externalredirect.name = External Redirect +ascanrules.externalredirect.reason.javascript = The response contains a redirect in its JavaScript code which allows an external Url to be set. +ascanrules.externalredirect.reason.location.header = The response contains a redirect in its Location header which allows an external Url to be set. +ascanrules.externalredirect.reason.location.meta = The response contains a redirect in its meta http-equiv tag for 'Location' which allows an external Url to be set. +ascanrules.externalredirect.reason.notfound = No reason found for it... +ascanrules.externalredirect.reason.refresh.header = The response contains a redirect in its Refresh header which allows an external Url to be set. +ascanrules.externalredirect.reason.refresh.meta = The response contains a redirect in its meta http-equiv tag for 'Refresh' which allows an external Url to be set. + +ascanrules.formatstring.desc = A Format String error occurs when the submitted data of an input string is evaluated as a command by the application. +ascanrules.formatstring.error1 = Potential Format String Error. The script closed the connection on a /%s +ascanrules.formatstring.error2 = Potential Format String Error. The script closed the connection on a /%s and /%x +ascanrules.formatstring.error3 = Potential Format String Error. The script closed the connection on a microsoft format string error +ascanrules.formatstring.name = Format String Error +ascanrules.formatstring.refs = https://owasp.org/www-community/attacks/Format_string_attack +ascanrules.formatstring.soln = Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable. + +ascanrules.getforpost.desc = A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible. +ascanrules.getforpost.name = GET for POST +ascanrules.getforpost.soln = Ensure that only POST is accepted where POST is expected. + +ascanrules.heartbleed.desc = The TLS implementation in OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information. +ascanrules.heartbleed.extrainfo = This issue was confirmed by exfiltrating data from the server, using {0}. This is unlikely to be a false positive. +ascanrules.heartbleed.name = Heartbleed OpenSSL Vulnerability +ascanrules.heartbleed.refs = https://nvd.nist.gov/vuln/detail/CVE-2014-0160 +ascanrules.heartbleed.soln = Update to OpenSSL 1.0.1g or later. Re-issue HTTPS certificates. Change asymmetric private keys and shared secret keys, since these may have been compromised, with no evidence of compromise in the server log files. + +ascanrules.hidden.files.alert.name = Hidden File Found +ascanrules.hidden.files.desc = A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts. +ascanrules.hidden.files.name = Hidden File Finder +ascanrules.hidden.files.otherinfo = {0} +ascanrules.hidden.files.refs = https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html +ascanrules.hidden.files.soln = Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc. + +ascanrules.htaccess.desc = htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. +ascanrules.htaccess.name = .htaccess Information Leak +ascanrules.htaccess.otherinfo = Based on response status code htaccess file may be protected by an authentication or authorization mechanism. +ascanrules.htaccess.refs = http://www.htaccess-guide.com/ +ascanrules.htaccess.soln = Ensure the .htaccess file is not accessible. + +ascanrules.log4shell.cve44228.desc = Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. +ascanrules.log4shell.cve44228.name = Log4Shell (CVE-2021-44228) +ascanrules.log4shell.cve44228.refs = https://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44228 +ascanrules.log4shell.cve44228.soln = Upgrade Log4j2 to version 2.17.1 or newer. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to "true" or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false". +ascanrules.log4shell.cve45046.desc = It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments. +ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046) +ascanrules.log4shell.cve45046.refs = https://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45046 +ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer. +ascanrules.log4shell.name = Log4Shell +ascanrules.log4shell.skipped = no Active Scan OAST service is selected. + +ascanrules.name = Active Scan Rules + +ascanrules.paddingoracle.desc = By manipulating the padding on an encrypted string, an attacker is able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. This rule should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled for that. +ascanrules.paddingoracle.name = Generic Padding Oracle +ascanrules.paddingoracle.refs = http://netifera.com/research/\nhttp://www.microsoft.com/technet/security/bulletin/ms10-070.mspx\nhttp://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle\nhttps://bugzilla.redhat.com/show_bug.cgi?id=623799 +ascanrules.paddingoracle.soln = Update the affected server software, or modify the scripts so that they properly validate encrypted data before attempting decryption. + +ascanrules.parametertamper.desc = Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit. +ascanrules.parametertamper.name = Parameter Tampering +ascanrules.parametertamper.soln = Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error. + +ascanrules.pathtraversal.name = Path Traversal + +ascanrules.payloader.desc = Provides support for custom payloads in scan rules. +ascanrules.payloader.name = Active Scan Rules Custom Payloads + +ascanrules.persistentxssattack.json.desc = A XSS attack was found in a JSON response, this might leave content consumers vulnerable to attack if they don't appropriately handle the data (response). +ascanrules.persistentxssattack.json.name = Cross Site Scripting Weakness (Persistent in JSON Response) +ascanrules.persistentxssattack.name = Cross Site Scripting (Persistent) +ascanrules.persistentxssattack.otherinfo = Source URL: {0} +ascanrules.persistentxssattack.otherinfo.nothtml = Raised with LOW confidence as the Content-Type is not HTML + +ascanrules.persistentxssprime.misc = N/A +ascanrules.persistentxssprime.name = Cross Site Scripting (Persistent) - Prime + +ascanrules.persistentxssspider.misc = N/A +ascanrules.persistentxssspider.name = Cross Site Scripting (Persistent) - Spider + +ascanrules.remotecodeexecution.cve-2012-1823.desc = Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped "=" character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser. +ascanrules.remotecodeexecution.cve-2012-1823.name = Remote Code Execution - CVE-2012-1823 +ascanrules.remotecodeexecution.cve-2012-1823.soln = Upgrade to the latest stable version of PHP, or use the Apache web server and the mod_rewrite module to filter out malicious requests using the "RewriteCond" and "RewriteRule" directives. + +ascanrules.remotefileinclude.name = Remote File Inclusion + +ascanrules.serversideinclude.desc = Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed. +ascanrules.serversideinclude.name = Server Side Include +ascanrules.serversideinclude.refs = http://www.carleton.ca/~dmcfet/html/ssi.html +ascanrules.serversideinclude.soln = Do not trust client side input and enforce a tight check in the server side. Disable server side includes.\nRefer to manual to disable Sever Side Include.\nUse least privilege to run your web server or application server.\nFor Apache, disable the following:\nOptions Indexes FollowSymLinks Includes\nAddType application/x-httpd-cgi .cgi\nAddType text/x-server-parsed-html .html + +ascanrules.sourcecodedisclosurecve-2012-1823.desc = Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped "=" character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML. +ascanrules.sourcecodedisclosurecve-2012-1823.name = Source Code Disclosure - CVE-2012-1823 +ascanrules.sourcecodedisclosurecve-2012-1823.soln = Upgrade to the latest stable version of PHP, or use the Apache web server and the mod_rewrite module to filter out malicious requests using the "RewriteCond" and "RewriteRule" directives. + +ascanrules.sourcecodedisclosurewebinf.desc = Java source code was disclosed by the web server in Java class files in the WEB-INF folder. The class files can be dis-assembled to produce source code which very closely matches the original source code. +ascanrules.sourcecodedisclosurewebinf.name = Source Code Disclosure - /WEB-INF folder +ascanrules.sourcecodedisclosurewebinf.propertiesfile.desc = A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys. +ascanrules.sourcecodedisclosurewebinf.propertiesfile.extrainfo = The reference to the properties file was found in the dis-assembled Java source code for Java class [{0}]. +ascanrules.sourcecodedisclosurewebinf.propertiesfile.name = Properties File Disclosure - /WEB-INF folder +ascanrules.sourcecodedisclosurewebinf.propertiesfile.soln = The web server should be configured to not serve the /WEB-INF folder or its contents to web browsers. It may also be possible to remove the /WEB-INF folder. +ascanrules.sourcecodedisclosurewebinf.soln = The web server should be configured to not serve the /WEB-INF folder or its contents to web browsers, since it contains sensitive information such as compiled Java source code and properties files which may contain credentials. Java classes deployed with the application should be obfuscated, as an additional layer of defence in a "defence-in-depth" approach. + +ascanrules.spring4shell.desc = The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding. +ascanrules.spring4shell.name = Spring4Shell +ascanrules.spring4shell.refs = https://nvd.nist.gov/vuln/detail/CVE-2022-22965\nhttps://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/\nhttps://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#vulnerability\nhttps://tanzu.vmware.com/security/cve-2022-22965 +ascanrules.spring4shell.soln = Upgrade Spring Framework to versions 5.3.18, 5.2.20, or newer. + +ascanrules.springactuator.desc = Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it. +ascanrules.springactuator.name = Spring Actuator Information Leak +ascanrules.springactuator.refs = https://docs.spring.io/spring-boot/docs/current/actuator-api/htmlsingle/#overview +ascanrules.springactuator.soln = Disable the Health Actuators and other actuators, or restrict them to administrative users. + +#ascanrules.sqlinjection.alert.errorbased.attack={1} +ascanrules.sqlinjection.alert.booleanbased.attack = field: [{0}], value [{1}] +ascanrules.sqlinjection.alert.booleanbased.extrainfo = The page results were successfully manipulated using the boolean conditions [{0}] and [{1}]\nThe parameter value being modified was {2}stripped from the HTML output for the purposes of the comparison +ascanrules.sqlinjection.alert.booleanbased.extrainfo.dataexists = Data was returned for the original parameter.\nThe vulnerability was detected by successfully restricting the data originally returned, by manipulating the parameter +ascanrules.sqlinjection.alert.booleanbased.extrainfo.datanotexists = Data was NOT returned for the original parameter.\nThe vulnerability was detected by successfully retrieving more data than originally returned, by manipulating the parameter +ascanrules.sqlinjection.alert.errorbased.attack = [{0}] field: [{1}], value [{2}] +ascanrules.sqlinjection.alert.errorbased.differentiation.attack = Original Value: [{0}]. Modified Value: [{1}]. Control Value: [{2}] +ascanrules.sqlinjection.alert.errorbased.differentiation.extrainfo = Unmodified message gave HTTP status [{0}], body of length [{1}], modified message gave HTTP status [{2}], body of length [{3}]. A third (non-SQL injection inducing value) gave HTTP status [{4}], body of length [{5}] +ascanrules.sqlinjection.alert.errorbased.extrainfo = RDBMS [{0}] likely, given error message regular expression [{1}] matched by the HTML results.\nThe vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised +ascanrules.sqlinjection.alert.errorbased.httpstatuscode.extrainfo = Unmodified message gave HTTP status [{0}], modified message gave HTTP status [{1}] +ascanrules.sqlinjection.alert.expressionbased.extrainfo = The original page results were successfully replicated using the expression [{0}] as the parameter value\nThe parameter value being modified was {1}stripped from the HTML output for the purposes of the comparison +ascanrules.sqlinjection.alert.orderbybased.extrainfo = The original page results were successfully replicated using the "ORDER BY" expression [{0}] as the parameter value\nThe parameter value being modified was {1}stripped from the HTML output for the purposes of the comparison +ascanrules.sqlinjection.alert.timebased.extrainfo = The query time is controllable using parameter value [{0}], which caused the request to take [{1}] milliseconds, when the original unmodified query with value [{2}] took [{3}] milliseconds +ascanrules.sqlinjection.alert.unionbased.attack = [{0}] field: [{1}], value [{2}] +ascanrules.sqlinjection.alert.unionbased.extrainfo = RDBMS [{0}] likely, given UNION-specific error message regular expression [{1}] matched by the HTML results\nThe vulnerability was detected by manipulating the parameter with an SQL ''UNION'' clause to cause a database error message to be returned and recognised +ascanrules.sqlinjection.authbypass.desc = SQL injection may be possible on a login page, potentially allowing the application's authentication mechanism to be bypassed +ascanrules.sqlinjection.authbypass.name = SQL Injection - Authentication Bypass +ascanrules.sqlinjection.desc = SQL injection may be possible. +ascanrules.sqlinjection.hypersonic.name = SQL Injection - Hypersonic SQL +ascanrules.sqlinjection.mssql.alert.timebased.extrainfo = The query time is controllable using parameter value [{0}], which caused the request to take [{1}] milliseconds, when the original unmodified query with value [{2}] took [{3}] milliseconds. +ascanrules.sqlinjection.mssql.name = SQL Injection - MsSQL +ascanrules.sqlinjection.mysql.name = SQL Injection - MySQL +ascanrules.sqlinjection.name = SQL Injection +ascanrules.sqlinjection.oracle.name = SQL Injection - Oracle +ascanrules.sqlinjection.postgres.name = SQL Injection - PostgreSQL +ascanrules.sqlinjection.refs = https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +ascanrules.sqlinjection.soln = Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application. +ascanrules.sqlinjection.sqlite.alert.errorbased.extrainfo = The following known SQLite error message was provoked: [{0}]. +ascanrules.sqlinjection.sqlite.alert.timebased.extrainfo = The query time is controllable using parameter value [{0}], which caused the request to take [{1}] milliseconds, parameter value [{2}], which caused the request to take [{3}] milliseconds, when the original unmodified query with value [{4}] took [{5}] milliseconds. +ascanrules.sqlinjection.sqlite.alert.versionnumber.extrainfo = Using a UNION based SQL Injection attack, and by exploiting SQLite''s dynamic typing mechanism, the SQLite version was determined to be [{0}].\nWith string-based injection points, full SQLite version information can be extracted, but with numeric injection points, only partial SQLite version information can be extracted.\nMore information on SQLite version [{0}] is available at http://www.sqlite.org/changes.html +ascanrules.sqlinjection.sqlite.name = SQL Injection - SQLite + +ascanrules.ssti.alert.otherinfo = Proof found at [{0}] \ncontent:\n[{1}] +ascanrules.ssti.desc = When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution. +ascanrules.ssti.name = Server Side Template Injection +ascanrules.ssti.refs = https://portswigger.net/blog/server-side-template-injection +ascanrules.ssti.soln = Instead of inserting the user input in the template, use it as rendering argument. + +ascanrules.sstiblind.alert.recvdcallback.otherinfo = Received callback from the server. +ascanrules.sstiblind.desc = When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution. +ascanrules.sstiblind.name = Server Side Template Injection (Blind) +ascanrules.sstiblind.refs = https://portswigger.net/blog/server-side-template-injection +ascanrules.sstiblind.soln = Instead of inserting the user input in the template, use it as rendering argument. + +ascanrules.traceaxd.desc = The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information. +ascanrules.traceaxd.name = Trace.axd Information Leak +ascanrules.traceaxd.otherinfo = Based on response status code Trace Viewer may be protected by an authentication or authorization mechanism. +ascanrules.traceaxd.refs = https://msdn.microsoft.com/en-us/library/bb386420.aspx\nhttps://msdn.microsoft.com/en-us/library/wwh16c6c.aspx\nhttps://www.dotnetperls.com/trace +ascanrules.traceaxd.soln = Consider whether or not Trace Viewer is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization. + +ascanrules.useragent.desc = Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response. +ascanrules.useragent.name = User Agent Fuzzer +ascanrules.useragent.refs = https://owasp.org/wstg +ascanrules.useragent.useragentparmname = Header User-Agent + +ascanrules.xpathinjection.name = XPath Injection + +ascanrules.xsltinjection.command.otherinfo = Command execution may be possible. +ascanrules.xsltinjection.desc = Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code. +ascanrules.xsltinjection.error.otherinfo = The response to sending an XSLT token included error messages that may indicate a vulnerability to XSLT injections. +ascanrules.xsltinjection.name = XSLT Injection +ascanrules.xsltinjection.portscan.otherinfo = Port scanning may be possible. +ascanrules.xsltinjection.refs = https://www.contextis.com/blog/xslt-server-side-injection-attacks +ascanrules.xsltinjection.soln = Sanitize and analyze every user input coming from any client-side. +ascanrules.xsltinjection.vendor.otherinfo = The XSLT processor vendor name "{0}" was returned after an injection request. + +ascanrules.xxe.name = XML External Entity Attack diff --git a/addOns/ascanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/ascanrulesAlpha/resources/Messages_kaa.properties b/addOns/ascanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/ascanrulesAlpha/resources/Messages_kaa.properties new file mode 100644 index 00000000000..9e40edb1286 --- /dev/null +++ b/addOns/ascanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/ascanrulesAlpha/resources/Messages_kaa.properties @@ -0,0 +1,38 @@ +ascanalpha.desc = Alpha status active scan rules + +ascanalpha.examplefile.desc = Add more information about the vulnerability here +ascanalpha.examplefile.name = An example active scan rule which loads data from a file +ascanalpha.examplefile.other = This is for information that doesnt fit in any of the other sections +ascanalpha.examplefile.refs = https://www.zaproxy.org/blog/2014-04-30-hacking-zap-4-active-scan-rules/ +ascanalpha.examplefile.soln = A general description of how to solve the problem + +#ascanalpha.ldapinjection.alert.attack=[{0}] field [{1}] set to [{2}] +ascanalpha.ldapinjection.alert.attack = parameter [{0}] set to [{1}] +ascanalpha.ldapinjection.alert.evidence = {0} +#ascanalpha.ldapinjection.alert.extrainfo=[{0}] field [{1}] on [{2}] [{3}] may be vulnerable to LDAP injection, using an attack with LDAP meta-characters [{4}], yielding known [{5}] error message [{6}], which was not present in the original response. +ascanalpha.ldapinjection.alert.extrainfo = parameter [{0}] on [{1}] [{2}] may be vulnerable to LDAP injection, using an attack with LDAP meta-characters [{3}], yielding known [{4}] error message [{5}], which was not present in the original response. +ascanalpha.ldapinjection.booleanbased.alert.attack = Equivalent LDAP expression: [{0}]. Random parameter: [{1}]. +ascanalpha.ldapinjection.booleanbased.alert.extrainfo = parameter [{0}] on [{1}] [{2}] may be vulnerable to LDAP injection, by using the logically equivalent expression [{3}], and ''FALSE'' expression [{4}]. +ascanalpha.ldapinjection.desc = LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory. +ascanalpha.ldapinjection.name = LDAP Injection +ascanalpha.ldapinjection.refs = http://www.testingsecurity.com/how-to-test/injection-vulnerabilities/LDAP-Injection\nhttps://owasp.org/www-community/attacks/LDAP_Injection +ascanalpha.ldapinjection.soln = Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed:\n&\n|\n!\n<\n>\n=\n~=\n>=\n<=\n*\n(\n)\n,\n+\n-\n"\n'\n;\n\\\n/\nNUL character\n +ascanalpha.ldapinjection.technologies.protocol = Protocol + +ascanalpha.mongodb.desc = MongoDB query injection may be possible. +ascanalpha.mongodb.extrainfo.alldata = In some PHP or NodeJS based back end implementations, in order to obtain sensitive data it is possible to inject the "[$ne]" string (or other similar ones) that is processed as an associative array rather than a simple text.\nThrough this, the queries made to MongoDB will always be true. +ascanalpha.mongodb.extrainfo.authbypass = More probably a MongoDB attack has bypassed an authentication page. +ascanalpha.mongodb.extrainfo.crash = A MongoDB exception hasn't been properly handled. +ascanalpha.mongodb.extrainfo.json = In some NodeJS based back end implementations, messages having the JSON format as content-type are expected. In order to obtain sensitive data it is possible to attack these applications injecting the "{$ne:}" string (or other similar ones) that is processed as an associative array rather than a simple text.\nThrough this, the queries made to MongoDB will always be true. +ascanalpha.mongodb.extrainfo.sleep = Through the where or group MongoDB clauses, Javascript sleep function is probably executable. +ascanalpha.mongodb.name = NoSQL Injection - MongoDB +ascanalpha.mongodb.refs = https://arxiv.org/pdf/1506.04082.pdf\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.html +ascanalpha.mongodb.soln = Do not trust client side input and escape all data on the server side. \nAvoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version. + +ascanalpha.name = Active Scan Rules - alpha + +ascanalpha.webCacheDeception.desc = Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page. +ascanalpha.webCacheDeception.name = Web Cache Deception +ascanalpha.webCacheDeception.otherinfo = Cached Authorised Response and Unauthorised Response are similar. +ascanalpha.webCacheDeception.refs = https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html\nhttps://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/ +ascanalpha.webCacheDeception.soln = It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header. diff --git a/addOns/ascanrulesBeta/src/main/resources/org/zaproxy/zap/extension/ascanrulesBeta/resources/Messages_kaa.properties b/addOns/ascanrulesBeta/src/main/resources/org/zaproxy/zap/extension/ascanrulesBeta/resources/Messages_kaa.properties new file mode 100644 index 00000000000..bbd990e9d83 --- /dev/null +++ b/addOns/ascanrulesBeta/src/main/resources/org/zaproxy/zap/extension/ascanrulesBeta/resources/Messages_kaa.properties @@ -0,0 +1,257 @@ +ascanbeta.HTTPParamPoll.alert.attack = HTTP Parameter Pollution +ascanbeta.HTTPParamPoll.desc = HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach. +ascanbeta.HTTPParamPoll.extrainfo = http://www.google.com/search?q=http+parameter+pollution +ascanbeta.HTTPParamPoll.name = HTTP Parameter Pollution +ascanbeta.HTTPParamPoll.sol = Properly sanitize the user input for parameter delimiters + +ascanbeta.backupfiledisclosure.desc = A backup of the file was disclosed by the web server +ascanbeta.backupfiledisclosure.evidence = A backup of [{0}] is available at [{1}] +ascanbeta.backupfiledisclosure.name = Backup File Disclosure +ascanbeta.backupfiledisclosure.refs = https://cwe.mitre.org/data/definitions/530.html\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html +ascanbeta.backupfiledisclosure.soln = Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server. + +ascanbeta.cookieslack.affect.response.no = These cookies did NOT affect the response: +ascanbeta.cookieslack.affect.response.yes = These cookies affected the response: +ascanbeta.cookieslack.desc = Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced. +ascanbeta.cookieslack.endline = \n +ascanbeta.cookieslack.name = Cookie Slack Detector +ascanbeta.cookieslack.otherinfo.intro = Cookies that don't have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.\n +ascanbeta.cookieslack.separator = , +ascanbeta.cookieslack.session.destroyed = Dropping this cookie appears to have invalidated the session: [{0}] A follow-on request with all original cookies still had a different response than the original request. \n +ascanbeta.cookieslack.session.warning = NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [{0}] \n + +ascanbeta.cors.info.desc = Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. It relaxes the Same-Origin Policy (SOP). +ascanbeta.cors.info.name = CORS Header +ascanbeta.cors.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\nhttps://portswigger.net/web-security/cors +ascanbeta.cors.soln = If a web resource contains sensitive information, the origin should be properly specified in the Access-Control-Allow-Origin header. Only trusted websites needing this resource should be specified in this header, with the most secured protocol supported. +ascanbeta.cors.vuln.desc = This CORS misconfiguration could allow an attacker to perform AJAX queries to the vulnerable website from a malicious page loaded by the victim's user agent.\nIn order to perform authenticated AJAX queries, the server must specify the header "Access-Control-Allow-Credentials: true" and the "Access-Control-Allow-Origin" header must be set to null or the malicious page's domain. Even if this misconfiguration doesn't allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed (e.g intranet websites).\nA malicious page can belong to a malicious website but also a trusted website with flaws (e.g XSS, support of HTTP without TLS allowing code injection through MITM, etc). +ascanbeta.cors.vuln.name = CORS Misconfiguration + +ascanbeta.crossdomain.adobe.desc = Flash/Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server. +ascanbeta.crossdomain.adobe.read.extrainfo = The web server permits malicious cross-domain data read requests originating from Flash/Silverlight components served from any third party domain, to this domain. If the victim user is logged into this service, the malicious read requests are processed using the privileges of the victim, and can result in data from this service being compromised by an unauthorised third party web site, via the victim's web browser. This is particularly likely to be an issue if a Cookie based session implementation is in use. +ascanbeta.crossdomain.adobe.read.name = Cross-Domain Misconfiguration - Adobe - Read +ascanbeta.crossdomain.adobe.read.soln = Configure the crossdomain.xml file to restrict the list of domains that are allowed to make cross-domain read requests to this web server, using . You should only grant access to "*" (all domains) if you are certain that this service does not host any access-controlled, personalized, or private data. +ascanbeta.crossdomain.adobe.send.extrainfo = The web server permits malicious cross-domain data send (but not necessarily read) requests originating from Flash/Silverlight components served from any third party domain, to this domain. If the victim user is logged into this service, the malicious send requests are processed using the privileges of the victim, and can result in Cross Site Request Forgery (CSRF) type attacks, via the victim's web browser. This is particularly likely to be an issue if a Cookie based session implementation is in use. +ascanbeta.crossdomain.adobe.send.name = Cross-Domain Misconfiguration - Adobe - Send +ascanbeta.crossdomain.adobe.send.soln = Configure the crossdomain.xml file to restrict the list of domains that are allowed to make cross-domain send (but not necessarily read) requests to this web server, using . You should only grant access to "*" (all domains) if you are certain that this service is not vulnerable to Cross Site Request Forgery (CSRF) attacks. +ascanbeta.crossdomain.name = Cross-Domain Misconfiguration +#the refs cannot be customised for each sub-category (Adobe, Silverlight, etc.) +ascanbeta.crossdomain.refs = http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html\nhttp://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf\nhttp://msdn.microsoft.com/en-US/library/cc197955%28v=vs.95%29.aspx\nhttp://msdn.microsoft.com/en-us/library/cc838250%28v=vs.95%29.aspx +ascanbeta.crossdomain.silverlight.desc = Silverlight based cross-site request forgery may be possible, due to a misconfiguration on the web server. +ascanbeta.crossdomain.silverlight.extrainfo = The web server permits malicious cross-domain requests originating from Silverlight components served from any third party domain, to this domain. If the victim user is logged into this service, the malicious requests are processed using the privileges of the victim, and can result in data from this service being compromised by an unauthorised third party web site, via the victim's web browsers. It can also result in Cross Site Request Forgery (CSRF) type attacks. This is particularly likely to be an issue if a Cookie based session implementation is in use. +ascanbeta.crossdomain.silverlight.name = Cross-Domain Misconfiguration - Silverlight +ascanbeta.crossdomain.silverlight.soln = Configure the clientaccesspolicy.xml file to restrict the list of domains that are allowed to make cross-domain requests to this web server, using . You should only grant access to "*" (all domains) if you are certain that this service does not host any access-controlled, personalized, or private data. + +ascanbeta.csrftoken.extrainfo.annotation = This is an informational alert as the form has a security annotation indicating that it does not need an anti-CSRF Token. This should be tested manually to ensure the annotation is correct. +ascanbeta.csrftoken.name = Anti-CSRF Tokens Check + +ascanbeta.desc = Beta status active scan rules + +ascanbeta.elinjection.desc = The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration. +ascanbeta.elinjection.name = Expression Language Injection +ascanbeta.elinjection.refs = https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection\nhttp://cwe.mitre.org/data/definitions/917.html +ascanbeta.elinjection.soln = Perform data validation best practice against untrusted input and to ensure that output encoding is applied when data arrives on the EL layer, so that no metacharacter is found by the interpreter within the user content before evaluation. The most obvious patterns to detect include ${ and #{, but it may be possible to encode or fragment this data. + +ascanbeta.entityExpansion.desc = An exponential entity expansion, or "billion laughs" attack is a type of denial-of-service (DoS) attack. It is aimed at parsers of markup languages like XML or YAML that allow macro expansions. +ascanbeta.entityExpansion.name = Exponential Entity Expansion (Billion Laughs Attack) +ascanbeta.entityExpansion.other = The attack HTTP request received a response after {0} seconds. +ascanbeta.entityExpansion.refs = https://en.wikipedia.org/wiki/Billion_laughs_attack\nhttp://projects.webappsec.org/XML-Entity-Expansion\nhttp://cwe.mitre.org/data/definitions/776.html +ascanbeta.entityExpansion.soln = Defenses against this kind of attack include capping the memory allocated in an individual parser if loss of the document is acceptable, or treating entities symbolically and expanding them lazily only when (and to the extent) their content is to be used. + +ascanbeta.forbiddenBypass.desc = Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200). +ascanbeta.forbiddenBypass.name = Bypassing 403 +ascanbeta.forbiddenBypass.refs = https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/\nhttps://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf\nhttps://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass + +ascanbeta.httponlysite.desc = The site is only served under HTTP and not HTTPS. +ascanbeta.httponlysite.name = HTTP Only Site +ascanbeta.httponlysite.otherinfo = {0}\nZAP attempted to connect via: {1} +ascanbeta.httponlysite.otherinfo.connectionfail = Failed to connect. +ascanbeta.httponlysite.otherinfo.differenthosts = Different Hosts. +ascanbeta.httponlysite.otherinfo.noredirection = There was no automatic redirection. +ascanbeta.httponlysite.otherinfo.nossl = Site has no SSL/TLS support. +ascanbeta.httponlysite.otherinfo.redirectionlimit = Redirection limit reached. +ascanbeta.httponlysite.otherinfo.redirecttohttp = Redirected to HTTP. +ascanbeta.httponlysite.otherinfo.urinotencoded = Redirection URI couldn't be encoded. +ascanbeta.httponlysite.refs = https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html\nhttps://letsencrypt.org/ +ascanbeta.httponlysite.soln = Configure your web or application server to use SSL (https). + +ascanbeta.httpoxy.desc = The server initiated a proxied request via the proxy specified in the HTTP Proxy header of the request.Httpoxy typically affects code running in CGI or CGI like environments.\nThis may allow attackers to:\n* Proxy the outgoing HTTP requests made by the web application\n* Direct the server to open outgoing connections to an address and port of their choosing or\n* Tie up server resources by forcing the vulnerable software to use a malicious proxy +ascanbeta.httpoxy.name = Httpoxy - Proxy Header Misuse +ascanbeta.httpoxy.otherinfo = An outgoing message to {0} was proxied via the host and port that ZAP injected into the HTTP Proxy header. +ascanbeta.httpoxy.refs = https://httpoxy.org/ +ascanbeta.httpoxy.skipped = the Network extension is disabled +ascanbeta.httpoxy.soln = The best immediate mitigation is to block Proxy request headers as early as possible, and before they hit your application. + +ascanbeta.httpsashttp.desc = Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption). +ascanbeta.httpsashttp.name = HTTPS Content Available via HTTP +ascanbeta.httpsashttp.otherinfo = ZAP attempted to connect via: {0} +ascanbeta.httpsashttp.refs = https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttp://caniuse.com/stricttransportsecurity\nhttp://tools.ietf.org/html/rfc6797 +ascanbeta.httpsashttp.soln = Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security. + +ascanbeta.insecurehttpmethod.connect.exploitable.desc = The insecure HTTP method [{0}] is enabled for this resource, and is exploitable. It was found to be possible to establish a tunneled socket connection to a third party service, using this HTTP method. This would allow the service to be used as an anonymous spam relay, or as a web proxy, bypassing network restrictions. It also allows it to be used to establish a tunneled VPN, effectively extending the network perimeter to include untrusted components. +ascanbeta.insecurehttpmethod.connect.exploitable.extrainfo = The CONNECT method was used to establish a socket connection to [{0}], via the web server. +ascanbeta.insecurehttpmethod.delete.exploitable.desc = This method is most commonly used in REST services, It is used to delete a resource. +ascanbeta.insecurehttpmethod.delete.exploitable.extrainfo = See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods, for understanding REST operations see http://www.restapitutorial.com/lessons/httpmethods.html +ascanbeta.insecurehttpmethod.desc = The insecure HTTP method [{0}] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the ''HttpOnly'' flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The ''CONNECT'' method can be used by a web client to create an HTTP tunnel to third party websites or services. +ascanbeta.insecurehttpmethod.detailed.name = Insecure HTTP Method - {0} +ascanbeta.insecurehttpmethod.extrainfo = The OPTIONS method disclosed the following enabled HTTP methods for this resource: [{0}] +ascanbeta.insecurehttpmethod.insecure = response code {0} for insecure HTTP METHOD +ascanbeta.insecurehttpmethod.name = Insecure HTTP Method +ascanbeta.insecurehttpmethod.options.exploitable.desc = This is a diagnostic method and should never be turned on in production mode. +ascanbeta.insecurehttpmethod.options.exploitable.extrainfo = See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods +ascanbeta.insecurehttpmethod.patch.exploitable.desc = This method is now most commonly used in REST services, PATCH is used for **modify** capabilities. The PATCH request only needs to contain the changes to the resource, not the complete resource. +ascanbeta.insecurehttpmethod.patch.exploitable.extrainfo = See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods, for understanding REST operations see http://www.restapitutorial.com/lessons/httpmethods.html +ascanbeta.insecurehttpmethod.potentiallyinsecure = response code {0} for potentially insecure HTTP METHOD +ascanbeta.insecurehttpmethod.put.exploitable.desc = This method was originally intended for file management operations. It is now most commonly used in REST services, PUT is most-often utilized for **update** capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource.. +ascanbeta.insecurehttpmethod.put.exploitable.extrainfo = See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods, for understanding REST operations see http://www.restapitutorial.com/lessons/httpmethods.html +ascanbeta.insecurehttpmethod.soln = Disable insecure methods such as TRACK, TRACE, and CONNECT on the web server, and ensure that the underlying service implementation does not support insecure methods. +ascanbeta.insecurehttpmethod.trace.exploitable.desc = The insecure HTTP method [{0}] is enabled for this resource, and is exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the ''HttpOnly'' flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. +ascanbeta.insecurehttpmethod.trace.exploitable.extrainfo = A TRACE request was sent for this request, with a custom cookie value [{0}]. This cookie value was disclosed in the HTTP response, confirming the vulnerability. +ascanbeta.insecurehttpmethod.webdav.exploitable.desc = This HTTP method is a WEBDAV method: {0}. If this server is not offering any WEBDAV services, these methods should not be available. +ascanbeta.insecurehttpmethod.webdav.exploitable.extrainfo = See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods + +ascanbeta.integeroverflow.desc = An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream. +ascanbeta.integeroverflow.error1 = Potential Integer Overflow. Status code changed on the input of a long string of random integers. +ascanbeta.integeroverflow.error2 = Potential Integer Overflow. Status code changed on the input of a long string of zeros. +ascanbeta.integeroverflow.error3 = Potential Integer Overflow. Status code changed on the input of a long string of ones. +ascanbeta.integeroverflow.error4 = Potential Integer Overflow. Status code changed on the input of a long string of nines. +ascanbeta.integeroverflow.name = Integer Overflow Error +ascanbeta.integeroverflow.refs = https://en.wikipedia.org/wiki/Integer_overflow\nhttps://cwe.mitre.org/data/definitions/190.html\nhttp://projects.webappsec.org/w/page/13246946/Integer%20Overflows +ascanbeta.integeroverflow.soln = In order to prevent overflows and divide by 0 (zero) errors in the application, please rewrite the backend program, checking if the values of integers being processed are within the application's allowed range. This will require a recompilation of the backend executable. + +ascanbeta.name = Active Scan Rules - beta + +ascanbeta.noanticsrftokens.desc = No Anti-CSRF tokens were found in a HTML submission form. +ascanbeta.noanticsrftokens.name = Absence of Anti-CSRF Tokens + +ascanbeta.oobxss.name = Out of Band XSS +ascanbeta.oobxss.skipped = no Active Scan OAST service is selected. + +ascanbeta.proxydisclosure.attack = TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method. +ascanbeta.proxydisclosure.desc = {0} proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine \n - A list of targets for an attack against the application.\n - Potential vulnerabilities on the proxy servers that service the application.\n - The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated. +ascanbeta.proxydisclosure.extrainfo.proxyserver = - {0} +ascanbeta.proxydisclosure.extrainfo.proxyserver.header = Using the TRACE, OPTIONS, and TRACK methods, the following proxy servers have been identified between OWASP ZAP and the application/web server: +ascanbeta.proxydisclosure.extrainfo.silentproxyserver = - {0} +ascanbeta.proxydisclosure.extrainfo.silentproxyserver.header = The following 'silent' proxy servers were identified. Due to their behaviour, it is not known at which point in the network topology these proxy servers reside: +ascanbeta.proxydisclosure.extrainfo.traceenabled = The 'TRACE' method is enabled on one or more of the proxy servers, or on the origin server. This method leaks all information submitted from the web browser and proxies back to the user agent. This may facilitate 'Cross Site Tracing' attacks. +ascanbeta.proxydisclosure.extrainfo.unknown = Unknown +ascanbeta.proxydisclosure.extrainfo.webserver = - {0} +ascanbeta.proxydisclosure.extrainfo.webserver.header = The following web/application server has been identified: +ascanbeta.proxydisclosure.name = Proxy Disclosure +ascanbeta.proxydisclosure.refs = https://tools.ietf.org/html/rfc7231#section-5.1.2 +ascanbeta.proxydisclosure.soln = Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.\nDisable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing).\nConfigure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages.\nConfigure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.\n + +ascanbeta.relativepathconfusion.desc = The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability. +ascanbeta.relativepathconfusion.extrainfo.contenttypeenabled = A Content Type of "{0}" was specified. If the web browser is employing strict parsing rules, this will prevent cross-content attacks from succeeding. Quirks Mode in the web browser would disable strict parsing. +ascanbeta.relativepathconfusion.extrainfo.framingallowed = No X-Frame-Options header was specified, so the page can be framed, and this can be used to enable Quirks Mode, allowing the specified Content Type to be bypassed. +ascanbeta.relativepathconfusion.extrainfo.morethanonebasetag = More than one tag was specified in the HTML tag to define the location for relative URLs, which is not valid. +ascanbeta.relativepathconfusion.extrainfo.nobasetag = No tag was specified in the HTML tag to define the location for relative URLs. +ascanbeta.relativepathconfusion.extrainfo.nocontenttype = No Content Type was specified, so Quirks Mode is not required to exploit the vulnerability in the web browser. +ascanbeta.relativepathconfusion.extrainfo.quirksmodeenabledexplicitly = Quirks Mode is explicitly enabled via " HTML tag in the HTTP response will unambiguously specify the base URL for all relative URLs in the document.\nUse the "Content-Type" HTTP response header to make it harder for the attacker to force the web browser to mis-interpret the content type of the response.\nUse the "X-Content-Type-Options: nosniff" HTTP response header to prevent the web browser from "sniffing" the content type of the response.\nUse a modern DOCTYPE such as "" to prevent the page from being rendered in the web browser using "Quirks Mode", since this results in the content type being ignored by the web browser.\nSpecify the "X-Frame-Options" HTTP response header to prevent Quirks Mode from being enabled in the web browser using framing attacks. + +ascanbeta.sessionfixation.alert.attack = {0} field: [{1}] +ascanbeta.sessionfixation.alert.cookie.extrainfo = Cookie set in response when cookie field [{0}] is set to NULL: [{1}]\nCookie set in response with borrowed (valid) cookie value in request [{1}] : [{2}] +ascanbeta.sessionfixation.alert.cookie.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page.\n\nThis issue should be manually validated by checking that the session token set on the logon page is still valid once logged in, and that the token can be used to directly access a page/resource which should require the user to be logged in. +ascanbeta.sessionfixation.alert.url.extrainfo = A likely session value has appeared in URLs in the HTML output when URL parameter/pseudo URL parameter [{0}] is set to NULL: [{1}]\nWhen this ''borrowed'' session [{1}] is used in a subsequent request for this URL, a new session is not created. +ascanbeta.sessionfixation.alert.url.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page. +ascanbeta.sessionfixation.desc = Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user's actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim's browser, to allow the vulnerability to be exploited. +ascanbeta.sessionfixation.name = Session Fixation +ascanbeta.sessionfixation.refs = https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication\nhttps://owasp.org/www-community/attacks/Session_fixation\nhttp://www.acros.si/papers/session_fixation.pdf\nhttp://www.technicalinfo.net/papers/WebBasedSessionManagement.html +ascanbeta.sessionfixation.soln = 1) Prevent the attacker from gaining a session id by enforcing strict session ids, and by only allocating session ids upon successful authentication to the application.\n2) The server should always create a new session id upon authentication, regardless of whether a session is already in place.\n3) Bind the session id to some identifiable client attribute combination, such as IP address, SSL client certificate.\n4) Sessions, when destroyed, must be destroyed on the server, as well as on the client.\n5) Implement a logout mechanism which will destroy all previous sessions for the client.\n6) Implement absolute session timeouts.\n7)Switch from a URL based to a cookie or form based session id implementation, as the latter typically require additional vulnerabilities, in order to be exploitable by an attacker\n + +ascanbeta.sessionidaccessiblebyjavascript.alert.attack = {0} field: [{1}] +ascanbeta.sessionidaccessiblebyjavascript.alert.extrainfo = session identifier {0} field [{1}], value [{2}] may be accessed using JavaScript in the web browser +ascanbeta.sessionidaccessiblebyjavascript.alert.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page. +ascanbeta.sessionidaccessiblebyjavascript.desc = A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) may be accessed by JavaScript on the client. In conjunction with another vulnerability, this may allow the session to be hijacked. +#Session Id Cookie accessible by JavaScript +ascanbeta.sessionidaccessiblebyjavascript.name = Session ID Cookie Accessible to JavaScript +#these refs cannot be referenced, but we leave it here in the hope that it can be in the future.. +ascanbeta.sessionidaccessiblebyjavascript.refs = +ascanbeta.sessionidaccessiblebyjavascript.soln = 1) Use the 'httponly' flag when setting a cookie containing a session id, to prevent it from being accessed by JavaScript in the web browser. + +ascanbeta.sessionidexpiry.alert.attack = {0} field: [{1}] +ascanbeta.sessionidexpiry.alert.extrainfo = session identifier {0} field [{1}], value [{2}] may be accessed until [{3}] (since cookie was received at {4}), unless the session is destroyed. +ascanbeta.sessionidexpiry.alert.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page. +ascanbeta.sessionidexpiry.browserclose = browser close +ascanbeta.sessionidexpiry.desc = A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) is set to be valid for an excessive period of time. This may be exploitable by an attacker if the user forgets to log out, if the logout functionality does not correctly destroy the session, or if the session id is compromised by some other means. +#Session Id Cookie Expiry +ascanbeta.sessionidexpiry.name = Session ID Expiry Time/Max-Age is Excessive +#these refs cannot be referenced, but we leave it here in the hope that it can be in the future.. +ascanbeta.sessionidexpiry.refs = +ascanbeta.sessionidexpiry.soln = 1) Use the 'Expire' or 'Max-Age' cookie directives when setting a cookie containing a session id, to prevent it from being available for prolonged periods of time.\n2) Ensure that logout functionality exists, and that it correctly destroys the session.\n3) Use other preventative measures to ensure that if a session id is compromised, it may not be exploited. +ascanbeta.sessionidexpiry.timeexpired = Expired +ascanbeta.sessionidexpiry.timelessthanonehour = Less than one hour +ascanbeta.sessionidexpiry.timemorethanoneday = More than one day +ascanbeta.sessionidexpiry.timemorethanonehour = More than one hour +ascanbeta.sessionidexpiry.timemorethanoneweek = More than one week + +ascanbeta.sessionidexposedinurl.alert.attack = {0} field: [{1}] +ascanbeta.sessionidexposedinurl.alert.extrainfo = {0} field [{1}] contains an exposed session identifier [{2}] +ascanbeta.sessionidexposedinurl.alert.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page. +ascanbeta.sessionidexposedinurl.desc = A session id is exposed in the URL. By sharing such a website URL (containing the session id), a naive user may be inadvertently granting access to their data, compromising its confidentiality, integrity, and availability. URLs containing the session identifier also appear in web browser bookmarks, web server log files, and proxy server log files. +#Exposed Session Id messages +ascanbeta.sessionidexposedinurl.name = Exposed Session ID +#these refs cannot be referenced, but we leave it here in the hope that it can be in the future.. +ascanbeta.sessionidexposedinurl.refs = https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication +ascanbeta.sessionidexposedinurl.soln = Use a more secure session management implementation, such as one that uses session cookies, which are not as easily shared inadvertently, and which do not typically appear in server log files or web browser bookmarks. + +ascanbeta.sessionidsentinsecurely.alert.attack = {0} field: [{1}] +ascanbeta.sessionidsentinsecurely.alert.extrainfo = session identifier {0} field [{1}], value [{2}] may be sent via an insecure mechanism. +ascanbeta.sessionidsentinsecurely.alert.extrainfo.loginpage = The url on which the issue was discovered was flagged as a logon page. +ascanbeta.sessionidsentinsecurely.alert.extrainfo.secureflagnotset = The 'secure' flag was not set on the session cookie supplied by the server. +ascanbeta.sessionidsentinsecurely.desc = A session id may be sent via an insecure mechanism. In the case of a cookie sent in the request, this occurs when HTTP, rather than HTTPS, is used. In the case of a cookie sent by the server in response (when the URL is modified by setting the named parameter field to NULL), the 'secure' flag is not set, allowing the cookie to be sent later via HTTP rather than via HTTPS. This may allow a passive eavesdropper on the network path to gain full access to the victim's session. +#Session Id Cookie not sent securely +ascanbeta.sessionidsentinsecurely.name = Session ID Transmitted Insecurely +#these refs cannot be referenced, but we leave it here in the hope that it can be in the future.. +ascanbeta.sessionidsentinsecurely.refs = https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication +ascanbeta.sessionidsentinsecurely.soln = 1) Use the latest available version of SSL/TLS (for HTTPS) for all pages where a session id is communicated between the browser and the web server.\n2) Do not allow the communication to be forced down to the unencrypted HTTP protocol.\n3) Use the 'secure' flag when setting a cookie containing a session id, to prevent its subsequent transmission by an insecure mechanism.\n4) Forward non-secure HTTP page requests to the secure HTTPS equivalent page. + +ascanbeta.shellshock.desc = The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code +ascanbeta.shellshock.extrainfo = From CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. +ascanbeta.shellshock.name = Remote Code Execution - Shell Shock +ascanbeta.shellshock.ref = http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271\nhttp://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html +ascanbeta.shellshock.soln = Update Bash on the server to the latest version +ascanbeta.shellshock.timingbased.evidence = Using the attack, a delay of [{0}] milliseconds was induced and detected + +ascanbeta.sourcecodedisclosure.desc = The source code for the current page was disclosed by the web server +ascanbeta.sourcecodedisclosure.gitbased.evidence = The source code for [{0}] was extracted using [{1}] +ascanbeta.sourcecodedisclosure.gitbased.extrainfo = +ascanbeta.sourcecodedisclosure.gitbased.name = Source Code Disclosure - Git +ascanbeta.sourcecodedisclosure.gitbased.soln = Ensure that Git metadata files are not deployed to the web server or application server +ascanbeta.sourcecodedisclosure.lfibased.evidence = +ascanbeta.sourcecodedisclosure.lfibased.extrainfo = The output for the source code filename [{0}] differs sufficiently from that of the random parameter [{1}], at [{2}%], compared to a threshold of [{3}%] +ascanbeta.sourcecodedisclosure.lfibased.name = Source Code Disclosure - File Inclusion +ascanbeta.sourcecodedisclosure.lfibased.soln = Ensure that arbitrary files specified by the user are not included in the output +ascanbeta.sourcecodedisclosure.svnbased.extrainfo = The source code for [{0}] was found at [{1}] +ascanbeta.sourcecodedisclosure.svnbased.name = Source Code Disclosure - SVN +ascanbeta.sourcecodedisclosure.svnbased.soln = Ensure that SVN metadata files are not deployed to the web server or application server + +ascanbeta.sourcecodedisclosurecve-2012-1823.desc = Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped "=" character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML. +ascanbeta.sourcecodedisclosurecve-2012-1823.name = Source Code Disclosure - CVE-2012-1823 +ascanbeta.sourcecodedisclosurecve-2012-1823.soln = Upgrade to the latest stable version of PHP, or use the Apache web server and the mod_rewrite module to filter out malicious requests using the "RewriteCond" and "RewriteRule" directives. + +ascanbeta.ssrf.desc = The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. +ascanbeta.ssrf.name = Server Side Request Forgery +ascanbeta.ssrf.otherinfo.canaryinbody = The canary token from the out-of-band service was found in the response body. +ascanbeta.ssrf.refs = https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html +ascanbeta.ssrf.skipped = no Active Scan OAST service is selected. +ascanbeta.ssrf.soln = Do not accept remote addresses as request parameters, and if you must, ensure that they are validated against an allow-list of expected values. + +ascanbeta.text4shell.desc = Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE). +ascanbeta.text4shell.name = Text4shell (CVE-2022-42889) +ascanbeta.text4shell.refs = https://nvd.nist.gov/vuln/detail/CVE-2022-42889\nhttps://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ +ascanbeta.text4shell.skipped = no Active Scan OAST service is selected. +ascanbeta.text4shell.soln = Upgrade Apache Commons Text prior to version 1.10.0 or newer. + +ascanbeta.usernameenumeration.alert.attack = Manipulate [{0}] field: [{1}] and monitor the output +ascanbeta.usernameenumeration.alert.extrainfo = [{0}] parameter [{1}] leaks information on whether a user exists. The [{5}] differences in output, for the valid original username value [{2}], and invalid username value [{3}] are:\n[{4}] +ascanbeta.usernameenumeration.desc = It may be possible to enumerate usernames, based on differing HTTP responses when valid and invalid usernames are provided. This would greatly increase the probability of success of password brute-forcing attacks against the system. Note that false positives may sometimes be minimised by increasing the 'Attack Strength' Option in ZAP. Please manually check the 'Other Info' field to confirm if this is actually an issue. +ascanbeta.usernameenumeration.name = Possible Username Enumeration +ascanbeta.usernameenumeration.refs = https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account.html\nhttp://sebastian-schinzel.de/_download/ifip-sec2011.pdf +ascanbeta.usernameenumeration.soln = Do not divulge details of whether a username is valid or invalid. In particular, for unsuccessful login attempts, do not differentiate between an invalid user and an invalid password in the error message, page title, page contents, HTTP headers, or redirection logic. + diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_kaa.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_kaa.properties new file mode 100644 index 00000000000..12fab2ddd7a --- /dev/null +++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_kaa.properties @@ -0,0 +1,71 @@ +authhelper.auth-detect.desc = The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified. +authhelper.auth-detect.name = Authentication Request Identified +authhelper.auth-detect.soln = This is an informational alert rather than a vulnerability and so there is nothing to fix. + +authhelper.auth.method.autodetect.name = Auto-Detect Authentication +authhelper.auth.method.browser.label.browser = Browser: +authhelper.auth.method.browser.label.loginUrl = Login URL *: +authhelper.auth.method.browser.label.loginWait = Login Wait in Seconds: +authhelper.auth.method.browser.name = Browser-based Authentication +authhelper.auth.method.browser.output.sessionid = Session token identified in History ID: {0} + +authhelper.auth.test.dialog.button.copy = Copy to the Clipboard + +authhelper.auth.test.dialog.button.save = Test + +authhelper.auth.test.dialog.default-context = Authentication Test +authhelper.auth.test.dialog.error.badurl = The Login URL must start with "http://" or "https://" +authhelper.auth.test.dialog.error.nocontext = You must specify a Context +authhelper.auth.test.dialog.error.nopassword = You must specify a Password + +authhelper.auth.test.dialog.error.nourl = You must specify a Login URL +authhelper.auth.test.dialog.error.nouser = You must specify a Username +authhelper.auth.test.dialog.label.browser = Browser: +authhelper.auth.test.dialog.label.context = Context: +authhelper.auth.test.dialog.label.copy = +authhelper.auth.test.dialog.label.demo = Demo Mode: +authhelper.auth.test.dialog.label.diag = Diagnostics: +authhelper.auth.test.dialog.label.loginurl = Login URL: +authhelper.auth.test.dialog.label.password = Password: +authhelper.auth.test.dialog.label.username = Paydalanıwshı atı: +authhelper.auth.test.dialog.label.wait = Time to Wait (seconds): +authhelper.auth.test.dialog.results.found = Identified +authhelper.auth.test.dialog.results.password = Password Field +authhelper.auth.test.dialog.results.session = Session Handling +authhelper.auth.test.dialog.results.status = Status +authhelper.auth.test.dialog.results.username = Username Field +authhelper.auth.test.dialog.results.verif = Verification URL +authhelper.auth.test.dialog.status.failed = Failed +authhelper.auth.test.dialog.status.launching = Launching Browser +authhelper.auth.test.dialog.status.notstarted = Not Started +authhelper.auth.test.dialog.status.passed = Passed +authhelper.auth.test.dialog.tab.diag = Diagnostics +authhelper.auth.test.dialog.tab.test = Test + +authhelper.auth.test.dialog.title = Authentication Tester + +authhelper.desc = Authentication Helper + +authhelper.name = Authentication Helper + +authhelper.session-detect.desc = The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified. +authhelper.session-detect.name = Session Management Response Identified +authhelper.session-detect.soln = This is an informational alert rather than a vulnerability and so there is nothing to fix. + +authhelper.session.method.auto.name = Auto-Detect Session Management +authhelper.session.method.header.error.headers = You must specify at least one header +authhelper.session.method.header.error.json.parse = Unable to parse authentication response body from {0} as JSON: {1} +authhelper.session.method.header.error.value = You must specify both a header and value +authhelper.session.method.header.label.footer = Any number of headers are supported - a new row is added when any characters are added to the last field.\nThe following tokens can be used in the values:\n* {%json:path.to.data%}\tJSON authentication response data\n* {%env:env_var%}\tenvironmental variable\n* {%script:glob_var%}\tglobal script variable\n* {%header:env_var%}\tauthentication response header\n* {%url:key%}\t\tauthentication URL param +authhelper.session.method.header.label.header = Header +authhelper.session.method.header.label.value = Value +authhelper.session.method.header.name = Header-based Session Management + +authhelper.spiderajax.desc = Enables browser based authentication when performing an authenticated AJAX Spider scan. +authhelper.spiderajax.name = AJAX Spider Browser Based Authentication Support + +authhelper.topmenu.tools.authtester = Authentication Tester... + +authhelper.verification-detect.desc = The given request has been identified as a good candidate for authentication verification. If the request is in a context which has a Verification Strategy set to "Poll" but where the URL is empty then this rule will fill in the correct values. +authhelper.verification-detect.name = Verification Request Identified +authhelper.verification-detect.soln = This is an informational alert rather than a vulnerability and so there is nothing to fix. diff --git a/addOns/authstats/src/main/resources/org/zaproxy/zap/extension/authstats/resources/Messages_kaa.properties b/addOns/authstats/src/main/resources/org/zaproxy/zap/extension/authstats/resources/Messages_kaa.properties new file mode 100644 index 00000000000..23aa0d1eaf4 --- /dev/null +++ b/addOns/authstats/src/main/resources/org/zaproxy/zap/extension/authstats/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +authstats.desc = Records logged in/out statistics for all contexts in scope +authstats.name = Authentication Statistics diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_kaa.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_kaa.properties new file mode 100644 index 00000000000..ea9233c1332 --- /dev/null +++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_kaa.properties @@ -0,0 +1,437 @@ +automation.api.action.runplan = Loads and asynchronously runs the plan in the specified file, returning a planId +automation.api.view.planprogress = Returns the progress details for the specified planId + +automation.cmdline.autogenconf.help = Generate template automation file using the current configuration +automation.cmdline.autogenmax.help = Generate template automation file with all parameters +automation.cmdline.autogenmin.help = Generate template automation file with the key parameters +automation.cmdline.autorun.help = Run the automation jobs specified in the file +automation.cmdline.out.template = Writing template to {0} + +automation.desc = Provides functionality to simplify using ZAP in an automated manner + +automation.dialog.addaddon.id = Add-On Id: +automation.dialog.addaddon.title = Add-On + +automation.dialog.addjob.title = Add Job + +automation.dialog.addon.error.noname = You must specify an Add-On Id +automation.dialog.addon.installaddons = Install Add-Ons: +automation.dialog.addon.remove.confirm = Are you sure you want to remove this Add-On? +automation.dialog.addon.summary = Install: {0}, Uninstall {1} +automation.dialog.addon.table.header.addons = AddOns +automation.dialog.addon.title = Add-On Job +automation.dialog.addon.uninstalladdons = Uninstall Add-Ons: +automation.dialog.addon.updateaddons = Update Add-Ons: + +automation.dialog.addreq.data = Data: +automation.dialog.addreq.error.httpversion = The HTTP version is not valid. +automation.dialog.addreq.httpversion = HTTP Version: +automation.dialog.addreq.method = Method: +automation.dialog.addreq.name = Name: +automation.dialog.addreq.responsecode = Response Code: +automation.dialog.addreq.tab.header = Headers +automation.dialog.addreq.tab.title = Soraw +automation.dialog.addreq.title = Add Request +automation.dialog.addreq.url = URL: + +automation.dialog.addrule.error.defaults = Either the Strength or the Threshold must be non Default.\nTo set both to Default delete the rule. +automation.dialog.addrule.rule = Rule: +automation.dialog.addrule.strength = Strength: +automation.dialog.addrule.threshold = Threshold: +automation.dialog.addrule.title = Rule + +automation.dialog.addtest.test = Test: +automation.dialog.addtest.title = Add Test + +automation.dialog.alerttest.action = Action: +automation.dialog.alerttest.alertname = Alert Name (regex): +automation.dialog.alerttest.attack = Attack (regex): +automation.dialog.alerttest.confidence = Confidence: +automation.dialog.alerttest.evidence = Evidence: +automation.dialog.alerttest.method = Method (regex): +automation.dialog.alerttest.onfail = On Fail: +automation.dialog.alerttest.other = Other Info (regex): +automation.dialog.alerttest.param = Param (regex): +automation.dialog.alerttest.risk = Risk: +automation.dialog.alerttest.ruleid = Scan Rule Id: +automation.dialog.alerttest.title = Alert Test +automation.dialog.alerttest.url = URL (regex): + +automation.dialog.all.name = Job Name: +automation.dialog.all.user = Authenticated User: + +automation.dialog.ascan.addquery = Add Query Parameter: +automation.dialog.ascan.advanced = Show Advanced Options: +automation.dialog.ascan.context = Context: +automation.dialog.ascan.defaultstrength = Default Strength: +automation.dialog.ascan.defaultthreshold = Default Threshold: +automation.dialog.ascan.delayinms = Delay In MS: +automation.dialog.ascan.handleanticsrf = Handle Anti CSRF Tokens: +automation.dialog.ascan.injectid = Inject Plugin Id: +automation.dialog.ascan.maxruleduration = Max Rule Duration (in mins): +automation.dialog.ascan.maxscanduration = Max Scan Duration (in mins): +automation.dialog.ascan.policy = Policy: +automation.dialog.ascan.remove.confirm = Are you sure you want to remove this rule? +automation.dialog.ascan.scanheaders = Scan All Headers: +automation.dialog.ascan.summary = Context: {0} +automation.dialog.ascan.tab.adv = Advanced +automation.dialog.ascan.tab.policydefaults = Policy Defaults +automation.dialog.ascan.tab.policyrules = Policy Rules +automation.dialog.ascan.table.header.id = ID +automation.dialog.ascan.table.header.name = Ataması +automation.dialog.ascan.table.header.strength = Kúsh +automation.dialog.ascan.table.header.threshold = Threshold +automation.dialog.ascan.threads = Threads Per Host: +automation.dialog.ascan.title = Active Scan Job + +automation.dialog.button.add = Qosıw +automation.dialog.button.modify = Modify +automation.dialog.button.remove = Alıp taslaw + +automation.dialog.context.error.badname = You must supply a name +automation.dialog.context.error.badurl = Invalid URL: {0} +automation.dialog.context.error.excregex = Invalid ''Exclude'' RegEx: {0} +automation.dialog.context.error.incregex = Invalid ''Include'' RegEx: {0} +automation.dialog.context.error.nourls = You must specify at least one URL +automation.dialog.context.exclude = Exclude RegExs: +automation.dialog.context.include = Include RegExs: +automation.dialog.context.name = Name: +automation.dialog.context.tab.context = Context +automation.dialog.context.tab.exclude = Exclude +automation.dialog.context.tab.include = Include +automation.dialog.context.tab.tech = Technology +automation.dialog.context.title = Context +automation.dialog.context.urls = URLs: +automation.dialog.contexts.table.header.name = Ataması + +automation.dialog.default = Default + +automation.dialog.delay.error.time = Invalid time: must be of the format hh:mm:ss, mm:ss or ss +automation.dialog.delay.fileName = File Name: +automation.dialog.delay.summary = Time: {0} file name: {1} +automation.dialog.delay.time = Time: +automation.dialog.delay.title = Delay Job + +automation.dialog.env.error.nocontext = You must define at least one Context +automation.dialog.env.failonerror = Fail On Error: +automation.dialog.env.failonwarning = Fail On Warning: +automation.dialog.env.progresstostdout = Progresss To Stdout: +automation.dialog.env.remove.confirm = Are you sure you want to remove this Context? +automation.dialog.env.summary = Contexts: {0} +automation.dialog.env.tab.contexts = Contexts +automation.dialog.env.tab.vars = Variables +automation.dialog.env.table.header.key = Key +automation.dialog.env.table.header.value = Value +automation.dialog.env.title = Environment + +automation.dialog.envvar.error.badkey = You must supply a valid Key +automation.dialog.envvar.key = Key: +automation.dialog.envvar.title = Environmental Variable +automation.dialog.envvar.value = Value: + +automation.dialog.error.misc = Unexpected error: {0} +automation.dialog.error.save = Failed to save plan: {0} + +automation.dialog.header.name = Ataması +automation.dialog.header.remove.confirm = Are you sure you want to remove this header? +automation.dialog.header.table.header.name = Header Name +automation.dialog.header.table.header.value = Header Value +automation.dialog.header.title = Add Header +automation.dialog.header.value = Value + +automation.dialog.job.add = Add Job... +automation.dialog.job.movedown = Move Job Down +automation.dialog.job.moveup = Move Job Up +automation.dialog.job.remove = Remove Job... +automation.dialog.job.remove.confirm = Are you sure you want to remove this job? + +automation.dialog.monitortest.onfail = OnFail: +automation.dialog.monitortest.site = Site: +automation.dialog.monitortest.statistic = Statistic: +automation.dialog.monitortest.threshold = Threshold: +automation.dialog.monitortest.title = Monitor Test + +automation.dialog.newplan.contexts = Contexts: +automation.dialog.newplan.error.nojobs = You must select at least one job +automation.dialog.newplan.jobs = Jobs: +automation.dialog.newplan.profile = Profile: +automation.dialog.newplan.profile.baseline = Baseline +automation.dialog.newplan.profile.custom = Custom +automation.dialog.newplan.profile.full = Full Scan +automation.dialog.newplan.profile.graphql = GraphQL +automation.dialog.newplan.profile.import = Importlaw +automation.dialog.newplan.profile.openapi = OpenAPI +automation.dialog.newplan.profile.soap = SOAP +automation.dialog.newplan.title = New Plan + +automation.dialog.options = Options + +automation.dialog.plan.load = Load Plan... +automation.dialog.plan.loosechanges = The current plan has unsaved changes.\nProceed and lose these changes? +automation.dialog.plan.new = New Plan... +automation.dialog.plan.run = Run Plan... +automation.dialog.plan.save = Save Plan... +automation.dialog.plan.save-as = Save Plan As... + +automation.dialog.pscanconfig.disableallrules = Disable All Rules: +automation.dialog.pscanconfig.enabletags = Enable Tags: +automation.dialog.pscanconfig.maxalertsperrule = Max Alerts Per Rule: +automation.dialog.pscanconfig.maxbodysize = Maximum Body Size In Bytes To Scan: +automation.dialog.pscanconfig.remove.confirm = Are you sure you want to remove this Rule? +automation.dialog.pscanconfig.scanonlyinscope = Scan Only in Scope: +automation.dialog.pscanconfig.summary = Rule Count: {0} +automation.dialog.pscanconfig.tab.rules = Qaǵıydalar +automation.dialog.pscanconfig.table.header.id = ID +automation.dialog.pscanconfig.table.header.name = Ataması +automation.dialog.pscanconfig.table.header.threshold = Threshold +automation.dialog.pscanconfig.title = Passive Scan Config Job + +automation.dialog.pscanwait.maxduration = Max Duration: +automation.dialog.pscanwait.summary = Duration: {0} +automation.dialog.pscanwait.title = Passive Scan Wait Job + +automation.dialog.requestor.remove.confirm = Are you sure you want to remove this Request? +automation.dialog.requestor.summary = URL Count: {0} +automation.dialog.requestor.tab.requests = Sorawlar +automation.dialog.requestor.title = Requestor Job + +automation.dialog.requests.table.header.code = Code +automation.dialog.requests.table.header.method = Method +automation.dialog.requests.table.header.url = URL + +automation.dialog.statistictest.onfail = OnFail: +automation.dialog.statistictest.operator = Operator: +automation.dialog.statistictest.site = Site: +automation.dialog.statistictest.statistic = Statistic: +automation.dialog.statistictest.title = Statistic Test +automation.dialog.statistictest.value = Value + +automation.dialog.tab.params = Parameters + +automation.dialog.test.add = Add Test... +automation.dialog.test.alert.name = Alert Test +automation.dialog.test.monitor.name = Monitor Test +automation.dialog.test.onfail.error = Error +automation.dialog.test.onfail.info = Info +automation.dialog.test.onfail.warn = Warn +automation.dialog.test.remove = Remove Test... +automation.dialog.test.remove.confirm = Are you sure you want to remove this Test? +automation.dialog.test.statistic.name = Statistic Test +automation.dialog.test.urlpresence.name = URL Presence Test + +automation.dialog.urlpresencetest.error.requestbodyregex.invalid = Request Body Regex: {0} is not valid. Exception message: {1} +automation.dialog.urlpresencetest.error.requestheaderregex.invalid = Request Header Regex: {0} is not valid. Exception message: {1} +automation.dialog.urlpresencetest.error.responsebodyregex.invalid = Response Body Regex: {0} is not valid. Exception message: {1} +automation.dialog.urlpresencetest.error.responseheaderregex.invalid = Response Header Regex: {0} is not valid. Exception message: {1} +automation.dialog.urlpresencetest.error.url.empty = URL cannot be empty +automation.dialog.urlpresencetest.error.url.invalid = URL: {0} is not valid. Exception message: {1} +automation.dialog.urlpresencetest.onfail = OnFail: +automation.dialog.urlpresencetest.operator = Operator: +automation.dialog.urlpresencetest.operator.and = and +automation.dialog.urlpresencetest.operator.or = or +automation.dialog.urlpresencetest.requestbodyregex = Request Body Regex: +automation.dialog.urlpresencetest.requestheaderregex = Request Header Regex: +automation.dialog.urlpresencetest.responsebodyregex = Response Body Regex: +automation.dialog.urlpresencetest.responseheaderregex = Response Header Regex: +automation.dialog.urlpresencetest.title = URL Presence Test +automation.dialog.urlpresencetest.url = URL: + +automation.env.error.nocontexts = No contexts defined +automation.env.error.nourls = No URLs defined in any of the contexts +automation.env.name = Environment + +automation.error.addons.deprecated = The addOns job no longer does anything and should be removed, see https://www.zaproxy.org/docs/desktop/addons/automation-framework/job-addons/ + +automation.error.ascan.policy.name = Unrecognised active scan policy name for job {0} : {1} +automation.error.ascan.rule.unknown = Unrecognised active scan rule id for job {0} : {1} +automation.error.ascan.strength = Invalid strength for job {0} : {1} +automation.error.ascan.threshold = Invalid threshold for job {0} : {1} + +automation.error.badconfidence = Invalid confidence for job {0} : {1} +automation.error.badrisk = Invalid risk for job {0} : {1} +automation.error.badurl = Invalid URL for job {0} : {1} + +automation.error.context.badexcludelist = Exclude regexes should be a list: {0} +automation.error.context.badincludelist = Incude regexes should be a list: {0} +automation.error.context.badregex = Invalid value for regex: {0} : {1} +automation.error.context.badtech = Context technology should just include an ''exclude'' element: {0} +automation.error.context.badtechexclude = Context exclude technology should be a list: {0} +automation.error.context.badurl = Invalid URL: {0} +automation.error.context.badurlslist = Context URLs should be a list: {0} +automation.error.context.baduser = Invalid user in context: {0} +automation.error.context.baduserslist = Context users should be a list: {0} +automation.error.context.dupuser = Duplicate user in context {0} : {1} +automation.error.context.noname = Missing name for context: {0} +automation.error.context.nourl = Missing URLs for context: {0} +automation.error.context.unknown = Unrecognised context: {0} +automation.error.context.unknowntech = Unrecognised technology : {1} +automation.error.context.url.deprecated = The context 'url' field has been replaced with a 'urls' list field +automation.error.delay.badtime = Invalid time: {0} +automation.error.element.unknown = Unrecognised element for job {0} : {1} +automation.error.env.auth.field.bad = Invalid authentication {0}: {1} +automation.error.env.auth.script.bad = Cannot read authentication script: {0} +automation.error.env.auth.type.bad = Invalid authentication method: {0} +automation.error.env.badauth = Invalid authentication in context: {0} +automation.error.env.badcontext = Invalid context in environment: {0} +automation.error.env.badcontexts = Invalid contexts in environment: {0} +automation.error.env.badsessionmgmt = Invalid sessionManagement in context: {0} +automation.error.env.badvars = Invalid vars in environment: {0} +automation.error.env.badverification = Invalid verification in context: {0} +automation.error.env.missing = Missing environment: {0} +automation.error.env.nocontexts = Missing contexts in environment: {0} +automation.error.env.novar = Variable {0} used but not specified +automation.error.env.sessionmgmt.engine.bad = Invalid session management scriptEngine: {0} +automation.error.env.sessionmgmt.script.bad = Cannot read session management script: {0} +automation.error.env.sessionmgmt.script.missing = No session management script specified +automation.error.env.sessionmgmt.type.bad = Invalid session management method: {0} +automation.error.env.verification.header.bad = Invalid verification pollAdditionalHeaders: {0} +automation.error.env.verification.loginregex.bad = Invalid verification loggedInRegex: {0} +automation.error.env.verification.logoutregex.bad = Invalid verification loggedOutRegex: {0} +automation.error.env.verification.pollunits.bad = Invalid verification pollUnits: {0} +automation.error.env.verification.type.bad = Invalid verification method: {0} +automation.error.job.baduser = Job {0} unrecognised user: {1} +automation.error.job.data = Unsupported job data format: {0} +automation.error.job.internal = Job {0} internal error: {1} +automation.error.job.name = Unsupported job name format: {0} +automation.error.job.notype = Missing job type: {0} +automation.error.job.template = Failed to get template for job type: {0} +automation.error.job.unknown = Unrecognised job type: {0} +automation.error.nofile = Cannot access file: {0} +automation.error.options.badbool = Invalid value for job {0} parameter {1} - {2} should be a boolean +automation.error.options.badcall = Failed to invoke {0}.{1} : {2} +automation.error.options.badenum = Invalid value for job {0} parameter {1}: Enum value must be one of {2} +automation.error.options.badint = Invalid value for job {0} parameter {1} - {2} should be an integer +automation.error.options.badlist = Invalid value for job {0} parameter {1} - {2} should be a list +automation.error.options.badtype = Failed to set {0}.{1} due to unsupported type: {2} +automation.error.options.method = Failed to access {0} methods for {1} : {2} +automation.error.options.methods = Failed to access {0} methods for {1} +automation.error.options.unknown = Unrecognised parameter for job {0} : {1} +automation.error.pscan.nooptions = Failed to access passive scan options for job {0} +automation.error.pscan.rule.unknown = Unrecognised passive scan rule id for job {0} : {1} +automation.error.read = Cannot read file: {0} +automation.error.requestor.badcode = Job {0} has invalid response code {1} for request: {2} +automation.error.requestor.badheader = Headers should be a list: {0} +automation.error.requestor.badlist = Requests should be a list: {0} +automation.error.requestor.badnetwork = Error sending message {1} in job {0} : {2} +automation.error.requestor.badurl = Job {0} has invalid URL {1} for request : {2} +automation.error.requestor.baduser = Job {0} user {1} not found +automation.error.requestor.codemismatch = Difference in response code values for message {0} Expected : {1} Received : {2} +automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request : {2} +automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request : {2} +automation.error.requestor.norequests = Missing any requests for job {0} +automation.error.unexpected = Unexpected error accessing file {0} : {1} - see log for details +automation.error.unexpected.internal = Unexpected error {0} - see log for details +automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2} +automation.error.write = Cannot write to file: {0} + +automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running +automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2} +automation.info.ascan.rule.setthreshold = Job {0} set rule {1} threshold to {2} +automation.info.ascan.setdefstrength = Job {0} set default strength to {1} +automation.info.ascan.setdefthreshold = Job {0} set default threshold to {1} +automation.info.delay.endjob = Job {0} ended by programmatic or API call +automation.info.delay.filecreated = Job {0} ended by creation of file {1} +automation.info.delay.interrupted = Job {0} interrupted +automation.info.delay.timeout = Job {0} ended after specified time {1} +automation.info.jobend = Job {0} finished, time taken: {1} +automation.info.jobstart = Job {0} started +automation.info.jobstopped = Job {0} terminated +automation.info.pscan.rule.noid = Job {0} ignoring rule with no id +automation.info.pscan.rule.setthreshold = Job {0} set rule {1} threshold to {2} +automation.info.requrl = Job {0} requesting URL {1} +automation.info.requrluser = Job {0} requesting URL {1} with user {2} +automation.info.setparam = Job {0} set {1} = {2} +automation.info.urlsfound = Job {0} found {1} URLs + +automation.name = Automation Framework + +automation.optionspanel.name = Automation +automation.optionspanel.option.openLastPlan.label = Open Last Plan on Start + +automation.out.info = \t{0} +automation.out.title.fail = Automation plan failures: +automation.out.title.good = Automation plan succeeded! +automation.out.title.warn = Automation plan warnings: + +automation.panel.load.error = YAML file loaded with errors: {0} +automation.panel.load.failed = YAML file failed to load: {0} +automation.panel.load.warning = YAML file loaded with warnings: {0} +automation.panel.load.yaml = YAML Configuration Files +automation.panel.table.env.name = Environment +automation.panel.table.header.info = Info +automation.panel.table.header.name = Ataması +automation.panel.table.header.status = Status +automation.panel.table.header.time = Time +automation.panel.table.header.type = Type +automation.panel.table.info.config = Config: {0} +automation.panel.table.info.error = ERROR: {0} +automation.panel.table.info.ok = OK: {0} +automation.panel.table.info.warning = WARNING: {0} +automation.panel.table.status.error = ERROR +automation.panel.table.status.failed = FAILED +automation.panel.table.status.notcreated = Not created +automation.panel.table.status.notstarted = Not started +automation.panel.table.status.ok = OK +automation.panel.table.status.passed = Passed +automation.panel.table.status.running = Running +automation.panel.table.status.warning = WARNING +automation.panel.table.type.test = test: {0} +automation.panel.title = Automation + +automation.params.type.cookie = Cookie +automation.params.type.form = Form +automation.params.type.header = Header +automation.params.type.multipart = Multipart +automation.params.type.unknown = Unknown +automation.params.type.url = URL + +automation.plan.current.unsaved = The current automation plan + +automation.tests.add = Job {0} adding test of type {1} : {2} +automation.tests.alert.action.passIfAbsent = Pass if Absent +automation.tests.alert.action.passIfPresent = Pass if Present +automation.tests.alert.badregex = Job {0} has an invalid regex {1} in alert test {2} : {3} +automation.tests.alert.confidence.0 = False Positive +automation.tests.alert.confidence.1 = Tómen +automation.tests.alert.confidence.2 = Ortasha +automation.tests.alert.confidence.3 = Joqarı +automation.tests.alert.confidence.4 = Confirmed +automation.tests.alert.error.badaction = Job {0} test of type {1}: invalid action {2} +automation.tests.alert.error.invalidscanruleid = Job {0} test of type ''{1}'': invalid scanRuleId {2} +automation.tests.alert.invalidConfidence = Job {0} cannot create alert test {1}: invalid confidence {2} +automation.tests.alert.invalidJobType = Job {0} does not support test of type alert +automation.tests.alert.invalidRisk = Job {0} cannot create alert test {1}: invalid risk {2} +automation.tests.alert.nullExtension = Job {0} can not check for generated alerts as the Alert Extension is disabled +automation.tests.alert.reason = Alert with scanRuleId {0} was {1} +automation.tests.alert.risk.0 = Informational +automation.tests.alert.risk.1 = Tómen +automation.tests.alert.risk.2 = Ortasha +automation.tests.alert.risk.3 = Joqarı +automation.tests.error.badonfail = Job {0} test of type {1}: invalid onFail {2} +automation.tests.fail = Job {0} test of type {1} failed: {2} [{3}] +automation.tests.invalidOnFail = Cannot create test {0}: Invalid onFail value {1} +automation.tests.invalidType = Unknown test type {0} +automation.tests.missingOrInvalidProperties = Job {0} skipped a test of type ''{1}'' with missing or invalid properties +automation.tests.monitor.error.nostatistic = Job ''{1}'' test of type ''{0}'' missing statistic +automation.tests.monitor.error.nothreshold = Job ''{1}'' test of type ''{0}'' missing threshold +automation.tests.monitor.nullInMemoryStats = Job ''{0}'' in memory stats haven''t been initialised, monitor tests may give unexpected results +automation.tests.monitor.summary = {0}: {1} < {2} +automation.tests.monitorNotSupported = Monitor tests not supported for job {0} type {1} +automation.tests.pass = Job {0} test of type {1} passed: {2} [{3}] +automation.tests.stats.error.badoperator = Job {0} test of type {1}: invalid operator {2} +automation.tests.stats.error.nooperator = Job {0} test of type ''{1}'' missing operator +automation.tests.stats.error.nostatistic = Job {0} test of type ''{1}'' missing statistic +automation.tests.stats.error.novalue = Job {0} test of type ''{1}'' missing value +automation.tests.stats.nullInMemoryStats = Job {0} in memory stats haven''t been initialised, stats tests may give unexpected results +automation.tests.stats.summary = {0}: {1} {2} {3} +automation.tests.url.badOperator = Job {0} test of type {1}: invalid operator {2}. Allowed operators are "and" and "or". +automation.tests.url.badregex = Job {0} has an invalid regex {1} in URL test {2} : {3}. +automation.tests.url.error = Job {0} URL test {1} failed. Test Type: {2}. Error: {3}. +automation.tests.url.error.badoperator = Job {0} test of type {1}: invalid operator. +automation.tests.url.error.badurl = Job {1} test of type {0}: has bad URL {2}. Exception {3}. +automation.tests.url.error.noMessage = No HTTP message was found for Job {0} test {1} of type {2}. +automation.tests.url.fail = Job {0} test type {1} has failed. Test Name: {2}. +automation.tests.url.pass = Job {0} test type {1} has passed. Test Name: {2}. +automation.tests.url.siteTreeNotFound = Job {0} test {1} of type {2} failed: Sites tree not found. + +automation.topmenu.tools.genconffile = Generate automation file from configs ... diff --git a/addOns/beanshell/src/main/resources/org/zaproxy/zap/extension/beanshell/resources/Messages_kaa.properties b/addOns/beanshell/src/main/resources/org/zaproxy/zap/extension/beanshell/resources/Messages_kaa.properties new file mode 100644 index 00000000000..8069c0b78ab --- /dev/null +++ b/addOns/beanshell/src/main/resources/org/zaproxy/zap/extension/beanshell/resources/Messages_kaa.properties @@ -0,0 +1,10 @@ +beanshell.button.evaluate = Evaluate +beanshell.button.load = Load... +beanshell.button.save = Saqlaw +beanshell.button.saveas = Save as... +beanshell.desc = Beanshell integration +beanshell.dialog.unsaved = Script is not saved, discard? +beanshell.error.message.loading.script = An error occurred while loading the script file. +beanshell.error.message.saving.script = An error occurred while saving the script file. +beanshell.menu.title = BeanShell Console +beanshell.title = BeanShell Console diff --git a/addOns/browserView/src/main/resources/org/zaproxy/zap/extension/browserView/resources/Messages_kaa.properties b/addOns/browserView/src/main/resources/org/zaproxy/zap/extension/browserView/resources/Messages_kaa.properties new file mode 100644 index 00000000000..829d54a3fd7 --- /dev/null +++ b/addOns/browserView/src/main/resources/org/zaproxy/zap/extension/browserView/resources/Messages_kaa.properties @@ -0,0 +1,5 @@ +browserView.dialog.warn.javafx.init.error.doNotShowAgain = Do not show this message again +browserView.dialog.warn.javafx.init.error.text = An error occurred while initialising JavaFX.\nThe response view "Render HTML" will not be available.\nMake sure that JavaFX is available on your system or JRE/JDK.\nThe error was logged. +browserView.dialog.warn.javafx.init.error.title = Browser View add-on +browserView.panel.adjustheight = Adjust Height +browserView.view.name = Render HTML diff --git a/addOns/bruteforce/src/main/resources/org/zaproxy/zap/extension/bruteforce/resources/Messages_kaa.properties b/addOns/bruteforce/src/main/resources/org/zaproxy/zap/extension/bruteforce/resources/Messages_kaa.properties new file mode 100644 index 00000000000..fd2d502a454 --- /dev/null +++ b/addOns/bruteforce/src/main/resources/org/zaproxy/zap/extension/bruteforce/resources/Messages_kaa.properties @@ -0,0 +1,45 @@ +#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net) +# Note that all of the labels should be in alphabetic order, with the exception of + +bruteforce.activeActionPrefix = Forced browsing: {0} + +bruteforce.add.dirperms.error = No write access to: +bruteforce.add.duplicate.error = A custom file of the same name already exists +bruteforce.add.fail.error = Failed to add the file: +bruteforce.add.ok = Custom file installed +bruteforce.copy.popup = Kóshirip alıw +bruteforce.desc = Forced browsing of files and directories using code from the OWASP DirBuster tool +bruteforce.dir.and.children.popup = Forced Browse Directory (and Children) +bruteforce.dir.popup = Forced Browse Directory +bruteforce.options.button.addfile = Select File... +bruteforce.options.error.failCaseString.invalid = The Fail Case String should not be empty. +bruteforce.options.label.addfile = Add custom Forced Browse file: +bruteforce.options.label.browsefiles = Force Browse files +bruteforce.options.label.browsefileswithoutextension = Force Browse files without extension +bruteforce.options.label.defaultfile = Default file: +bruteforce.options.label.extensionsToMiss = File extensions to ignore (separated by ,): +bruteforce.options.label.failCaseString = Fail Case String: +bruteforce.options.label.fileextensions = File extensions (separated by ,): +bruteforce.options.label.limitRequests = Limit Requests +bruteforce.options.label.maxPort = Maximum port to scan: +bruteforce.options.label.recursive = Recursive +bruteforce.options.label.target = Target: +bruteforce.options.label.target.both = Directories and Files +bruteforce.options.label.target.dirs = Directories +bruteforce.options.label.target.files = Files +bruteforce.options.label.threads = Concurrent scanning threads per host: +bruteforce.options.title = Forced Browse +bruteforce.panel.title = Forced Browse +bruteforce.site.popup = Forced Browse Site +bruteforce.table.header.description = Description +bruteforce.table.header.port = Port +bruteforce.toolbar.ascans.label = Current Scans: +bruteforce.toolbar.button.options = Forced Browse Options +bruteforce.toolbar.button.pause = Pause Forced Browse +bruteforce.toolbar.button.start = Start Forced Browse +bruteforce.toolbar.button.stop = Stop Forced Browse +bruteforce.toolbar.button.unpause = Resume Forced Browse +bruteforce.toolbar.list.label = List: +bruteforce.toolbar.requestcount.label = | Num Requests: +bruteforce.toolbar.site.label = Site: +bruteforce.toolbar.site.select = --Select Site-- diff --git a/addOns/bugtracker/src/main/resources/org/zaproxy/zap/extension/bugtracker/resources/Messages_kaa.properties b/addOns/bugtracker/src/main/resources/org/zaproxy/zap/extension/bugtracker/resources/Messages_kaa.properties new file mode 100644 index 00000000000..05f6d66b546 --- /dev/null +++ b/addOns/bugtracker/src/main/resources/org/zaproxy/zap/extension/bugtracker/resources/Messages_kaa.properties @@ -0,0 +1,131 @@ +bugtracker.desc = Allows users to raise issues on bug trackers from within ZAP +bugtracker.dialog.add.button.confirm = Confirm +bugtracker.dialog.add.field.label.alert = Alert +bugtracker.dialog.add.field.label.config = Choose a Configuration +bugtracker.dialog.add.field.label.enabled = Enabled: +bugtracker.dialog.add.field.label.newlevel = Risk Level: +bugtracker.dialog.add.field.label.regex = URL is Regex? +bugtracker.dialog.add.field.label.tracker = Choose a Bug Tracker +bugtracker.dialog.add.field.label.url = URL: + +bugtracker.dialog.add.title = Add Issue Rule +bugtracker.dialog.manual.title = Bug Tracker: Manual Mode +bugtracker.dialog.modify.button.confirm = Confirm + +bugtracker.dialog.modify.title = Modify Issue Rule + +bugtracker.dialog.remove.button.cancel = Biykarlaw +bugtracker.dialog.remove.button.confirm = Alıp taslaw +bugtracker.dialog.remove.checkbox.label = Do not show this message again +bugtracker.dialog.remove.text = Are you sure you want to remove the selected Issue Rule? +bugtracker.dialog.remove.title = Remove Issue Rule +bugtracker.dialog.semi.title = Bug Tracker: Semi-Automatic Mode + +bugtracker.error.nofile = File not found : {0} + +bugtracker.msg.alert = *ALERT IN QUESTION* \n +bugtracker.msg.attack = *ATTACK* \n +bugtracker.msg.conf = CONF: +bugtracker.msg.cwe = CWE: +bugtracker.msg.desc = *DESCRIPTION* \n +bugtracker.msg.evidence = *EVIDENCE* \n +bugtracker.msg.otherinfo = *OTHER INFO* \n +bugtracker.msg.parameter = *PARAMETER* \n +bugtracker.msg.raised = Bug raised succesfully! +bugtracker.msg.reference = *REFERENCE* \n +bugtracker.msg.risk = RISK: +bugtracker.msg.solution = *SOLUTION* \n +bugtracker.msg.url = *URL* \n +bugtracker.msg.wasc = WASC: +bugtracker.name = Bug Tracker +bugtracker.panel.description = Change the risk rating of alerts raised by the scanners. +bugtracker.panel.newalert.fp = False Positive +bugtracker.panel.newalert.high = Joqarı +bugtracker.panel.newalert.info = Info +bugtracker.panel.newalert.low = Tómen +bugtracker.panel.newalert.medium = Ortasha +bugtracker.panel.title = Automatic Bug Tracker +bugtracker.popup.issue.manual = Raise Issue: Manual Mode +bugtracker.popup.issue.semi = Raise Issue on a Bug Tracker +bugtracker.table.header.alertid = Alert +bugtracker.table.header.config = Configuration + +bugtracker.table.header.enabled = Qosılǵan +bugtracker.table.header.newalert = Risk Level +bugtracker.table.header.tracker = Bug Tracker +bugtracker.table.header.url = URL +bugtracker.topmenu.tools.msg = Bug Tracker: Example message + +bugtracker.trackers.bugzilla.dialog.config.add.button.cancel = Biykarlaw +bugtracker.trackers.bugzilla.dialog.config.add.button.confirm = Qosıw +bugtracker.trackers.bugzilla.dialog.config.add.title = Add Bugzilla User Configuration +bugtracker.trackers.bugzilla.dialog.config.field.label.bugzillaUrl = Bugzilla URL: +bugtracker.trackers.bugzilla.dialog.config.field.label.enabled = Enabled: +bugtracker.trackers.bugzilla.dialog.config.field.label.name = Username/Email: +bugtracker.trackers.bugzilla.dialog.config.field.label.password = Password: +bugtracker.trackers.bugzilla.dialog.config.modify.button.confirm = Modify +bugtracker.trackers.bugzilla.dialog.config.modify.title = Modify Bugzilla User Configuration +bugtracker.trackers.bugzilla.dialog.config.remove.button.cancel = Biykarlaw +bugtracker.trackers.bugzilla.dialog.config.remove.button.confirm = Alıp taslaw +bugtracker.trackers.bugzilla.dialog.config.remove.checkbox.label = Do not show this message again +bugtracker.trackers.bugzilla.dialog.config.remove.text = Are you sure you want to remove the selected Configuration? +bugtracker.trackers.bugzilla.dialog.config.remove.title = Remove Bugzilla User Configuration +bugtracker.trackers.bugzilla.dialog.config.warning.name.repeated.text = A Bugzilla configuration with this username already exists. +bugtracker.trackers.bugzilla.dialog.config.warning.name.repeated.title = Duplicated Bugzilla User Name Configuration +bugtracker.trackers.bugzilla.issue.component = Component Name +bugtracker.trackers.bugzilla.issue.config = Choose a saved Configuration +bugtracker.trackers.bugzilla.issue.description = Description +bugtracker.trackers.bugzilla.issue.msg.raised = Bug raised! +bugtracker.trackers.bugzilla.issue.os = Operating System +bugtracker.trackers.bugzilla.issue.password = Password +bugtracker.trackers.bugzilla.issue.platform = Platform +bugtracker.trackers.bugzilla.issue.product = Product Name +bugtracker.trackers.bugzilla.issue.summary = Summary +bugtracker.trackers.bugzilla.issue.url = Bugzilla URL +bugtracker.trackers.bugzilla.issue.username = Username +bugtracker.trackers.bugzilla.issue.version = Version +bugtracker.trackers.bugzilla.label = Bugzilla +bugtracker.trackers.bugzilla.msg = Support coming soon +bugtracker.trackers.bugzilla.tab = Bugzilla +bugtracker.trackers.bugzilla.table.header.bugzillaUrl = Bugzilla URL +bugtracker.trackers.bugzilla.table.header.password = Password + +bugtracker.trackers.bugzilla.table.header.username = Username/Email + +bugtracker.trackers.github.dialog.config.add.button.cancel = Biykarlaw +bugtracker.trackers.github.dialog.config.add.button.confirm = Qosıw +bugtracker.trackers.github.dialog.config.add.title = Add Github User Configuration +bugtracker.trackers.github.dialog.config.field.label.enabled = Enabled: +bugtracker.trackers.github.dialog.config.field.label.name = Username/Email: +bugtracker.trackers.github.dialog.config.field.label.repoUrl = Repository URL: +bugtracker.trackers.github.dialog.config.field.label.token = Token: +bugtracker.trackers.github.dialog.config.modify.button.confirm = Modify +bugtracker.trackers.github.dialog.config.modify.title = Modify Github User Configuration +bugtracker.trackers.github.dialog.config.remove.button.cancel = Biykarlaw +bugtracker.trackers.github.dialog.config.remove.button.confirm = Alıp taslaw +bugtracker.trackers.github.dialog.config.remove.checkbox.label = Do not show this message again +bugtracker.trackers.github.dialog.config.remove.text = Are you sure you want to remove the selected Configuration? +bugtracker.trackers.github.dialog.config.remove.title = Remove Github User Configuration +bugtracker.trackers.github.dialog.config.warning.name.repeated.text = A Github configuration with this username already exists. +bugtracker.trackers.github.dialog.config.warning.name.repeated.title = Duplicated Github User Name Configuration +bugtracker.trackers.github.issue.assignee.list = Choose Assignee from Collaborators +bugtracker.trackers.github.issue.assignee.manual = Assignee +bugtracker.trackers.github.issue.body = Body +bugtracker.trackers.github.issue.config = Choose a saved Configuration +bugtracker.trackers.github.issue.labels = Labels +bugtracker.trackers.github.issue.msg.auth = Authorization Unsuccesful: Check your credentials +bugtracker.trackers.github.issue.msg.missing = Some field(s) are missing +bugtracker.trackers.github.issue.msg.param = Check all the parameters again +bugtracker.trackers.github.issue.msg.raised = Issue raised! +bugtracker.trackers.github.issue.msg.repo = The repository/resource doesnt exist +bugtracker.trackers.github.issue.repo = Repository URL (owner/repo) +bugtracker.trackers.github.issue.title = Title +bugtracker.trackers.github.issue.token = Token +bugtracker.trackers.github.issue.username = Username +bugtracker.trackers.github.tab = Github +bugtracker.trackers.github.table.header.repoUrl = Repository URL +bugtracker.trackers.github.table.header.token = Token + +bugtracker.trackers.github.table.header.username = Username/Email +bugtracker.trackers.jira.tab = JIRA +bugtracker.trackers.list = Choose a Bug Tracker diff --git a/addOns/callgraph/src/main/resources/org/zaproxy/zap/extension/callgraph/resources/Messages_kaa.properties b/addOns/callgraph/src/main/resources/org/zaproxy/zap/extension/callgraph/resources/Messages_kaa.properties new file mode 100644 index 00000000000..2091e4a4c0a --- /dev/null +++ b/addOns/callgraph/src/main/resources/org/zaproxy/zap/extension/callgraph/resources/Messages_kaa.properties @@ -0,0 +1,6 @@ +callgraph.button.centregraph = Centre The Graph +callgraph.button.zoomfit = Zoom To Fit +callgraph.popup.option = Call Graph +callgraph.popup.option.allsites = All Sites +callgraph.popup.option.onesite = One Site +callgraph.title.unknownsite = Unknown Site diff --git a/addOns/callhome/src/main/resources/org/zaproxy/addon/callhome/resources/Messages_kaa.properties b/addOns/callhome/src/main/resources/org/zaproxy/addon/callhome/resources/Messages_kaa.properties new file mode 100644 index 00000000000..c9a18a7bfb5 --- /dev/null +++ b/addOns/callhome/src/main/resources/org/zaproxy/addon/callhome/resources/Messages_kaa.properties @@ -0,0 +1,7 @@ +callhome.cmdline.notel.help = Turns off telemetry calls +callhome.desc = Handles all of the calls to ZAP services +callhome.name = Call Home +callhome.optionspanel.label.telenabled = Telemetry Enabled +callhome.optionspanel.label.tellastdata = Last Telemetry Data Sent: +callhome.optionspanel.name = Call Home +callhome.pkix.fail.message = Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore? diff --git a/addOns/codedx/src/main/resources/org/zaproxy/zap/extension/codedx/resources/Messages_kaa.properties b/addOns/codedx/src/main/resources/org/zaproxy/zap/extension/codedx/resources/Messages_kaa.properties new file mode 100644 index 00000000000..252dd662b25 --- /dev/null +++ b/addOns/codedx/src/main/resources/org/zaproxy/zap/extension/codedx/resources/Messages_kaa.properties @@ -0,0 +1,45 @@ +codedx.desc = Generates XML report that includes request and response data for each alert + +codedx.error = Error +codedx.error.client.failed = An unknown error occurred while creating the HTTP client.\nMake sure the Server URL and API Key are correct, and that the server is online. +codedx.error.client.invalid = The Server URL is not a valid URL. Please check that it is correct. +codedx.error.empty = The generated report is empty. +codedx.error.failed = The report generation failed. +codedx.error.http.400 = The server returned Error 400: Bad Request. +codedx.error.http.403 = The server returned Error 403: Forbidden.\nThe API Key may be incorrect or have insufficient permissions for this project. +codedx.error.http.404 = The server returned Error 404: Not Found.\nThe Server URL may be wrong or the project may no longer exist. +codedx.error.http.415 = The server returned Error 415: Unsupported Media Type. +codedx.error.http.other = The response code is: +codedx.error.httpMessage = No HTTP message found for alert id = {0} +codedx.error.timeout = The value entered for timeout is invalid. The timeout has been defaulted to 120 seconds. +codedx.error.unexpected = An unexpected error occurred and the report could not be sent. +codedx.error.unsent = The report could not be sent. + +codedx.message.success = The report was successfully uploaded to Code Dx. +codedx.refresh.400 = \nVerify that the Server URL is correct and that you are connecting\nwith the correct port. +codedx.refresh.403 = \nVerify that the API key is correct and active. +codedx.refresh.404 = \nVerify that the Server URL is correct. +codedx.refresh.failed = An error occurred while trying to update the project list.\nVerify that the Server URL and API Key are correct and the\nAPI Key is active. Also make sure that you are connecting\nwith the correct port. +codedx.refresh.non200 = An error occurred while trying to update the project list.\nThe server returned response code: + +codedx.refresh.noproject = No projects were found. Check that the Server URL and API Key are \ncorrect and the API Key has the appropriate permission. +codedx.setting.timeout = Timeout (seconds): +codedx.settings.apikey = API Key: +codedx.settings.cancel = Biykarlaw +codedx.settings.serverurl = Server URL: + +codedx.settings.title = Enter Code Dx Server Settings +codedx.settings.upload = Upload +codedx.ssl.acceptperm = Accept Permanently +codedx.ssl.accepttemp = Accept Temporarily +codedx.ssl.description = Unable to establish a secure connection because the certificate is not trusted +codedx.ssl.fingerprint = Fingerprint: +codedx.ssl.issuer = Issuer: +codedx.ssl.mismatch = Host Mismatch: +codedx.ssl.mismatchmsg = Expected '%s', but the certificate is for '%s'. +codedx.ssl.reject = Reject + +codedx.ssl.title = Untrusted Digital Certificate +codedx.topmenu.report.title = Code Dx: Generate XML Report +codedx.topmenu.upload.title = Code Dx: Upload Report +codedx.warning = Warning diff --git a/addOns/coreLang/src/main/resources/org/zaproxy/zap/extension/coreLang/resources/Messages_kaa.properties b/addOns/coreLang/src/main/resources/org/zaproxy/zap/extension/coreLang/resources/Messages_kaa.properties new file mode 100644 index 00000000000..e4bfd4b3d00 --- /dev/null +++ b/addOns/coreLang/src/main/resources/org/zaproxy/zap/extension/coreLang/resources/Messages_kaa.properties @@ -0,0 +1 @@ +coreLang.desc = Translations of the core language files diff --git a/addOns/custompayloads/src/main/resources/org/zaproxy/zap/extension/custompayloads/resources/Messages_kaa.properties b/addOns/custompayloads/src/main/resources/org/zaproxy/zap/extension/custompayloads/resources/Messages_kaa.properties new file mode 100644 index 00000000000..53ac97fb3d4 --- /dev/null +++ b/addOns/custompayloads/src/main/resources/org/zaproxy/zap/extension/custompayloads/resources/Messages_kaa.properties @@ -0,0 +1,27 @@ +custompayloads.desc = Ability to add, edit or remove payloads that are used i.e. by active scanners +custompayloads.name = Custom Payloads +custompayloads.options.button.addMissingDefaults = Add Missing Defaults + +custompayloads.options.button.reset = Reset to Defaults +custompayloads.options.button.resetIds = Reset IDs +custompayloads.options.dialog.addMultiplePayload.add.button.name = Qosıw +custompayloads.options.dialog.addMultiplePayload.addPayload.button.name = Add Multiple Payloads +custompayloads.options.dialog.addMultiplePayload.duplicates.checkbox.label = Prevent Duplicates +custompayloads.options.dialog.addMultiplePayload.error.text = An error occurred while importing the payloads:\n{0} +custompayloads.options.dialog.addMultiplePayload.error.title = Error Adding Payloads +custompayloads.options.dialog.addMultiplePayload.selectFile.button.name = Select File + +custompayloads.options.dialog.addMultiplePayload.title = Add Multiple Payloads +custompayloads.options.dialog.category = Category +custompayloads.options.dialog.enabled = Qosılǵan +custompayloads.options.dialog.id = ID +custompayloads.options.dialog.payload = Payload +custompayloads.options.dialog.remove.button.cancel = Biykarlaw +custompayloads.options.dialog.remove.button.confirm = Alıp taslaw +custompayloads.options.dialog.remove.label = Do not show this message again +custompayloads.options.dialog.remove.text = Are you sure you want to remove this payload? + +custompayloads.options.dialog.remove.title = Remove Payload +custompayloads.options.dialog.title = Custom Payload + +custompayloads.options.title = Custom Payloads diff --git a/addOns/diff/src/main/resources/org/zaproxy/zap/extension/diff/resources/Messages_kaa.properties b/addOns/diff/src/main/resources/org/zaproxy/zap/extension/diff/resources/Messages_kaa.properties new file mode 100644 index 00000000000..b1facb38264 --- /dev/null +++ b/addOns/diff/src/main/resources/org/zaproxy/zap/extension/diff/resources/Messages_kaa.properties @@ -0,0 +1,8 @@ +#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net) +# Note that all of the labels should be in alphabetic order, with the exception of +diff.diff.close.button = Jabıw +diff.diff.lock.check = Lock Scrolling +diff.diff.req.popup = Compare 2 Requests +diff.diff.resp.popup = Compare 2 Responses + +diff.title = Diff diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_kaa.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_kaa.properties new file mode 100644 index 00000000000..868a228eaa0 --- /dev/null +++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_kaa.properties @@ -0,0 +1,3 @@ +domxss.desc = DOM XSS Active Scan Rule +domxss.name = Cross Site Scripting (DOM Based) +domxss.skipped.reason.browsererror = failed to start or connect to the browser diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_kaa.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_kaa.properties new file mode 100644 index 00000000000..c87bb3152fc --- /dev/null +++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_kaa.properties @@ -0,0 +1,72 @@ +encoder.desc = Adds support for scriptable encoders to ZAP. + +encoder.dialog.addoutput = Add New Output Panel to Current Tab +encoder.dialog.addoutputpanel.button.confirm = Qosıw +encoder.dialog.addoutputpanel.field.name.label = Ataması +encoder.dialog.addoutputpanel.field.scripts.label = Script +encoder.dialog.addoutputpanel.title = Add New Output Panel to Current Tab +encoder.dialog.addtab = Add New Tab +encoder.dialog.addtab.button.confirm = Qosıw +encoder.dialog.addtab.field.name.label = Ataması +encoder.dialog.addtab.title = Add New Tab +encoder.dialog.deletetab = Remove Selected Tab +encoder.dialog.encodedecode.notfound = encoder/decoder/hash... not found, disabled or an error occurred +encoder.dialog.field.input.label = Text to be encoded/decoded/hashed: +encoder.dialog.options = Options +encoder.dialog.reset.button.title = Reset +encoder.dialog.reset.button.tooltip = Reset all tabs and output panels to default. +encoder.dialog.reset.confirm = All Encode/Decode/Hash tabs and output panels will be restored to their default state. Continue? +encoder.dialog.title = Encode/Decode/Hash + +encoder.name = Encoder Addon + +encoder.optionspanel.base64 = Base64 +encoder.optionspanel.base64.breaklines = Break Lines: +encoder.optionspanel.base64.charset = Charset: +encoder.optionspanel.hashers = Hashers +encoder.optionspanel.hashers.output.lowercase = Always output lower case? +encoder.optionspanel.name = Encode/Decode + +encoder.popup.delete = Delete Output Panel +encoder.popup.replace.input = Replace Input Text +encoder.popup.title = Encode/Decode/Hash... + +encoder.predefined.base64decode = Base64 Decode +encoder.predefined.base64encode = Base64 Encode +encoder.predefined.base64urldecode = Base64 URL Decode +encoder.predefined.base64urlencode = Base64 URL Encode +encoder.predefined.fullhtmlencode = Full HTML Encode +encoder.predefined.fullurldecode = Full URL Decode +encoder.predefined.fullurlencode = Full URL Encode +encoder.predefined.hexdecode = ASCII Hex Decode +encoder.predefined.hexencode = ASCII Hex Encode +encoder.predefined.htmldecode = HTML Decode +encoder.predefined.htmlencode = HTML Encode +encoder.predefined.illegalutf8with2byteencoder = 2 Byte Illegal UTF8 +encoder.predefined.illegalutf8with3byteencoder = 3 Byte Illegal UTF8 +encoder.predefined.illegalutf8with4byteencoder = 4 Byte Illegal UTF8 +encoder.predefined.javascriptdecode = JavaScript Decode +encoder.predefined.javascriptencode = JavaScript Encode +encoder.predefined.lowercase = To Lower Case +encoder.predefined.md5hash = MD5 Hash +encoder.predefined.powershellencode = PowerShell Encode +encoder.predefined.removewhitespace = Remove Whitespace +encoder.predefined.reverse = Reverse +encoder.predefined.sha1hash = SHA1 Hash +encoder.predefined.sha256hash = SHA256 Hash +encoder.predefined.tab.decode = Decode +encoder.predefined.tab.encode = Encode +encoder.predefined.tab.hash = Hash +encoder.predefined.tab.illegalUTF8 = Illegal UTF8 +encoder.predefined.tab.unicode = Unicode +encoder.predefined.unicodedecode = Unicode Unescaped Text +encoder.predefined.unicodeencode = Unicode Escaped Text +encoder.predefined.uppercase = To Upper Case +encoder.predefined.urldecode = URL Decode +encoder.predefined.urlencode = URL Encode + +encoder.scripts.helper.processor.fallback = The requested processor {0} could not be found. +encoder.scripts.interface.error = The provided Encode/Decode script ({0}) does not implement the required interface.\nPlease refer to the provided templates for examples. +encoder.scripts.type.encodedecode = Encode/Decode + +encoder.tools.menu.encdec = Encode/Decode/Hash... diff --git a/addOns/exim/src/main/resources/org/zaproxy/addon/exim/resources/Messages_kaa.properties b/addOns/exim/src/main/resources/org/zaproxy/addon/exim/resources/Messages_kaa.properties new file mode 100644 index 00000000000..4deddca0cba --- /dev/null +++ b/addOns/exim/src/main/resources/org/zaproxy/addon/exim/resources/Messages_kaa.properties @@ -0,0 +1,87 @@ +exim.api.action.importHar = Imports a HAR file. +exim.api.action.importModsec2Logs = Imports ModSecurity2 logs from the file with the given file system path. +exim.api.action.importUrls = Imports URLs (one per line) from the file with the given file system path. +exim.api.action.importZapLogs = Imports previously exported ZAP messages from the file with the given file system path. +exim.api.desc = Export/Import functionality. +exim.api.other.exportHar = Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages +exim.api.other.exportHar.param.baseurl = The URL below which messages should be included. +exim.api.other.exportHar.param.count = The number of results to return. +exim.api.other.exportHar.param.start = The position (or offset) within the results to use as a starting position for the information returned. +exim.api.other.exportHarById = Gets the HTTP messages with the given IDs, in HAR format. +exim.api.other.exportHarById.param.ids = The ID (number(s)) of the message(s) to be returned. +exim.api.other.sendHarRequest = Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope. +exim.api.other.sendHarRequest.param.followRedirects = True if redirects should be followed, false otherwise. +exim.api.other.sendHarRequest.param.request = The raw JSON of a HAR request. + +exim.automation.desc = Import/Export Automation Framework Integration +exim.automation.import.dialog.filename = File: +exim.automation.import.dialog.name = Job Name: +exim.automation.import.dialog.summary = Type: {0}, File: {1} +exim.automation.import.dialog.title = Import Job +exim.automation.import.dialog.type = Type: +exim.automation.import.error = Error importing the file {0} as {1} +exim.automation.import.error.file = Job {0} cannot read file: {1} +exim.automation.import.error.nofile = Cannot access file: {0} +exim.automation.import.error.type = Job {0} Invalid type: {1} +exim.automation.name = Import/Export Automation + +exim.description = Import and Export functionality supporting multiple formats. + +exim.file.save.error = Error saving file to {0}. + +exim.har.file.description = HTTP Archive File (*.har) +exim.har.file.import.error = Could not import the file {0} +exim.har.file.save.error = Error saving file to {0}. +exim.har.popup.option = Save Selected Entries as HAR (HTTP Archive File) +exim.har.topmenu.import.importhar = Import HAR (HTTP Archive File) +exim.har.topmenu.import.importhar.tooltip = Import a HTTP Archive File and add the messages to the sites tree and history panel. + +exim.importLogFiles.choosefile.filter.log.description = Log File (*.log) +exim.importLogFiles.choosefile.filter.raw.description = Raw Binary (*.raw) +exim.importLogFiles.choosefile.filter.txt.description = Text File (*.txt) +exim.importLogFiles.choosefile.message = Input type: +exim.importLogFiles.choosefile.title = Select Input Type +exim.importLogFiles.import.menu.label = Import URLs from Logs or raw Files... +exim.importLogFiles.log.type.modsec2 = ModSecurity2 Logs +exim.importLogFiles.log.type.zap = ZAP Messages + +exim.importurls.topmenu.import = Import a File Containing URLs +exim.importurls.topmenu.import.tooltip = The file must be plain text with one URL per line.\nBlank lines and lines starting with a # are ignored. +exim.importurls.warn.scheme = "{0}" does not have a scheme. + +exim.menu.copyurls.popup = Copy URLs to Clipboard +exim.menu.export = Eksportlaw +exim.menu.export.context.urls = Export URLs for Context(s) +exim.menu.export.messages.popup = Export Messages to File... +exim.menu.export.messages.select.warning = Select HTTP messages in History panel before export to file. +exim.menu.export.mnemonic = E +exim.menu.export.popup = Export All URLs to File... +exim.menu.export.popup.context.error = Please select a Context. +exim.menu.export.popup.selected = Export Selected URLs to File... +exim.menu.export.responses.popup = Export Response(s) to File... +exim.menu.export.urls.save.error = Error saving file to {0} + +exim.options.value.type.har = HAR (HTTP Archive File) +exim.options.value.type.modsec2 = ModSecurity2 Logs +exim.options.value.type.url = File Containing URLs +exim.options.value.type.zapmessages = ZAP Messages + +exim.output.end = Done importing {0} +exim.output.error = Error importing {0} +exim.output.start = Importing {0} + +exim.popup.option.all = All +exim.popup.option.body = Body +exim.popup.option.header = Header +exim.popup.option.request = Soraw +exim.popup.option.response = Response + +exim.progress.currentimport = Importing: {0} + +exim.saveraw.file.description = Raw Binary (*.raw) +exim.saveraw.popup.option = Save Raw + +exim.savexml.file.description = XML with Base64 Encoded Components (*.xml) +exim.savexml.popup.option = Save XML + +exim.ui.name = Import/Export diff --git a/addOns/formhandler/src/main/resources/org/zaproxy/zap/extension/formhandler/resources/Messages_kaa.properties b/addOns/formhandler/src/main/resources/org/zaproxy/zap/extension/formhandler/resources/Messages_kaa.properties new file mode 100644 index 00000000000..20524524367 --- /dev/null +++ b/addOns/formhandler/src/main/resources/org/zaproxy/zap/extension/formhandler/resources/Messages_kaa.properties @@ -0,0 +1,25 @@ +formhandler.options.desc = This extension allows a user to change the default values used for generated content (e.g. spiders, importers). +formhandler.options.dialog.field.add.button.confirm = Qosıw +formhandler.options.dialog.field.add.title = Add a New Field Name and Value +formhandler.options.dialog.field.field.label.enabled = Enabled: +formhandler.options.dialog.field.field.label.name = Name: +formhandler.options.dialog.field.field.label.regex = Regex: +formhandler.options.dialog.field.field.label.value = Value: +formhandler.options.dialog.field.modify.button.confirm = Modify +formhandler.options.dialog.field.modify.title = Modify a Field +formhandler.options.dialog.field.remove.button.cancel = Biykarlaw +formhandler.options.dialog.field.remove.button.confirm = Alıp taslaw +formhandler.options.dialog.field.remove.checkbox.label = Do not show this message again +formhandler.options.dialog.field.remove.text = Are you sure you want to remove the selected field. +formhandler.options.dialog.field.remove.title = Remove a Field +formhandler.options.dialog.field.warning.bad.regex.text = The provided regex was invalid. +formhandler.options.dialog.field.warning.bad.regex.title = Invalid Regex +formhandler.options.dialog.field.warning.name.repeated.text = A field with the given field name already exists. +formhandler.options.dialog.field.warning.name.repeated.title = Duplicated Field Name +formhandler.options.label.description = This Value Generator extension allows for the custom configuration of values submitted to sites/apps based on input names. Newly created field names must match the field name in the functionality being processed. The field name is not case sensitive, however the values are and will be reflected in use. If only a field name is provided then an empty string will be used as a value. If a field does not match any defined in the extension then it will be passed to the Default Value Generator, which may not provide proper values. +formhandler.options.table.column.enabled = Qosılǵan +formhandler.options.table.column.field = Field Name +formhandler.options.table.column.regex = Regex +formhandler.options.table.column.value = Value +formhandler.options.title = Value Generator +formhandler.popup.menu.params.add.label = Add Value Generator Field diff --git a/addOns/frontendscanner/src/main/resources/org/zaproxy/zap/extension/frontendscanner/resources/Messages_kaa.properties b/addOns/frontendscanner/src/main/resources/org/zaproxy/zap/extension/frontendscanner/resources/Messages_kaa.properties new file mode 100644 index 00000000000..724ff1287e6 --- /dev/null +++ b/addOns/frontendscanner/src/main/resources/org/zaproxy/zap/extension/frontendscanner/resources/Messages_kaa.properties @@ -0,0 +1,10 @@ +frontendscanner.api.action.setOptionEnabled = Sets whether or not the front-end scanner is enabled. +frontendscanner.api.view.optionEnabled = Tells whether or not the front-end scanner is enabled. + +frontendscanner.desc = Scan modern web applications + +frontendscanner.scripts.type.active = Client-side Active Rules +frontendscanner.scripts.type.passive = Client-side Passive Rules + +frontendscanner.toolbar.button.off.tooltip = Enable the Front-end Scanner +frontendscanner.toolbar.button.on.tooltip = Disable the Front-end Scanner diff --git a/addOns/fuzz/src/main/resources/org/zaproxy/zap/extension/fuzz/resources/Messages_kaa.properties b/addOns/fuzz/src/main/resources/org/zaproxy/zap/extension/fuzz/resources/Messages_kaa.properties new file mode 100644 index 00000000000..d8642302085 --- /dev/null +++ b/addOns/fuzz/src/main/resources/org/zaproxy/zap/extension/fuzz/resources/Messages_kaa.properties @@ -0,0 +1,396 @@ +fuzz.activeActionPrefix = Fuzzing: {0} + +fuzz.category.custom = Custom fuzzers + +fuzz.description = Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations. + +fuzz.fuzzer.dialog.add.messageprocessor.button.confirm = Qosıw +fuzz.fuzzer.dialog.add.messageprocessor.label.type = Type: +fuzz.fuzzer.dialog.add.messageprocessor.title = Add Message Processor +fuzz.fuzzer.dialog.add.payload.button.confirm = Qosıw +fuzz.fuzzer.dialog.add.payload.label.type = Type: +fuzz.fuzzer.dialog.add.payload.title = Add Payload +fuzz.fuzzer.dialog.add.processor.button.confirm = Qosıw +fuzz.fuzzer.dialog.add.processor.label.type = Type: +fuzz.fuzzer.dialog.add.processor.title = Add Processor +fuzz.fuzzer.dialog.button.edit = Edit +fuzz.fuzzer.dialog.button.edit.tooltip = Note that this will clear all of the fuzzer locations +fuzz.fuzzer.dialog.button.reset = Reset +fuzz.fuzzer.dialog.button.save = Saqlaw +fuzz.fuzzer.dialog.button.save.tooltip = You will need to Save before you can define any fuzzer locations +fuzz.fuzzer.dialog.button.start = Start Fuzzer +fuzz.fuzzer.dialog.messagelocations.button.payloads.label = Payloads... +fuzz.fuzzer.dialog.messagelocations.button.payloads.tooltip = Allows to manage the payloads of the selected location. +fuzz.fuzzer.dialog.messagelocations.button.processors.label = Processors... +fuzz.fuzzer.dialog.messagelocations.button.processors.tooltip = Allows to manage the processors of the selected location. +fuzz.fuzzer.dialog.messagelocations.dialog.processors.button.confirm = OK +fuzz.fuzzer.dialog.messagelocations.dialog.processors.location.label = Location: +fuzz.fuzzer.dialog.messagelocations.dialog.processors.processors.label = Processors: +fuzz.fuzzer.dialog.messagelocations.dialog.processors.title = Fuzz Location Processors +fuzz.fuzzer.dialog.messagelocations.dialog.processors.value.label = Value: +fuzz.fuzzer.dialog.messagelocations.dialog.remove.processor.button.cancel = Biykarlaw +fuzz.fuzzer.dialog.messagelocations.dialog.remove.processor.button.confirm = Alıp taslaw +fuzz.fuzzer.dialog.messagelocations.dialog.remove.processor.checkbox.label = Do not show this message again +fuzz.fuzzer.dialog.messagelocations.dialog.remove.processor.text = Are you sure you want to remove the selected processor? +fuzz.fuzzer.dialog.messagelocations.dialog.remove.processor.title = Remove Processor +fuzz.fuzzer.dialog.messagelocations.locations.label = Fuzz Locations: +fuzz.fuzzer.dialog.modify.messageprocessor.button.confirm = Modify +fuzz.fuzzer.dialog.modify.messageprocessor.label.type = Type: +fuzz.fuzzer.dialog.modify.messageprocessor.title = Modify Message Processor +fuzz.fuzzer.dialog.modify.payload.button.confirm = Modify +fuzz.fuzzer.dialog.modify.payload.label.type = Type: +fuzz.fuzzer.dialog.modify.payload.title = Modify Payload +fuzz.fuzzer.dialog.modify.processor.button.confirm = Modify +fuzz.fuzzer.dialog.modify.processor.label.type = Type: +fuzz.fuzzer.dialog.modify.processor.title = Modify Processor +fuzz.fuzzer.dialog.payloads.button.confirm = OK +fuzz.fuzzer.dialog.payloads.button.move.payload.bottom = Bottom +fuzz.fuzzer.dialog.payloads.button.move.payload.bottom.tooltip = Moves the selected payload to bottom position. +fuzz.fuzzer.dialog.payloads.button.move.payload.down = Down +fuzz.fuzzer.dialog.payloads.button.move.payload.down.tooltip = Moves the selected payload down one position. +fuzz.fuzzer.dialog.payloads.button.move.payload.top = Top +fuzz.fuzzer.dialog.payloads.button.move.payload.top.tooltip = Moves the selected payload to top position. +fuzz.fuzzer.dialog.payloads.button.move.payload.up = Up +fuzz.fuzzer.dialog.payloads.button.move.payload.up.tooltip = Moves the selected payload up one position. +fuzz.fuzzer.dialog.payloads.button.processors = Processors... +fuzz.fuzzer.dialog.payloads.button.processors.tooltip = Allows to manage the processors of the selected payload. +fuzz.fuzzer.dialog.payloads.dialog.processors.button.confirm = OK +fuzz.fuzzer.dialog.payloads.dialog.processors.processors.label = Processors: +fuzz.fuzzer.dialog.payloads.dialog.processors.title = Payload Processors +fuzz.fuzzer.dialog.payloads.dialog.remove.processor.button.cancel = Biykarlaw +fuzz.fuzzer.dialog.payloads.dialog.remove.processor.button.confirm = Alıp taslaw +fuzz.fuzzer.dialog.payloads.dialog.remove.processor.checkbox.label = Do not show this message again +fuzz.fuzzer.dialog.payloads.dialog.remove.processor.text = Are you sure you want to remove the selected processor? +fuzz.fuzzer.dialog.payloads.dialog.remove.processor.title = Remove Processor +fuzz.fuzzer.dialog.payloads.messagelocation.label.location = Location: +fuzz.fuzzer.dialog.payloads.messagelocation.label.value = Value: +fuzz.fuzzer.dialog.payloads.payloads.label = Payloads: +fuzz.fuzzer.dialog.payloads.title = Payloads +fuzz.fuzzer.dialog.remove.fuzzerMessageProcessor.button.cancel = Biykarlaw +fuzz.fuzzer.dialog.remove.fuzzerMessageProcessor.button.confirm = Alıp taslaw +fuzz.fuzzer.dialog.remove.fuzzerMessageProcessor.checkbox.label = Do not show this message again +fuzz.fuzzer.dialog.remove.fuzzerMessageProcessor.text = Are you sure you want to remove the selected message processor? +fuzz.fuzzer.dialog.remove.fuzzerMessageProcessor.title = Remove Message Processor +fuzz.fuzzer.dialog.remove.payload.button.cancel = Biykarlaw +fuzz.fuzzer.dialog.remove.payload.button.confirm = Alıp taslaw +fuzz.fuzzer.dialog.remove.payload.checkbox.label = Do not show this message again +fuzz.fuzzer.dialog.remove.payload.text = Are you sure you want to remove the selected payload? +fuzz.fuzzer.dialog.remove.payload.title = Remove Payload +fuzz.fuzzer.dialog.tab.fuzzLocations = Fuzz Locations +fuzz.fuzzer.dialog.tab.messageprocessors = Message Processors +fuzz.fuzzer.dialog.tab.options = Options +fuzz.fuzzer.dialog.tab.options.label.maxErrorsAllowedEnabled = Limit maximum errors: +fuzz.fuzzer.dialog.title = Fuzzer +fuzz.fuzzer.dialog.warn.badmessage = A valid message is required for fuzzing +fuzz.fuzzer.dialog.warn.editMode = You must Save your message before fuzzing.\nYou will also need to define at least one new fuzz location. +fuzz.fuzzer.dialog.warn.noFuzzLocations = No fuzz locations, at least one fuzz location must be added to start the fuzzer. +fuzz.fuzzer.dialog.warn.noPayloadsSomeLocations = Some fuzz locations do not have any payload set.\nAt least one payload must be added to start the fuzzer. +fuzz.fuzzer.messagelocations.table.header.numberOfPayloads = # of Payloads +fuzz.fuzzer.messagelocations.table.header.numberOfProcessors = # of Processors +fuzz.fuzzer.messageprocessors.table.header.description = Description +fuzz.fuzzer.messageprocessors.table.header.name = Ataması +fuzz.fuzzer.messageprocessors.table.header.order = # +fuzz.fuzzer.payloads.table.header.description = Description +fuzz.fuzzer.payloads.table.header.numberOfProcessors = # of Processors +fuzz.fuzzer.payloads.table.header.order = # +fuzz.fuzzer.payloads.table.header.type = Type +fuzz.fuzzer.processors.button.generatePreview.label = Generate Preview +fuzz.fuzzer.processors.button.lockScroll.label = Lock Scroll +fuzz.fuzzer.processors.currentPayloads.label = Current Payloads: +fuzz.fuzzer.processors.payloadsPreview.error = Failed to create preview. +fuzz.fuzzer.processors.processedPayloads.label = Processed Payloads: +fuzz.fuzzer.processors.table.header.description = Description +fuzz.fuzzer.processors.table.header.order = # +fuzz.fuzzer.processors.table.header.type = Type +fuzz.fuzzer.tab.initialMessage = To fuzz a request string:
  • Select a request in one of the tabs that displays messages;
  • Highlight one of the strings you wish to fuzz in the Request tab;
  • Right click in the Request tab and select 'Fuzz...';
  • The selected location will be added to the table of 'Fuzz Locations' and it'sready to accept payloads. After selecting the button 'Payloads...', a new dialogue isshown which allows to manage the payloads of the selected location;
  • New 'Fuzz Locations' can be added by selecting the position or string in messageshown at the left panels, once the location is chosen it can be added by pressing the'Add...' button of the 'Fuzz Locations' table;
  • More options are available in the 'Options' tab allowing to configure with moredetail the fuzz process;
  • Once at least one 'Fuzz Location' has been defined press the 'Start Fuzzer'button to start the fuzzing;
  • The results will then be listed in this tab - select them to see the fullrequests and responses.
  • It's also possible to open the 'Fuzzer' dialogue by selecting a message and choosing 'Attack' > 'Fuzz...'.
+ +fuzz.httpfuzzer.description = Allows to fuzz HTTP messages. +fuzz.httpfuzzer.error.message = Failed to send the fuzzed message: {0} +fuzz.httpfuzzer.error.source = HTTP Fuzzer +fuzz.httpfuzzer.fuzzerNamePrefix = HTTP - {0} +fuzz.httpfuzzer.messagetype = HTTP +fuzz.httpfuzzer.messagetype.result = Fuzzed +fuzz.httpfuzzer.messagetype.result.originalMessage = Original +fuzz.httpfuzzer.name = HTTP Fuzzer +fuzz.httpfuzzer.options.label.followredirects = Follow Redirects: +fuzz.httpfuzzer.options.label.showredirects = Show redirect messages: +fuzz.httpfuzzer.popup.menu.item.attack = Fuzz... +fuzz.httpfuzzer.processor.acsrffuzz.description = Refresh anti-CSRF token: {0} +fuzz.httpfuzzer.processor.acsrffuzz.message.error = Failed to refresh Anti-CSRF token, request failed. +fuzz.httpfuzzer.processor.acsrffuzz.message.name = Anti-CSRF Token Refresh +fuzz.httpfuzzer.processor.acsrffuzz.name = Anti-CSRF Token Refresher +fuzz.httpfuzzer.processor.acsrffuzz.panel.label.name = Token name: +fuzz.httpfuzzer.processor.acsrffuzz.panel.label.prev = Previous value: +fuzz.httpfuzzer.processor.acsrffuzz.panel.label.showtokens = Show token requests: +fuzz.httpfuzzer.processor.acsrffuzz.panel.label.source = Source URL: +fuzz.httpfuzzer.processor.acsrffuzz.panel.label.target = Target URL: +fuzz.httpfuzzer.processor.reflection.customStateName = Reflected +fuzz.httpfuzzer.processor.reflection.description = Detect payloads reflected in response +fuzz.httpfuzzer.processor.reflection.name = Payload Reflection Detector +fuzz.httpfuzzer.processor.requestContentLengthUpdater.description = Updates the Content-Length of the request header +fuzz.httpfuzzer.processor.requestContentLengthUpdater.name = Request Content-Length Updater +fuzz.httpfuzzer.processor.scriptProcessor.error.persistMessageForAlert = An error occurred while persisting the message for an alert. +fuzz.httpfuzzer.processor.scriptProcessor.name = Fuzzer HTTP Processor (Script) +fuzz.httpfuzzer.processor.scriptProcessor.panel.script.label = Script: +fuzz.httpfuzzer.processor.scriptProcessor.panel.warn.title = Incorrect Input +fuzz.httpfuzzer.processor.scriptProcessor.panel.warnNoScript.message = No script selected, a script must be selected first. +fuzz.httpfuzzer.processor.scriptProcessor.panel.warnNoScript.title = No Script Selected +fuzz.httpfuzzer.processor.scriptProcessor.warnNoInterface.message = The script {0} does not implement the required interface.\nPlease take a look at the provided templates for examples. +fuzz.httpfuzzer.processor.scriptProcessor.warnNoInterface.title = Script Incorrect Implementation +fuzz.httpfuzzer.processor.tagcreator.desc = Analyse response and tag it if configured Regex is matching +fuzz.httpfuzzer.processor.tagcreator.extractbyregex.name = Extract +fuzz.httpfuzzer.processor.tagcreator.extractbyregex.regex = Regex: +fuzz.httpfuzzer.processor.tagcreator.matchbyregex.name = Match +fuzz.httpfuzzer.processor.tagcreator.matchbyregex.regex = Regex: +fuzz.httpfuzzer.processor.tagcreator.matchbyregex.tag = Tag: +fuzz.httpfuzzer.processor.tagcreator.name = Tag Creator +fuzz.httpfuzzer.processor.tagcreator.validation.messageboxtitle = Please verify the data you have entered +fuzz.httpfuzzer.processor.tagcreator.validation.regexatleastonegroup = The entered regular expression needs at least one group. +fuzz.httpfuzzer.processor.tagcreator.validation.regexsyntaxerror = The entered regular expression has a syntax error:\r\n{0} +fuzz.httpfuzzer.processor.tagcreator.validation.textfieldsarerequired = All text fields in the selected group are required. +fuzz.httpfuzzer.processor.userMessageProcessor.description = Sends message as "{0}" (Context #{1}) +fuzz.httpfuzzer.processor.userMessageProcessor.name = User Message Processor +fuzz.httpfuzzer.processor.userMessageProcessor.panel.context.label = Context: +fuzz.httpfuzzer.processor.userMessageProcessor.panel.user.label = Paydalanıwshı: +fuzz.httpfuzzer.processor.userMessageProcessor.panel.validation.dialog.message = A user must be selected to add the processor. +fuzz.httpfuzzer.processor.userMessageProcessor.panel.validation.dialog.title = No User Selected +fuzz.httpfuzzer.results.error.message.failedSendOriginalMessage = Failed to obtain the response of original message: {0} +fuzz.httpfuzzer.results.error.message.maxErrorsReached = Stopping scan, maximum number of errors reached. +fuzz.httpfuzzer.results.error.message.removedProcessorOnError = Removed message processor ''{0}'' because of errors. +fuzz.httpfuzzer.results.error.source.httpfuzzer = HTTP Fuzzer +fuzz.httpfuzzer.results.tab.errors = Errors +fuzz.httpfuzzer.results.tab.errors.table.header.message = Error Message +fuzz.httpfuzzer.results.tab.errors.table.header.source = Source +fuzz.httpfuzzer.results.tab.errors.table.header.taskId = Task ID +fuzz.httpfuzzer.results.tab.messages = Messages +fuzz.httpfuzzer.results.tab.messages.table.header.payloads = Payloads +fuzz.httpfuzzer.results.tab.messages.table.header.state = State +fuzz.httpfuzzer.results.tab.messages.table.header.taskId = Task ID +fuzz.httpfuzzer.results.tab.messages.table.header.type = Message Type +fuzz.httpfuzzer.results.toolbar.button.export = Eksportlaw +fuzz.httpfuzzer.results.toolbar.button.export.defaultName = Untitled.csv +fuzz.httpfuzzer.results.toolbar.button.export.showMessageError = Error while exporting: +fuzz.httpfuzzer.results.toolbar.button.export.showMessageSuccessful = Export successful! +fuzz.httpfuzzer.results.toolbar.button.showErrors.label = Show Errors +fuzz.httpfuzzer.results.toolbar.button.showErrors.label.selected = Hide Errors +fuzz.httpfuzzer.results.toolbar.button.showErrors.tooltip = Show 'Errors' tab, with all the errors that occurred while fuzzing +fuzz.httpfuzzer.results.toolbar.button.showErrors.tooltip.disabled = No errors to show +fuzz.httpfuzzer.results.toolbar.button.showErrors.tooltip.selected = Hide 'Errors' tab +fuzz.httpfuzzer.results.toolbar.errors = Errors: +fuzz.httpfuzzer.results.toolbar.messagesSent = Messages Sent: +fuzz.httpfuzzer.script.type.fuzzerprocessor = Fuzzer HTTP Processor +fuzz.httpfuzzer.script.type.fuzzerprocessor.desc = Scripts that can control the HTTP fuzzer, process the fuzzed HTTP message, and manage its results.\n\nMust be enabled to be used, disabled scripts are not shown in the Fuzzer dialogue. +fuzz.httpfuzzer.searcher.name = HTTP Fuzzer Results +fuzz.httpfuzzer.select.message.dialogue.error.dialog.message = An error occurred while getting the message. +fuzz.httpfuzzer.select.message.dialogue.error.dialog.title = Error Getting Message +fuzz.httpfuzzer.select.message.dialogue.rootNode = Sites +fuzz.httpfuzzer.select.message.dialogue.validation.dialog.message = A message must be selected to show the fuzzer dialogue. +fuzz.httpfuzzer.select.message.dialogue.validation.dialog.title = No Message Selected + +fuzz.menu.tools.fuzz = Fuzz... + +fuzz.name = Advance Fuzzer + +fuzz.options.add.file.dirperms.error = No write access to: +fuzz.options.add.file.duplicate.error = A custom file of the same name already exists.\nDo you want to overwrite it? +fuzz.options.add.file.duplicate.error.button.confirm = Overwrite +fuzz.options.add.file.duplicate.error.title = File Already Exists +fuzz.options.add.file.fail.error = Failed to add the file: +fuzz.options.add.file.fail.error.create.dirs = Failed to create target directory:\n{0}\nIs it writable? +fuzz.options.add.file.ok = Custom file installed +fuzz.options.button.addfile = Select File... +fuzz.options.label.addfile = Add Custom Fuzz File: +fuzz.options.label.category = Default Category: +fuzz.options.label.delayInMs = Delay when Fuzzing (in milliseconds): +fuzz.options.label.maxErrorsAllowed = Max. Errors Allowed: +fuzz.options.label.maxFinishedFuzzersInUI = Finished Fuzzers in UI: +fuzz.options.label.payloadReplacementStrategy = Payload Replacement Strategy: +fuzz.options.label.payloadReplacementStrategy.breadthFirst = Breadth First +fuzz.options.label.payloadReplacementStrategy.depthFirst = Depth First +fuzz.options.label.retriesOnIOError = Retries on IO Error: +fuzz.options.label.threads = Concurrent Scanning Threads per Scan: +fuzz.options.title = Fuzzer + +fuzz.panel.mnemonic = f +fuzz.panel.popup.add.site.history.label = Add to Sites Tree & History +fuzz.panel.popup.add.site.history.tag = FromFuzzer +fuzz.panel.title = Fuzzer + +fuzz.payload.processor.base64Decode.description = Using encoding ''{0}'' +fuzz.payload.processor.base64Decode.name = Base64 Decode +fuzz.payload.processor.base64Encode.breakLines.label = Break Lines: +fuzz.payload.processor.base64Encode.breakLines.tooltip = Sets if the lines should be break at 72 characters. +fuzz.payload.processor.base64Encode.description.base = Using encoding ''{0}''{1} +fuzz.payload.processor.base64Encode.description.breakLines = \ and with break lines +fuzz.payload.processor.base64Encode.name = Base64 Encode +fuzz.payload.processor.charset.charset.label = Character Encoding: +fuzz.payload.processor.expand.description = To {0} characters, with ''{1}'' at {2}. +fuzz.payload.processor.expand.description.position.begin = begin +fuzz.payload.processor.expand.description.position.end = end +fuzz.payload.processor.expand.length.label = Length: +fuzz.payload.processor.expand.name = Expand +fuzz.payload.processor.expand.position.begin.label = Begin +fuzz.payload.processor.expand.position.end.label = End +fuzz.payload.processor.expand.position.label = Position: +fuzz.payload.processor.expand.value.label = Value: +fuzz.payload.processor.expand.warnNoValue.message = No value specified, the value must be specified first. +fuzz.payload.processor.expand.warnNoValue.title = No Value Specified +fuzz.payload.processor.hash.upperCase.label = Upper Case: +fuzz.payload.processor.javascriptEscape.name = JavaScript Escape +fuzz.payload.processor.javascriptUnescape.name = JavaScript Unescape +fuzz.payload.processor.md5Hash.description = Using encoding ''{0}'' +fuzz.payload.processor.md5Hash.name = MD5 Hash +fuzz.payload.processor.postfixString.name = Postfix String +fuzz.payload.processor.postfixString.value.label = Value: +fuzz.payload.processor.postfixString.warnNoValue.message = No value specified, the value must be specified first. +fuzz.payload.processor.postfixString.warnNoValue.title = No Value Specified +fuzz.payload.processor.prefixString.name = Prefix String +fuzz.payload.processor.prefixString.value.label = Value: +fuzz.payload.processor.prefixString.warnNoValue.message = No value specified, the value must be specified first. +fuzz.payload.processor.prefixString.warnNoValue.title = No Value Specified +fuzz.payload.processor.script.name = Script +fuzz.payload.processor.script.script.label = Script: +fuzz.payload.processor.script.warnNoInterface.message = The selected script does not implement the required interface.\nPlease take a look at the provided templates for examples. +fuzz.payload.processor.script.warnNoInterface.title = Script Incorrect Implementation +fuzz.payload.processor.script.warnNoScript.message = No script selected, a script must be selected first. +fuzz.payload.processor.script.warnNoScript.title = No Script Selected +fuzz.payload.processor.sha1Hash.description = Using encoding ''{0}'' +fuzz.payload.processor.sha1Hash.name = SHA-1 Hash +fuzz.payload.processor.sha256Hash.description = Using encoding ''{0}'' +fuzz.payload.processor.sha256Hash.name = SHA-256 Hash +fuzz.payload.processor.sha512Hash.description = Using encoding ''{0}'' +fuzz.payload.processor.sha512Hash.name = SHA-512 Hash +fuzz.payload.processor.trim.description = To {0} characters +fuzz.payload.processor.trim.length.label = Length: +fuzz.payload.processor.trim.name = Trim +fuzz.payload.processor.urlDecode.description = Using encoding ''{0}'' +fuzz.payload.processor.urlDecode.name = URL Decode +fuzz.payload.processor.urlEncode.description = Using encoding ''{0}'' +fuzz.payload.processor.urlEncode.name = URL Encode + +fuzz.payloads.generator.empty.description = Repeat {0} time(s) +fuzz.payloads.generator.empty.name = Empty/Null +fuzz.payloads.generator.empty.repetitions.label = Number Repetitions +fuzz.payloads.generator.file.charset.label = Character Encoding: +fuzz.payloads.generator.file.commentToken.label = Comment Token: +fuzz.payloads.generator.file.file.button = Tańlaw... +fuzz.payloads.generator.file.file.description = Any File +fuzz.payloads.generator.file.file.label = File: +fuzz.payloads.generator.file.ignoreEmptyLines.label = Ignore Empty Lines: +fuzz.payloads.generator.file.ignoreEmptyLines.tooltip = If the empty lines, after trimming white spaces, should be ignored. +fuzz.payloads.generator.file.ignoreFirstLine.label = Ignore First Line: +fuzz.payloads.generator.file.limit.label = Limit: +fuzz.payloads.generator.file.limit.tooltip = Limits the number of payloads that will be obtained from the file. +fuzz.payloads.generator.file.limit.value.label = Value: +fuzz.payloads.generator.file.limit.value.tooltip = The maximum number of payloads that will be obtained from the file. +fuzz.payloads.generator.file.name = File +fuzz.payloads.generator.file.payloadsPreview.error = Failed to create preview. +fuzz.payloads.generator.file.payloadsPreview.label = Payloads Preview: +fuzz.payloads.generator.file.warnErrorReadingFile.message = An error occurred while calculating the number of payloads.\nThat might be caused by incorrect character encoding.\nThe file will still be processed. +fuzz.payloads.generator.file.warnErrorReadingFile.title = Error Reading File +fuzz.payloads.generator.file.warnNoFile.message = No file selected, a file must be selected first. +fuzz.payloads.generator.file.warnNoFile.title = No File Selected +fuzz.payloads.generator.fileFuzzers.files.label = Files: +fuzz.payloads.generator.fileFuzzers.name = File Fuzzers +fuzz.payloads.generator.fileFuzzers.payloadsPreview.error = Failed to create preview. +fuzz.payloads.generator.fileFuzzers.payloadsPreview.label = Payloads Preview: +fuzz.payloads.generator.fileFuzzers.warnNoFile.message = No file selected, at least one file must be selected first. +fuzz.payloads.generator.fileFuzzers.warnNoFile.title = No File Selected +fuzz.payloads.generator.generic.edit.errorCreate = Failed to create copy of file for edition. +fuzz.payloads.generator.generic.edit.errorRead = Failed to read the payloads from the file. +fuzz.payloads.generator.generic.edit.errorSize = Failed to query the size of the file. +fuzz.payloads.generator.generic.edit.errorWrite = Failed to write the payloads to the file. +fuzz.payloads.generator.generic.edit.external.closeDialog = Close this dialogue once finished the editions. +fuzz.payloads.generator.generic.edit.external.errorFailedOpen = Failed to open the file for edition. +fuzz.payloads.generator.generic.edit.external.message = The file is too big to be edited in ZAP.\nDo you want to edit the file with external program? +fuzz.payloads.generator.generic.edit.external.opening = Opening external program... +fuzz.payloads.generator.generic.edit.external.title = File Too Big +fuzz.payloads.generator.generic.edit.payloads.label = Payloads: +fuzz.payloads.generator.generic.edit.warnTooBig = The file is to big to be edited from within ZAP. +fuzz.payloads.generator.json.description = Generate mutated versions of original provided JSON string +fuzz.payloads.generator.json.name = Json +fuzz.payloads.generator.json.number.payloads.label = Number of payloads +fuzz.payloads.generator.json.original.field.label = Original JSON +fuzz.payloads.generator.numbers.description = From {0} to {1}, increment {2} +fuzz.payloads.generator.numbers.from.label = From: +fuzz.payloads.generator.numbers.increment.label = Increment: +fuzz.payloads.generator.numbers.name = Numberzz +fuzz.payloads.generator.numbers.payloadsPreview.label = Payloads Preview: +fuzz.payloads.generator.numbers.payloadsPreviewGenerate.label = Generate Preview +fuzz.payloads.generator.numbers.to.label = To: +fuzz.payloads.generator.regex.description.base = {0} {1} +fuzz.payloads.generator.regex.description.maxPayloads = (Limited to {0} payloads) +fuzz.payloads.generator.regex.maxPayloads.label = Max. Payloads: +fuzz.payloads.generator.regex.maxPayloads.tooltip = The maximum number of payloads that should be generated by the regular expression. +fuzz.payloads.generator.regex.name = Regex (*Experimental*) +fuzz.payloads.generator.regex.payloadsPreview.error = Failed to create preview. +fuzz.payloads.generator.regex.payloadsPreview.label = Payloads Preview: +fuzz.payloads.generator.regex.payloadsPreviewGenerate.label = Generate Preview +fuzz.payloads.generator.regex.regex.label = Regex: +fuzz.payloads.generator.regex.regex.randomorder = Random Order (Not Unique) +fuzz.payloads.generator.regex.warnInfiniteRegex.message = The specified regular expression generates an infinite, or very large, number of strings.\r\nContinue anyway? +fuzz.payloads.generator.regex.warnInfiniteRegex.title = Infinite Regular Expression +fuzz.payloads.generator.regex.warnInvalidRegex.message = The syntax of the specified regular expression is not valid. +fuzz.payloads.generator.regex.warnInvalidRegex.title = Invalid Regular Expression +fuzz.payloads.generator.regex.warnInvalidRegexTimeCost.message = The specified regular expression can not be used, it takes too much time to be processed. +fuzz.payloads.generator.regex.warnInvalidRegexTimeCost.title = Invalid Regular Expression +fuzz.payloads.generator.regex.warnMaxNumberOfPayloads.message = The specified regular expression generates a large number of payloads (>= 10M).\nIt will be used a fixed maximum for calculation of the progress. +fuzz.payloads.generator.regex.warnMaxNumberOfPayloads.title = Large Number of Payloads +fuzz.payloads.generator.regex.warnNoRandomPayloads.message = The selected maximum does not allow for generation of any random payloads. +fuzz.payloads.generator.regex.warnNoRandomPayloads.title = No Random Payloads +fuzz.payloads.generator.regex.warnNoRegex.message = No regular expression specified, a regular expression must be specified first. +fuzz.payloads.generator.regex.warnNoRegex.title = No Regular Expression Specified +fuzz.payloads.generator.script.name = Script +fuzz.payloads.generator.script.payloadsPreview.error = Failed to create preview. +fuzz.payloads.generator.script.payloadsPreview.label = Payloads Preview: +fuzz.payloads.generator.script.payloadsPreviewGenerate.label = Generate Preview +fuzz.payloads.generator.script.script.label = Script: +fuzz.payloads.generator.script.warnNoInterface.message = The selected script does not implement the required interface.\nPlease take a look at the provided templates for examples. +fuzz.payloads.generator.script.warnNoInterface.title = Script Incorrect Implementation +fuzz.payloads.generator.script.warnNoNumberOfpayloads.message = Failed to obtain the number of payloads of the selected script.\nThe script might contain errors. +fuzz.payloads.generator.script.warnNoNumberOfpayloads.title = Unknown Number Of Payloads +fuzz.payloads.generator.script.warnNoScript.message = No script selected, a script must be selected first. +fuzz.payloads.generator.script.warnNoScript.title = No Script Selected +fuzz.payloads.generator.strings.contents.label = Contents: +fuzz.payloads.generator.strings.multiline.label = Multiline: +fuzz.payloads.generator.strings.multiline.tooltip = Sets if the contents are treated as one single payload with multiple lines instead of one payload per line. +fuzz.payloads.generator.strings.name = Strings +fuzz.payloads.generators.save.button = Save... +fuzz.payloads.generators.save.dialog.overwrite.message = A file with the specified name already exists. Do you want to replace it? +fuzz.payloads.generators.save.dialog.overwrite.title = Existing File +fuzz.payloads.generators.save.dialog.title = Save Payloads +fuzz.payloads.generators.save.dialog.warnDirNoWritePermission.message = The directory is not writable:\n{0}\nPlease change the write permission to allow to write the file. +fuzz.payloads.generators.save.dialog.warnDirNoWritePermission.title = Directory Without Write Permission +fuzz.payloads.generators.save.dialog.warnErrorSaving = An error occurred while saving the payloads to the file. +fuzz.payloads.generators.save.dialog.warnFileNoWritePermission.message = The file is not writable:\n{0}\nPlease change the write permission to allow to write to the file. +fuzz.payloads.generators.save.dialog.warnFileNoWritePermission.title = File Without Write Permission +fuzz.payloads.generators.save.dialog.warnInvalidName.message = The specified file name is not valid. +fuzz.payloads.generators.save.dialog.warnInvalidName.title = Invalid File Name +fuzz.payloads.generators.save.tooltip = Allows to save the (generated) payloads, to be available in custom 'File Fuzzers'. +fuzz.payloads.script.type.payloadgenerator = Payload Generator +fuzz.payloads.script.type.payloadgenerator.desc = Scripts that can generate payloads to be used in the fuzzer.\n\nMust be enabled to be used, disabled scripts are not shown in the Fuzzer dialogue. +fuzz.payloads.script.type.payloadprocessor = Payload Processor +fuzz.payloads.script.type.payloadprocessor.desc = Scripts that can change the payloads before being used in the fuzzer.\n\nMust be enabled to be used, disabled scripts are not shown in the Fuzzer dialogue. + +fuzz.popup.menu.fuzz.message = Fuzz... + +fuzz.results.error.messageFuzzer.source = Message Fuzzer +fuzz.results.error.unknown.message = Unknown error while executing fuzzer task. Log file contains details of the error. +fuzz.results.error.unknown.source = Unknown + +fuzz.select.message.dialog.confirm.button = Tańlaw +fuzz.select.message.dialog.message.type.label = Message Type: +fuzz.select.message.dialog.title = Select Message + +fuzz.toolbar.ascans.label = Current fuzzers: +fuzz.toolbar.button.clear = Clean finished fuzzers +fuzz.toolbar.button.new = New Fuzzer +fuzz.toolbar.button.new.tooltipNoFuzzers = No fuzzers available +fuzz.toolbar.button.options = Fuzzing Options +fuzz.toolbar.button.pause = Pause Selected Fuzzer +fuzz.toolbar.button.stop = Stop Selected Fuzzer +fuzz.toolbar.button.unpause = Resume Selected Fuzzer +fuzz.toolbar.confirm.clear = Are you sure you want to clear all finished fuzzers? +fuzz.toolbar.confirm.clear.dontPrompt = Do not show this message again +fuzz.toolbar.progress.label = Progress: +fuzz.toolbar.progress.select = --Select Fuzzer-- diff --git a/addOns/gettingStarted/src/main/resources/org/zaproxy/zap/extension/gettingStarted/resources/Messages_kaa.properties b/addOns/gettingStarted/src/main/resources/org/zaproxy/zap/extension/gettingStarted/resources/Messages_kaa.properties new file mode 100644 index 00000000000..40a9d66257d --- /dev/null +++ b/addOns/gettingStarted/src/main/resources/org/zaproxy/zap/extension/gettingStarted/resources/Messages_kaa.properties @@ -0,0 +1,4 @@ +gettingStarted.desc = The ZAP Getting Started Guide +# gettingStarted.file is the filename - do NOT translate it unless you have also provided a translated file with that name +gettingStarted.file = ZAPGettingStartedGuide-2.13.pdf +gettingStarted.menu = Getting Started Guide diff --git a/addOns/graaljs/src/main/resources/org/zaproxy/zap/extension/graaljs/resources/Messages_kaa.properties b/addOns/graaljs/src/main/resources/org/zaproxy/zap/extension/graaljs/resources/Messages_kaa.properties new file mode 100644 index 00000000000..9564b725435 --- /dev/null +++ b/addOns/graaljs/src/main/resources/org/zaproxy/zap/extension/graaljs/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +graaljs.ext.desc = Provides the GraalVM JavaScript engine for ZAP scripting. +graaljs.ext.name = GraalVM JavaScript Engine Extension diff --git a/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages_kaa.properties b/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages_kaa.properties new file mode 100644 index 00000000000..3b5d8ebd18e --- /dev/null +++ b/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages_kaa.properties @@ -0,0 +1,234 @@ +graphql.api.action.importFile = Imports a GraphQL Schema from a File. +graphql.api.action.importFile.param.endurl = The Endpoint URL. +graphql.api.action.importFile.param.file = The File That Contains the GraphQL Schema. +graphql.api.action.importUrl = Imports a GraphQL Schema from a URL. +graphql.api.action.importUrl.param.endurl = The Endpoint URL. +graphql.api.action.importUrl.param.url = The URL Locating the GraphQL Schema. +graphql.api.action.setOptionArgsType = Sets how arguments are specified. +graphql.api.action.setOptionArgsType.param.String = Can be "INLINE", "VARIABLES", or "BOTH". +graphql.api.action.setOptionLenientMaxQueryDepthEnabled = Sets whether or not Maximum Query Depth is enforced leniently. +graphql.api.action.setOptionLenientMaxQueryDepthEnabled.param.Boolean = Enforce Leniently (true or false). +graphql.api.action.setOptionMaxAdditionalQueryDepth = Sets the maximum additional query generation depth (used if enforced leniently). +graphql.api.action.setOptionMaxAdditionalQueryDepth.param.Integer = The Maximum Additional Depth. +graphql.api.action.setOptionMaxArgsDepth = Sets the maximum arguments generation depth. +graphql.api.action.setOptionMaxArgsDepth.param.Integer = The Maximum Depth. +graphql.api.action.setOptionMaxQueryDepth = Sets the maximum query generation depth. +graphql.api.action.setOptionMaxQueryDepth.param.Integer = The Maximum Depth. +graphql.api.action.setOptionOptionalArgsEnabled = Sets whether or not Optional Arguments should be specified. +graphql.api.action.setOptionOptionalArgsEnabled.param.Boolean = Specify Optional Arguments (true or false). +graphql.api.action.setOptionQueryGenEnabled = Sets whether the query generator is enabled. +graphql.api.action.setOptionQueryGenEnabled.param.Boolean = Enable query generation (true or false). +graphql.api.action.setOptionQuerySplitType = Sets the level for which a single query is generated. +graphql.api.action.setOptionQuerySplitType.param.String = Can be "LEAF", "ROOT_FIELD", or "OPERATION". +graphql.api.action.setOptionRequestMethod = Sets the request method. +graphql.api.action.setOptionRequestMethod.param.String = Can be "POST_JSON", "POST_GRAPHQL", or "GET". +graphql.api.view.optionArgsType = Returns how arguments are currently specified. +graphql.api.view.optionLenientMaxQueryDepthEnabled = Returns whether or not lenient maximum query generation depth is enabled. +graphql.api.view.optionMaxAdditionalQueryDepth = Returns the current maximum additional query generation depth. +graphql.api.view.optionMaxArgsDepth = Returns the current maximum arguments generation depth. +graphql.api.view.optionMaxQueryDepth = Returns the current maximum query generation depth. +graphql.api.view.optionOptionalArgsEnabled = Returns whether or not optional arguments are currently specified. +graphql.api.view.optionQueryGenEnabled = Returns whether the query generator is enabled. +graphql.api.view.optionQuerySplitType = Returns the current level for which a single query is generated. +graphql.api.view.optionRequestMethod = Returns the current request method. + +graphql.automation.desc = GraphQL Automation Framework Integration +graphql.automation.dialog.argstype = Arguments Type: +graphql.automation.dialog.endpoint = Endpoint: +graphql.automation.dialog.lenientmaxquery = Lenient Max Query Depth Enabled: +graphql.automation.dialog.maxaddquerydepth = Max Additional Query Depth: +graphql.automation.dialog.maxargsdepth = Max Arguments Depth: +graphql.automation.dialog.maxquerydepth = Max Query Depth: +graphql.automation.dialog.name = Job Name: +graphql.automation.dialog.optargsenabled = Optional Arguments Enabled: +graphql.automation.dialog.querygen = Enable Query Generator: +graphql.automation.dialog.querysplittype = Query Split Type: +graphql.automation.dialog.requestmethod = Request Method: +graphql.automation.dialog.schemafile = SchemaFile: +graphql.automation.dialog.schemaurl = Schema URL: +graphql.automation.dialog.summary = URL: {0}, File: {1} +graphql.automation.dialog.tab.params = Parameters +graphql.automation.dialog.tab.queryGenConfig = Query Generator Configuration +graphql.automation.dialog.title = GraphQL Job +graphql.automation.error = Job graphql error: {0} +graphql.automation.info.import.file = Job graphql importing schema from file: {0} target: {1} +graphql.automation.info.import.introspect = Job graphql importing schema using introspection from: {0} +graphql.automation.info.import.url = Job graphql importing schema from URL: {0} target: {1} +graphql.automation.name = GraphQL Automation + +graphql.cmdline.endurl.help = Sets the Endpoint URL +graphql.cmdline.file.help = Imports a GraphQL Schema from a File +graphql.cmdline.url.help = Imports a GraphQL Schema from a URL + +graphql.desc = Allows you to inspect and attack GraphQL endpoints. + +graphql.engine.agoo.docsUrl = https://github.com/ohler55/agoo +graphql.engine.agoo.name = Agoo +graphql.engine.agoo.technologies = Ruby + +graphql.engine.apollo.docsUrl = https://github.com/apollographql/apollo-server +graphql.engine.apollo.name = Apollo +graphql.engine.apollo.technologies = JavaScript, Node.js, and TypeScript + +graphql.engine.ariadne.docsUrl = https://github.com/mirumee/ariadne +graphql.engine.ariadne.name = Ariadne +graphql.engine.ariadne.technologies = Python + +graphql.engine.aws-appsync.docsUrl = https://aws.amazon.com/appsync +graphql.engine.aws-appsync.name = AWS AppSync +graphql.engine.aws-appsync.technologies = AWS + +graphql.engine.caliban.docsUrl = https://github.com/ghostdogpr/caliban +graphql.engine.caliban.name = caliban +graphql.engine.caliban.technologies = Scala + +graphql.engine.dgraph.docsUrl = https://github.com/dgraph-io/dgraph +graphql.engine.dgraph.name = Dgraph +graphql.engine.dgraph.technologies = JavaScript + +graphql.engine.dianajl.docsUrl = https://github.com/neomatrixcode/Diana.jl +graphql.engine.dianajl.name = Diana.jl +graphql.engine.dianajl.technologies = Julia + +graphql.engine.directus.docsUrl = https://github.com/directus/directus +graphql.engine.directus.name = Directus +graphql.engine.directus.technologies = TypeScript + +graphql.engine.gqlgen.docsUrl = https://github.com/99designs/gqlgen +graphql.engine.gqlgen.name = gqlgen +graphql.engine.gqlgen.technologies = Golang + +graphql.engine.graphene.docsUrl = https://github.com/graphql-python/graphene +graphql.engine.graphene.name = Graphene +graphql.engine.graphene.technologies = Python + +graphql.engine.graphql-by-pop.docsUrl = https://github.com/leoloso/PoP/tree/master/layers/GraphQLByPoP +graphql.engine.graphql-by-pop.name = GraphQL by PoP +graphql.engine.graphql-by-pop.technologies = PHP + +graphql.engine.graphql-flutter.docsUrl = https://github.com/zino-app/graphql-flutter +graphql.engine.graphql-flutter.name = graphql-flutter +graphql.engine.graphql-flutter.technologies = Flutter (Dart) + +graphql.engine.graphql-go.docsUrl = https://github.com/graphql-go/graphql +graphql.engine.graphql-go.name = graphql-go +graphql.engine.graphql-go.technologies = Golang + +graphql.engine.graphql-java.docsUrl = https://github.com/graphql-java/graphql-java +graphql.engine.graphql-java.name = graphql-java +graphql.engine.graphql-java.technologies = Java + +graphql.engine.graphql-php.docsUrl = https://github.com/webonyx/graphql-php +graphql.engine.graphql-php.name = graphql-php +graphql.engine.graphql-php.technologies = PHP + +graphql.engine.graphql-ruby.docsUrl = https://github.com/rmosolgo/graphql-ruby +graphql.engine.graphql-ruby.name = graphql-ruby +graphql.engine.graphql-ruby.technologies = Ruby + +graphql.engine.graphql-yoga.docsUrl = https://github.com/dotansimha/graphql-yoga +graphql.engine.graphql-yoga.name = GraphQL Yoga +graphql.engine.graphql-yoga.technologies = TypeScript + +graphql.engine.hasura.docsUrl = https://github.com/hasura/graphql-engine +graphql.engine.hasura.name = Hasura +graphql.engine.hasura.technologies = Haskell + +graphql.engine.hypergraphql.docsUrl = https://github.com/hypergraphql/hypergraphql +graphql.engine.hypergraphql.name = HyperGraphQL +graphql.engine.hypergraphql.technologies = Java + +graphql.engine.jaal.docsUrl = https://github.com/appointy/jaal +graphql.engine.jaal.name = jaal +graphql.engine.jaal.technologies = Golang + +graphql.engine.juniper.docsUrl = https://github.com/graphql-rust/juniper +graphql.engine.juniper.name = Juniper +graphql.engine.juniper.technologies = Rust + +graphql.engine.lacinia.docsUrl = https://github.com/walmartlabs/lacinia +graphql.engine.lacinia.name = lacinia +graphql.engine.lacinia.technologies = Clojure + +graphql.engine.lighthouse.docsUrl = https://github.com/nuwave/lighthouse +graphql.engine.lighthouse.name = Lighthouse +graphql.engine.lighthouse.technologies = PHP + +graphql.engine.mercurius.docsUrl = https://github.com/mercurius-js/mercurius +graphql.engine.mercurius.name = mercurius +graphql.engine.mercurius.technologies = JavaScript, Node.js, and TypeScript + +graphql.engine.morpheus.docsUrl = https://github.com/morpheusgraphql/morpheus-graphql +graphql.engine.morpheus.name = morpheus-graphql +graphql.engine.morpheus.technologies = Haskell + +graphql.engine.sangria.docsUrl = https://github.com/sangria-graphql/sangria +graphql.engine.sangria.name = Sangria +graphql.engine.sangria.technologies = Scala + +graphql.engine.strawberry.docsUrl = https://github.com/strawberry-graphql/strawberry +graphql.engine.strawberry.name = Strawberry +graphql.engine.strawberry.technologies = Python + +graphql.engine.tartiflette.docsUrl = https://github.com/tartiflette/tartiflette +graphql.engine.tartiflette.name = tartiflette +graphql.engine.tartiflette.technologies = Python + +graphql.engine.wpgraphql.docsUrl = https://github.com/wp-graphql/wp-graphql +graphql.engine.wpgraphql.name = WPGraphQL WordPress Plugin +graphql.engine.wpgraphql.technologies = PHP + +graphql.error.filenotfound = Cannot find the file:\n{0} +graphql.error.import = Could not import the schema.\n{0} +graphql.error.importfile = An error occurred while importing from file. +graphql.error.introspection = Introspection failed for the specified endpoint. +graphql.error.invalidurl = Please enter a valid URL.\n{0} + +graphql.fingerprinting.alert.desc = The server is using "{0}", which is a GraphQL implementation for {1}. +graphql.fingerprinting.alert.name = GraphQL Server Implementation Identified + +graphql.formhandler.desc = GraphQL Form Handler Integration +graphql.formhandler.name = GraphQL Form Handler + +graphql.importDialog.chooseFileButton = Choose File +graphql.importDialog.importButton = Importlaw +graphql.importDialog.labelEndpoint = Endpoint URL +graphql.importDialog.labelSchema = Schema File or URL +graphql.importDialog.pasteAction = Paste +graphql.importDialog.requiredFields = indicates a required field +graphql.importDialog.title = Import a GraphQL Schema + +graphql.info.emptyendurl = No GraphQL URL specified. + +graphql.introspection.alert.desc = The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries. +graphql.introspection.alert.name = GraphQL Endpoint Supports Introspection +graphql.introspection.alert.ref = https://spec.graphql.org/October2021/#sec-Introspection +graphql.introspection.alert.soln = Disable Introspection on the GraphQL endpoint. + +graphql.options.label.additionalQueryDepth = Additional Query Depth: +graphql.options.label.argsDepth = Maximum Arguments Depth: +graphql.options.label.argsType = Specify Arguments: +graphql.options.label.lenientMaxQueryDepthEnabled = Lenient Maximum Query Depth +graphql.options.label.lenientMaxQueryDepthEnabled.tooltip = Prevent invalid queries by allowing additional depth for fields with no leaf types. +graphql.options.label.optionalArgsEnabled = Specify Optional Arguments +graphql.options.label.queryDepth = Maximum Query Depth: +graphql.options.label.queryGenEnabled = Enable Query Generator +graphql.options.label.requestMethod = Request Method: +graphql.options.label.split = Generate Query For: +graphql.options.panelName = GraphQL +graphql.options.queryGenConfigPanel.title = Query Generator Configuration +graphql.options.value.args.both = Both Ways +graphql.options.value.args.inline = Inline +graphql.options.value.args.variables = Using Variables +graphql.options.value.request.postJson = POST (with JSON body) +graphql.options.value.split.get = GET +graphql.options.value.split.leaf = Each Leaf (Scalar or Enum) +graphql.options.value.split.operation = Each Operation +graphql.options.value.split.postGraphql = POST (with GraphQL body) +graphql.options.value.split.rootField = Each Field of an Operation + +graphql.spider.desc = GraphQL Spider Integration +graphql.spider.name = GraphQL Spider + +graphql.topmenu.import.importgraphql = Import a GraphQL Schema +graphql.topmenu.import.importgraphql.tooltip = Specify a GraphQL endpoint and optionally a GraphQL schema file to import. diff --git a/addOns/groovy/src/main/resources/org/zaproxy/zap/extension/groovy/resources/Messages_kaa.properties b/addOns/groovy/src/main/resources/org/zaproxy/zap/extension/groovy/resources/Messages_kaa.properties new file mode 100644 index 00000000000..1abe0fe43d8 --- /dev/null +++ b/addOns/groovy/src/main/resources/org/zaproxy/zap/extension/groovy/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +groovy.desc = Adds Groovy support to ZAP. Allows Groovy to be used for ZAP scripting - templates included - and to run add-ons written in Groovy. +groovy.name = Groovy Extension diff --git a/addOns/imagelocationscanner/src/main/resources/org/zaproxy/zap/extension/imagelocationscanner/resources/Messages_kaa.properties b/addOns/imagelocationscanner/src/main/resources/org/zaproxy/zap/extension/imagelocationscanner/resources/Messages_kaa.properties new file mode 100644 index 00000000000..e5ac4518738 --- /dev/null +++ b/addOns/imagelocationscanner/src/main/resources/org/zaproxy/zap/extension/imagelocationscanner/resources/Messages_kaa.properties @@ -0,0 +1,9 @@ +imagelocationscanner.addon.desc = Image Location and Privacy Scanner +imagelocationscanner.alertDetailPrefix = This image embeds a location or leaks privacy-related data: +imagelocationscanner.alerttitle = Image Exposes Location or Privacy Data +imagelocationscanner.desc = The image was found to contain embedded location information, such as GPS coordinates, or another privacy exposure, such as camera serial number. Depending on the context of the image in the website, this information may expose private details of the users of a site. For example, a site that allows users to upload profile pictures taken in the home may expose the home's address. + +imagelocationscanner.name = Image Location and Privacy Scanner +imagelocationscanner.refs = https://www.veggiespam.com/ils/ +imagelocationscanner.soln = Before allowing images to be stored on the server and/or transmitted to the browser, strip out the embedded location information from image. This could mean removing all Exif data or just the GPS component. Other data, like serial numbers, should also be removed. +imagelocationscanner.ui.name = Image Location and Privacy Scanner diff --git a/addOns/invoke/src/main/resources/org/zaproxy/zap/extension/invoke/resources/Messages_kaa.properties b/addOns/invoke/src/main/resources/org/zaproxy/zap/extension/invoke/resources/Messages_kaa.properties new file mode 100644 index 00000000000..6a5576ba21e --- /dev/null +++ b/addOns/invoke/src/main/resources/org/zaproxy/zap/extension/invoke/resources/Messages_kaa.properties @@ -0,0 +1,34 @@ +invoke.config.popup = Configure applications... +invoke.desc = Invoke external applications passing context related information such as URLs and parameters +invoke.error = Failed to start/invoke the application:\n +invoke.options.desc = Applications defined here can be invoked via the 'right click' menu on the Sites and History tabs.\nSee help (via '?' icon above) for details of the parameters that can be supplied. +invoke.options.dialog.app.add.button.confirm = Qosıw +invoke.options.dialog.app.add.title = Add Application +invoke.options.dialog.app.button.label.command = ... +invoke.options.dialog.app.button.label.workingDir = ... +invoke.options.dialog.app.chooseCommand.file.description = Applications +invoke.options.dialog.app.field.label.command = Full Command: +invoke.options.dialog.app.field.label.enabled = Enabled: +invoke.options.dialog.app.field.label.name = Display Name: +invoke.options.dialog.app.field.label.note = Output to Note: +invoke.options.dialog.app.field.label.output = Capture Output: +invoke.options.dialog.app.field.label.parameters = Parameters: +invoke.options.dialog.app.field.label.workingDir = Working Dir: +invoke.options.dialog.app.modify.button.confirm = Modify +invoke.options.dialog.app.modify.title = Modify Application +invoke.options.dialog.app.remove.button.cancel = Biykarlaw +invoke.options.dialog.app.remove.button.confirm = Alıp taslaw +invoke.options.dialog.app.remove.checkbox.label = Do not show this message again +invoke.options.dialog.app.remove.text = Are you sure you want to remove the selected application? +invoke.options.dialog.app.remove.title = Remove Application +invoke.options.dialog.app.warning.name.repeated.text = An application with the given name already exists. +invoke.options.dialog.app.warning.name.repeated.title = Duplicated Application Name +invoke.options.table.header.command = Command +invoke.options.table.header.directory = Directory +invoke.options.table.header.enabled = Qosılǵan +invoke.options.table.header.name = Ataması +invoke.options.table.header.output = Output +invoke.options.table.header.parameters = Parameters +invoke.options.table.header.toNote = To Note +invoke.options.title = Applications +invoke.site.popup = Run application diff --git a/addOns/jruby/src/main/resources/org/zaproxy/zap/extension/jruby/resources/Messages_kaa.properties b/addOns/jruby/src/main/resources/org/zaproxy/zap/extension/jruby/resources/Messages_kaa.properties new file mode 100644 index 00000000000..c3d0b64610b --- /dev/null +++ b/addOns/jruby/src/main/resources/org/zaproxy/zap/extension/jruby/resources/Messages_kaa.properties @@ -0,0 +1 @@ +jruby.desc = Allows Ruby to be used for ZAP scripting diff --git a/addOns/jython/src/main/resources/org/zaproxy/zap/extension/jython/resources/Messages_kaa.properties b/addOns/jython/src/main/resources/org/zaproxy/zap/extension/jython/resources/Messages_kaa.properties new file mode 100644 index 00000000000..606959eebdb --- /dev/null +++ b/addOns/jython/src/main/resources/org/zaproxy/zap/extension/jython/resources/Messages_kaa.properties @@ -0,0 +1,6 @@ +jython.desc = Allows Python to be used for ZAP scripting +jython.options.error.modulepath.notdirectory = {0} is not a directory +jython.options.error.modulepath.notexist = {0} does not exist +jython.options.label.choose = Tańlaw... +jython.options.label.modulepath = Additional Python modules path: +jython.options.title = Jython diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/addon/kotlin/resources/Messages_kaa.properties b/addOns/kotlin/src/main/resources/org/zaproxy/addon/kotlin/resources/Messages_kaa.properties new file mode 100644 index 00000000000..03d002846f6 --- /dev/null +++ b/addOns/kotlin/src/main/resources/org/zaproxy/addon/kotlin/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +kotlin.desc = Allows Kotlin to be used for ZAP scripting +kotlin.name = Kotlin diff --git a/addOns/network/src/main/resources/org/zaproxy/addon/network/resources/Messages_kaa.properties b/addOns/network/src/main/resources/org/zaproxy/addon/network/resources/Messages_kaa.properties new file mode 100644 index 00000000000..85ef5306028 --- /dev/null +++ b/addOns/network/src/main/resources/org/zaproxy/addon/network/resources/Messages_kaa.properties @@ -0,0 +1,463 @@ +network.api.action.addAlias = Adds an alias for the local servers/proxies. +network.api.action.addAlias.param.enabled = The enabled state, true or false. +network.api.action.addAlias.param.name = The name of the alias. +network.api.action.addHttpProxyExclusion = Adds a host to be excluded from the HTTP proxy. +network.api.action.addHttpProxyExclusion.param.enabled = The enabled state, true or false. +network.api.action.addHttpProxyExclusion.param.host = The value of the host, a regular expression. +network.api.action.addLocalServer = Adds a local server/proxy. +network.api.action.addLocalServer.param.address = The address of the local server/proxy. +network.api.action.addLocalServer.param.api = If the ZAP API is available, true or false. +network.api.action.addLocalServer.param.behindNat = If the local server is behind NAT, true or false. +network.api.action.addLocalServer.param.decodeResponse = If the response should be decoded, true or false. +network.api.action.addLocalServer.param.port = The port of the local server/proxy. +network.api.action.addLocalServer.param.proxy = If the local server should proxy, true or false. +network.api.action.addLocalServer.param.removeAcceptEncoding = If the request header Accept-Encoding should be removed, true or false. +network.api.action.addPassThrough = Adds an authority to pass-through the local proxies. +network.api.action.addPassThrough.param.authority = The value of the authority, can be a regular expression. +network.api.action.addPassThrough.param.enabled = The enabled state, true or false. +network.api.action.addPkcs12ClientCertificate = Adds a client certificate contained in a PKCS#12 file, the certificate is automatically set as active and used. +network.api.action.addPkcs12ClientCertificate.param.filePath = The file path. +network.api.action.addPkcs12ClientCertificate.param.index = The index of the certificate in the file, defaults to 0. +network.api.action.addPkcs12ClientCertificate.param.password = The password for the file. +network.api.action.addRateLimitRule = Adds a rate limit rule +network.api.action.addRateLimitRule.param.description = A description that allows you to identify the rule. Each rule must have a unique description. +network.api.action.addRateLimitRule.param.enabled = The enabled state, true or false. +network.api.action.addRateLimitRule.param.groupBy = How to group hosts when applying rate limiting: rule or host +network.api.action.addRateLimitRule.param.matchRegex = Regex used to match the host. +network.api.action.addRateLimitRule.param.matchString = Plain string match is handled based on DNS conventions. If the string has one or two components. +network.api.action.addRateLimitRule.param.requestsPerSecond = The maximum number of requests per second. +network.api.action.generateRootCaCert = Generates a new Root CA certificate, used to issue server certificates. +network.api.action.importRootCaCert = Imports a Root CA certificate to be used to issue server certificates. +network.api.action.importRootCaCert.param.filePath = The file system path to the PEM file, containing the certificate and private key. +network.api.action.removeAlias = Removes an alias. +network.api.action.removeAlias.param.name = The name of the alias. +network.api.action.removeHttpProxyExclusion = Removes an HTTP proxy exclusion. +network.api.action.removeHttpProxyExclusion.param.host = The value of the host. +network.api.action.removeLocalServer = Removes a local server/proxy. +network.api.action.removeLocalServer.param.address = The address of the local server/proxy. +network.api.action.removeLocalServer.param.port = The port of the local server/proxy. +network.api.action.removePassThrough = Removes a pass-through. +network.api.action.removePassThrough.param.authority = The value of the authority. +network.api.action.removeRateLimitRule = Remove a rate limit rule +network.api.action.removeRateLimitRule.param.description = The description of the rule to remove. +network.api.action.setAliasEnabled = Sets whether or not an alias is enabled. +network.api.action.setAliasEnabled.param.enabled = The enabled state, true or false. +network.api.action.setAliasEnabled.param.name = The name of the alias. +network.api.action.setConnectionTimeout = Sets the timeout, for reads and connects. +network.api.action.setConnectionTimeout.param.timeout = The timeout, in seconds. +network.api.action.setDefaultUserAgent = Sets the default user-agent. +network.api.action.setDefaultUserAgent.param.userAgent = The default user-agent. +network.api.action.setDnsTtlSuccessfulQueries = Sets the TTL of successful DNS queries. +network.api.action.setDnsTtlSuccessfulQueries.param.ttl = The TTL, in seconds. Negative number, cache forever. Zero, disables caching. Positive number, the number of seconds the successful DNS queries will be cached. +network.api.action.setHttpProxy = Sets the HTTP proxy configuration. +network.api.action.setHttpProxy.param.host = The host, name or address. +network.api.action.setHttpProxy.param.password = The password. +network.api.action.setHttpProxy.param.port = The port. +network.api.action.setHttpProxy.param.realm = The authentication realm. +network.api.action.setHttpProxy.param.username = The user name. +network.api.action.setHttpProxyAuthEnabled = Sets whether or not the HTTP proxy authentication is enabled. +network.api.action.setHttpProxyAuthEnabled.param.enabled = The enabled state, true or false. +network.api.action.setHttpProxyEnabled = Sets whether or not the HTTP proxy is enabled. +network.api.action.setHttpProxyEnabled.param.enabled = The enabled state, true or false. +network.api.action.setHttpProxyExclusionEnabled = Sets whether or not an HTTP proxy exclusion is enabled. +network.api.action.setHttpProxyExclusionEnabled.param.enabled = The enabled state, true or false. +network.api.action.setHttpProxyExclusionEnabled.param.host = The value of the host. +network.api.action.setPassThroughEnabled = Sets whether or not a pass-through is enabled. +network.api.action.setPassThroughEnabled.param.authority = The value of the authority. +network.api.action.setPassThroughEnabled.param.enabled = The enabled state, true or false. +network.api.action.setRateLimitRuleEnabled = Set enabled state for a rate limit rule. +network.api.action.setRateLimitRuleEnabled.param.description = The description of the rule to modify. +network.api.action.setRateLimitRuleEnabled.param.enabled = The enabled state, true or false. +network.api.action.setRootCaCertValidity = Sets the Root CA certificate validity. Used when generating a new Root CA certificate. +network.api.action.setRootCaCertValidity.param.validity = The number of days that the generated Root CA certificate will be valid for. +network.api.action.setServerCertValidity = Sets the server certificate validity. Used when generating server certificates. +network.api.action.setServerCertValidity.param.validity = The number of days that the generated server certificates will be valid for. +network.api.action.setSocksProxy = Sets the SOCKS proxy configuration. +network.api.action.setSocksProxy.param.host = The host, name or address. +network.api.action.setSocksProxy.param.password = The password. +network.api.action.setSocksProxy.param.port = The port. +network.api.action.setSocksProxy.param.useDns = If the names should be resolved by the SOCKS proxy, true or false. +network.api.action.setSocksProxy.param.username = The user name. +network.api.action.setSocksProxy.param.version = The SOCKS version. +network.api.action.setSocksProxyEnabled = Sets whether or not the SOCKS proxy is enabled. +network.api.action.setSocksProxyEnabled.param.enabled = The enabled state, true or false. +network.api.action.setUseClientCertificate = Sets whether or not to use the active client certificate. +network.api.action.setUseClientCertificate.param.use = The use state, true or false. +network.api.action.setUseGlobalHttpState = Sets whether or not to use the global HTTP state. +network.api.action.setUseGlobalHttpState.param.use = The use state, true or false. +network.api.desc = Allows to access and configure core networking capabilities. + +network.api.legacy.api.action.addAdditionalProxy = Adds a new proxy using the details supplied. +network.api.legacy.api.action.removeAdditionalProxy = Removes the additional proxy with the specified address and port. +network.api.legacy.api.view.additionalProxies = Gets all of the additional proxies that have been configured. +network.api.legacy.deprecated.network = Use the API endpoints in the 'network' component instead. + +network.api.other.proxy.pac = Provides a PAC file, proxying through the main proxy. +network.api.other.rootCaCert = Gets the Root CA certificate used to issue server certificates. Suitable to import into client applications (e.g. browsers). +network.api.other.setProxy = Sets the HTTP proxy configuration. +network.api.other.setProxy.param.proxy = The JSON object containing the HTTP proxy configuration. +network.api.view.getAliases = Gets the aliases used to identify the local servers/proxies. +network.api.view.getConnectionTimeout = Gets the connection timeout, in seconds. +network.api.view.getDefaultUserAgent = Gets the default user-agent. +network.api.view.getDnsTtlSuccessfulQueries = Gets the TTL (in seconds) of successful DNS queries. +network.api.view.getHttpProxy = Gets the HTTP proxy. +network.api.view.getHttpProxyExclusions = Gets the HTTP proxy exclusions. +network.api.view.getLocalServers = Gets the local servers/proxies. +network.api.view.getPassThroughs = Gets the authorities that will pass-through the local proxies. +network.api.view.getRateLimitRules = List of rate limit rules. +network.api.view.getRootCaCertValidity = Gets the Root CA certificate validity, in days. Used when generating a new Root CA certificate. +network.api.view.getServerCertValidity = Gets the server certificate validity, in days. Used when generating server certificates. +network.api.view.getSocksProxy = Gets the SOCKS proxy. +network.api.view.isHttpProxyAuthEnabled = Tells whether or not the HTTP proxy authentication is enabled. +network.api.view.isHttpProxyEnabled = Tells whether or not the HTTP proxy is enabled. +network.api.view.isSocksProxyEnabled = Tells whether or not the SOCKS proxy is enabled. +network.api.view.isUseGlobalHttpState = Tells whether or not to use global HTTP state. + +network.cmdline.certdump.done = Root CA certificate written to {0} +network.cmdline.certfulldump = Dumps the Root CA full certificate (including the private key) into the specified file name, this is suitable for importing into ZAP +network.cmdline.certload = Loads the Root CA certificate from the specified file name +network.cmdline.certload.done = Root CA certificate loaded from {0} +network.cmdline.certpubdump = Dumps the Root CA public certificate into the specified file name, this is suitable for importing into browsers +network.cmdline.error.noread = Cannot read file {0} +network.cmdline.error.nowrite = Cannot write to file {0} +network.cmdline.error.write = Error writing Root CA certificate to {0} +network.cmdline.proxy.error.generic = Cause: {0} +network.cmdline.proxy.error.host.assign = Cannot listen on address: {0} +network.cmdline.proxy.error.host.unknown = Unknown host: {0} +network.cmdline.proxy.error.message = An error occurred while starting the main proxy.\n{0} +network.cmdline.proxy.error.port = Cannot listen on port {0}:{1} - try specifying a different port for ZAP to use. +network.cmdline.proxy.error.port.retry = Unable to use the port {0}. Try: +network.cmdline.proxy.error.title = Error Starting Main Proxy +network.cmdline.proxy.host = Overrides the host of the main proxy, specified in the configuration file +network.cmdline.proxy.port = Overrides the port of the main proxy, specified in the configuration file +network.cmdline.proxy.port.invalid.message = Unable to start the main proxy, -port value is not a valid port number:\n{0} +network.cmdline.proxy.port.invalid.title = Invalid Port Number + +network.ext.desc = Provides core networking capabilities. +network.ext.name = Network Extension + +network.httpsender.error.badhost.connect = An exception occurred while attempting to connect to: +network.httpsender.error.badhost.exception = The exception was: \n +network.httpsender.error.badhost.help = The following document may be of assistance in resolving this failure:\n{0} +network.httpsender.error.badhost.help.url = https://www.zaproxy.org/faq/why-cant-zap-connect-to-my-website/ + +network.httpsender.error.proxy = \n\nYour "Options / Network / Connection" proxy settings might be incorrect. +network.httpsender.error.readtimeout = Failed to read {0} within {1} seconds, check to see if the site is available and if so consider adjusting ZAP''s read time out in the Connection options panel. +network.httpsender.ssl.error.connect = An exception occurred while attempting to connect to: +network.httpsender.ssl.error.exception = The exception was: \n +network.httpsender.ssl.error.exception.rootcause = Root cause: \n +network.httpsender.ssl.error.help = The following document may be of assistance in resolving this failure:\n{0} +network.httpsender.ssl.error.help.url = https://www.zaproxy.org/faq/how-to-connect-to-an-https-site-that-reports-a-handshake-failure/ + +network.importpem.certnobase64 = The certificate is not properly base64 encoded. +network.importpem.failed.title = Error Import Root CA Cert .pem File +network.importpem.failedkeystore = Failed to create the KeyStore from the .pem file:\n{0} +network.importpem.failedreadfile = Failed to read the selected .pem file:\n{0} +network.importpem.nocertsection = No certificate section found in the .pem file.\nIt should contain the certificate surrounded with the tokens:\n{0}\nand:\n{1} +network.importpem.noprivkeysection = No private key section found in the .pem file.\nIt should contain the private key surrounded with the tokens:\n{0}\nand:\n{1} +network.importpem.privkeynobase64 = The private key is not properly base64 encoded. + +network.ui.footer.proxies.main = Main Proxy: {0} +network.ui.footer.proxies.representation = {0}:{1} +network.ui.footer.proxies.tooltip.additional.disabled = Additional Proxies (Disabled): +network.ui.footer.proxies.tooltip.additional.enabled = Additional Proxies (Enabled): +network.ui.footer.proxies.tooltip.main = Main Proxy: + +network.ui.options.alias.add.button = Qosıw +network.ui.options.alias.add.field.enabled = Enabled: +network.ui.options.alias.add.field.name = Name: +network.ui.options.alias.add.title = Add Alias +network.ui.options.alias.modify.button = Modify +network.ui.options.alias.modify.title = Modify Alias +network.ui.options.alias.remove.button.cancel = Biykarlaw +network.ui.options.alias.remove.button.confirm = Alıp taslaw +network.ui.options.alias.remove.checkbox.label = Do not show this message again +network.ui.options.alias.remove.text = Are you sure you want to remove the selected alias? +network.ui.options.alias.remove.title = Remove Alias +network.ui.options.alias.tab = Aliases +network.ui.options.alias.table.header.enabled = Qosılǵan +network.ui.options.alias.table.header.name = Ataması + +network.ui.options.alpn.enable.label = Enable TLS ALPN extension +network.ui.options.alpn.protocols.error.noprotocolsselected = You must select at least one application protocol. +network.ui.options.alpn.protocols.error.title = Incorrect Application Protocol Configuration +network.ui.options.alpn.protocols.http1.1.label = HTTP/1.1 +network.ui.options.alpn.protocols.http2.label = HTTP/2 +network.ui.options.alpn.protocols.label = Protocols: +network.ui.options.alpn.title = ALPN + +network.ui.options.clientcertificates.addkeystore = Add to KeyStore +network.ui.options.clientcertificates.certificate.title = Certificate +network.ui.options.clientcertificates.description = Add your keystore and activate the desired certificate. +network.ui.options.clientcertificates.error = Error +network.ui.options.clientcertificates.error.accesskeystore = Error accessing KeyStore: +network.ui.options.clientcertificates.error.cert.title = Client Certificate +network.ui.options.clientcertificates.error.pkcs11.lib = Try to specify the PKCS#11 library again... +network.ui.options.clientcertificates.error.pkcs11.notavailable = The required Sun/IBM PKCS#11 provider is not available.\nFor more information visit the pages: +network.ui.options.clientcertificates.error.pkcs11.notavailable.ibm.hyperlink = http://pic.dhe.ibm.com/infocenter/java7sdk/v7r0/topic/com.ibm.java.security.component.71.doc/security-component/pkcs11implDocs/ibmpkcs11.html +network.ui.options.clientcertificates.error.pkcs11.notavailable.ibm.hyperlink.text = IBMPKCS11Impl Provider +network.ui.options.clientcertificates.error.pkcs11.notavailable.sun.hyperlink = http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#Requirements +network.ui.options.clientcertificates.error.pkcs11.notavailable.sun.hyperlink.text = Sun PKCS#11 Provider +network.ui.options.clientcertificates.error.pkcs11.pinempty = The PIN was not provided. +network.ui.options.clientcertificates.error.pkcs11.wrongdata = Maybe your PIN or library is wrong. +network.ui.options.clientcertificates.error.pkcs11.wrongpassword = Incorrect PKCS#11 PIN. +network.ui.options.clientcertificates.error.pkcs11.wrongpasswordlast = (Last try before blocking the smartcard) +network.ui.options.clientcertificates.error.pkcs12.wrongdata = Maybe your file or password is wrong. +network.ui.options.clientcertificates.keystore.activate = Activate +network.ui.options.clientcertificates.keystore.activecertificate = Active Certificate +network.ui.options.clientcertificates.keystore.certs.table.header = Certificate +network.ui.options.clientcertificates.keystore.enterpassword = Enter Password +network.ui.options.clientcertificates.keystore.keystores.table.header = KeyStore +network.ui.options.clientcertificates.keystore.remove = Alıp taslaw +network.ui.options.clientcertificates.keystore.tab = KeyStore +network.ui.options.clientcertificates.keystore.view = View +network.ui.options.clientcertificates.name = Client Certificates +network.ui.options.clientcertificates.pkcs11.driver = Driver: +network.ui.options.clientcertificates.pkcs11.driver.manage = Manage... +network.ui.options.clientcertificates.pkcs11.pin = PIN: +network.ui.options.clientcertificates.pkcs11.tab = PKCS#11 +network.ui.options.clientcertificates.pkcs11.usesli = Use Slot List Index +network.ui.options.clientcertificates.pkcs11drivers.title = PKCS#11 Drivers +network.ui.options.clientcertificates.pkcs12.file = File: +network.ui.options.clientcertificates.pkcs12.file.select = Tańlaw... +network.ui.options.clientcertificates.pkcs12.file.select.desc = Client Certificate {0} +network.ui.options.clientcertificates.pkcs12.password = Password: +network.ui.options.clientcertificates.pkcs12.store = Store Configuration +network.ui.options.clientcertificates.pkcs12.tab = PKCS#12 +network.ui.options.clientcertificates.usecertificate = Use Certificate + +network.ui.options.connection.general.dns.title = DNS +network.ui.options.connection.general.dns.ttlsuccessful.label = TTL Successful Queries (in seconds): +network.ui.options.connection.general.dns.ttlsuccessful.toolTip = Defines for how long the successful DNS queries should be cached:
  • Negative number, cache forever;
  • Zero, disables caching;
  • Positive number, the number of seconds the queries will be cached.
Note: Changes are applied after a restart. +network.ui.options.connection.general.globalhttpstate = Use Global HTTP State +network.ui.options.connection.general.tab = General +network.ui.options.connection.general.timeout = Timeout (in seconds): +network.ui.options.connection.general.unsaferenegotiation = Enable unsafe SSL/TLS renegotiation +network.ui.options.connection.general.unsaferenegotiation.tooltip = To enable unsafe SSL/TLS renegotiation you must turn it on before establishing any HTTPS connection.\nIf it is not working, restart ZAP. +network.ui.options.connection.general.useragent = Default User Agent: + +network.ui.options.connection.httpproxy.auth.enabled = Authenticate: +network.ui.options.connection.httpproxy.auth.storepass = Store Password +network.ui.options.connection.httpproxy.enabled = Enabled: +network.ui.options.connection.httpproxy.exclusions = Exclusions: +network.ui.options.connection.httpproxy.exclusions.add.button = Qosıw +network.ui.options.connection.httpproxy.exclusions.add.field.enabled = Enabled: +network.ui.options.connection.httpproxy.exclusions.add.field.host = Host: +network.ui.options.connection.httpproxy.exclusions.add.title = Add HTTP Proxy Exclusion +network.ui.options.connection.httpproxy.exclusions.modify.button = Modify +network.ui.options.connection.httpproxy.exclusions.modify.title = Modify HTTP Proxy Exclusion +network.ui.options.connection.httpproxy.exclusions.remove.button.cancel = Biykarlaw +network.ui.options.connection.httpproxy.exclusions.remove.button.confirm = Alıp taslaw +network.ui.options.connection.httpproxy.exclusions.remove.checkbox.label = Do not show this message again +network.ui.options.connection.httpproxy.exclusions.remove.text = Are you sure you want to remove the selected exclusion? +network.ui.options.connection.httpproxy.exclusions.remove.title = Remove HTTP Proxy Exclusion +network.ui.options.connection.httpproxy.exclusions.table.header.enabled = Qosılǵan +network.ui.options.connection.httpproxy.exclusions.table.header.host = Host +network.ui.options.connection.httpproxy.exclusions.warn.invalidregex.message = The provided regular expression is not valid:\n{0} +network.ui.options.connection.httpproxy.exclusions.warn.invalidregex.title = Invalid Regular Expression +network.ui.options.connection.httpproxy.host = Host: +network.ui.options.connection.httpproxy.host.empty = The HTTP proxy host is empty. +network.ui.options.connection.httpproxy.password = Password: +network.ui.options.connection.httpproxy.port = Port: +network.ui.options.connection.httpproxy.realm = Realm: +network.ui.options.connection.httpproxy.tab = HTTP Proxy +network.ui.options.connection.httpproxy.username = User Name: +network.ui.options.connection.httpproxy.username.empty = The HTTP proxy user name is empty. + +network.ui.options.connection.name = Connection + +network.ui.options.connection.socksproxy.dns = Use SOCKS' DNS +network.ui.options.connection.socksproxy.dns.tooltip = Only supported with version 5. +network.ui.options.connection.socksproxy.enabled = Enabled: +network.ui.options.connection.socksproxy.host = Host: +network.ui.options.connection.socksproxy.host.empty = The SOCKS host is empty. +network.ui.options.connection.socksproxy.password = Password: +network.ui.options.connection.socksproxy.port = Port: +network.ui.options.connection.socksproxy.tab = SOCKS Proxy +network.ui.options.connection.socksproxy.username = User Name: +network.ui.options.connection.socksproxy.version = Version: + +network.ui.options.globalexclusions.add.button = Qosıw +network.ui.options.globalexclusions.add.title = Add Global Exclusion +network.ui.options.globalexclusions.field.enabled = Enabled: +network.ui.options.globalexclusions.field.name = Name: +network.ui.options.globalexclusions.field.value = Value: +network.ui.options.globalexclusions.modify.button = Modify +network.ui.options.globalexclusions.modify.title = Modify Global Exclusion +network.ui.options.globalexclusions.name = Global Exclusions +network.ui.options.globalexclusions.remove.button.cancel = Biykarlaw +network.ui.options.globalexclusions.remove.button.confirm = Alıp taslaw +network.ui.options.globalexclusions.remove.checkbox.label = Do not show this message again. +network.ui.options.globalexclusions.remove.text = Are you sure you want to remove the selected global exclusion? +network.ui.options.globalexclusions.remove.title = Remove Global Exclusion +network.ui.options.globalexclusions.table.header.enabled = Qosılǵan +network.ui.options.globalexclusions.table.header.name = Ataması +network.ui.options.globalexclusions.warn.invalidregex.message = The provided regular expression is not valid:\n{0} +network.ui.options.globalexclusions.warn.invalidregex.title = Invalid Regular Expression + +network.ui.options.legacy.clientcerts = Client Certificate +network.ui.options.legacy.clientcerts.moved = These options have been moved to Network > Client Certificates. +network.ui.options.legacy.connection = Connection +network.ui.options.legacy.connection.moved = These options have been moved to Network > Connection. +network.ui.options.legacy.dynssl = Dynamic SSL Certificates +network.ui.options.legacy.dynssl.moved = These options have been moved to Network > Server Certificates. +network.ui.options.legacy.globalexcludeurl = Global Exclude URL +network.ui.options.legacy.globalexcludeurl.moved = These options have been moved to Network > Global Exclusions. +network.ui.options.legacy.opennew = Go to New Screen +network.ui.options.legacy.proxies = Local Proxies +network.ui.options.legacy.proxies.moved = These options have been moved to Network > Local Servers/Proxies. +network.ui.options.legacy.ratelimit = Rate Limit + +network.ui.options.localservers.add.button = Qosıw +network.ui.options.localservers.add.field.address = Address: +network.ui.options.localservers.add.field.port = Port: +network.ui.options.localservers.add.title = Add Local Server/Proxy +network.ui.options.localservers.desc = Set your browser proxy setting using one of the following proxies.\nThe HTTP port and HTTPS port must be the same port. +network.ui.options.localservers.field.behindnat = Behind NAT +network.ui.options.localservers.field.behindnat.tooltip = Indicates that ZAP is behind NAT.
When selected ZAP will attempt to determine the public IP address,
to properly detect and handle requests with the public IP address.
Refer to the help page for more details. +network.ui.options.localservers.field.decoderesponse = Decode Response +network.ui.options.localservers.field.decoderesponse.tooltip = Always automatically decode (i.e. gzip, deflate) the response.
This option is needed for applications that ignore the "Accept-Encoding" header field
This option should be always enabled unless the decoding breaks the application being tested. +network.ui.options.localservers.field.mode = Mode: +network.ui.options.localservers.field.mode.api = API +network.ui.options.localservers.field.mode.apiproxy = API and Proxy +network.ui.options.localservers.field.mode.proxy = Proxy +network.ui.options.localservers.field.removeacceptencoding = Remove Accept-Encoding Request Header +network.ui.options.localservers.field.removeacceptencoding.tooltip = Removes the "Accept-Encoding" request header field,
so no (unsupported) encoding transformations are done to the response.
This option should be always enabled unless when testing the encoding transformations.
The HTTP responses encoded with unsupported encodings will not be correctly scanned (either by passive and active scanners). +network.ui.options.localservers.mainproxy.title = Main Proxy +network.ui.options.localservers.modify.button = Modify +network.ui.options.localservers.modify.main.button = Proxy Properties... +network.ui.options.localservers.modify.main.title = Modify Main Proxy +network.ui.options.localservers.modify.title = Modify Local Server/Proxy +network.ui.options.localservers.name = Local Servers/Proxies +network.ui.options.localservers.remove.button.cancel = Biykarlaw +network.ui.options.localservers.remove.button.confirm = Alıp taslaw +network.ui.options.localservers.remove.checkbox.label = Do not show this message again +network.ui.options.localservers.remove.text = Are you sure you want to remove the selected server? +network.ui.options.localservers.remove.title = Remove Local Server/Proxy +network.ui.options.localservers.servers.binderror = Unable to listen on this address and port:\n{0} +network.ui.options.localservers.servers.duplicated = A local server/proxy with this address and port is already defined:\n{0} +network.ui.options.localservers.servers.duplicated.title = Duplicated Local Server/Proxy +network.ui.options.localservers.servers.title = Additional Servers/Proxies +network.ui.options.localservers.table.header.address = Mánzil +network.ui.options.localservers.table.header.enabled = Qosılǵan +network.ui.options.localservers.table.header.port = Port + +network.ui.options.name = Network + +network.ui.options.passthrough.add.button = Qosıw +network.ui.options.passthrough.add.field.authority = Authority: +network.ui.options.passthrough.add.field.enabled = Enabled: +network.ui.options.passthrough.add.title = Add Pass-through Condition +network.ui.options.passthrough.modify.button = Modify +network.ui.options.passthrough.modify.title = Modify Pass-through Condition +network.ui.options.passthrough.remove.button.cancel = Biykarlaw +network.ui.options.passthrough.remove.button.confirm = Alıp taslaw +network.ui.options.passthrough.remove.checkbox.label = Do not show this message again +network.ui.options.passthrough.remove.text = Are you sure you want to remove the selected pass-through condition? +network.ui.options.passthrough.remove.title = Remove Pass-through Condition +network.ui.options.passthrough.tab = Pass-through +network.ui.options.passthrough.table.header.authority = Authority +network.ui.options.passthrough.table.header.enabled = Qosılǵan +network.ui.options.passthrough.warn.invalidregex.message = The provided regular expression is not valid:\n{0} +network.ui.options.passthrough.warn.invalidregex.title = Invalid Regular Expression + +network.ui.options.pkcs11driver.add.button = Qosıw +network.ui.options.pkcs11driver.add.field.library = Library: +network.ui.options.pkcs11driver.add.field.library.select = Tańlaw... +network.ui.options.pkcs11driver.add.field.name = Name: +network.ui.options.pkcs11driver.add.field.slot = Slot: +network.ui.options.pkcs11driver.add.field.slotlistindex = Slot List Index: +network.ui.options.pkcs11driver.add.title = Add PKCS#11 Driver +network.ui.options.pkcs11driver.modify.button = Modify +network.ui.options.pkcs11driver.modify.title = Modify PKCS#11 +network.ui.options.pkcs11driver.remove.button.cancel = Biykarlaw +network.ui.options.pkcs11driver.remove.button.confirm = Alıp taslaw +network.ui.options.pkcs11driver.remove.checkbox.label = Do not show this message again +network.ui.options.pkcs11driver.remove.text = Are you sure you want to remove the selected driver? +network.ui.options.pkcs11driver.remove.title = Remove PKCS#11 +network.ui.options.pkcs11driver.table.header.name = Ataması +network.ui.options.pkcs11driver.table.header.slot = Slot +network.ui.options.pkcs11driver.table.header.slotlistindex = Slot List Index + +network.ui.options.securityprotocols.error.justsslv2helloselected = SSLv2Hello must be selected in conjunction with other security protocols. +network.ui.options.securityprotocols.error.noprotocolsselected = You must select at least one security protocol. +network.ui.options.securityprotocols.error.title = Incorrect Security Protocol Configuration +network.ui.options.securityprotocols.protocolnotsupportedtooltip = Protocol not enabled or not supported by the JRE. +network.ui.options.securityprotocols.ssl2hello.label = SSLv2Hello +network.ui.options.securityprotocols.ssl3.label = SSL 3 +network.ui.options.securityprotocols.title = Security Protocols +network.ui.options.securityprotocols.tlsv1.1.label = TLS 1.1 +network.ui.options.securityprotocols.tlsv1.2.label = TLS 1.2 +network.ui.options.securityprotocols.tlsv1.3.label = TLS 1.3 +network.ui.options.securityprotocols.tlsv1.label = TLS 1 + +network.ui.options.servercertificates.button.generate = Generate +network.ui.options.servercertificates.button.import = Importlaw +network.ui.options.servercertificates.button.save = Saqlaw +network.ui.options.servercertificates.button.view = View +network.ui.options.servercertificates.field.certvalidity = Validity in Days: +network.ui.options.servercertificates.field.crldistpoint = CRL Dist. Point: +network.ui.options.servercertificates.field.pem = PEM: +network.ui.options.servercertificates.import.config.error = Failed to import Root CA certificate from the config file.\nPlease see log file for details. +network.ui.options.servercertificates.import.config.error.title = Import Error +network.ui.options.servercertificates.import.config.nocert = The selected configuration file does not have a certificate. +network.ui.options.servercertificates.import.config.nocert.title = No Root CA Certificate +network.ui.options.servercertificates.import.pem.certnobase64 = The certificate is not properly base64 encoded. +network.ui.options.servercertificates.import.pem.failed.title = Error Import Root CA Cert .pem File +network.ui.options.servercertificates.import.pem.failedkeystore = Failed to create the KeyStore from the .pem file:\n{0} +network.ui.options.servercertificates.import.pem.failedreadfile = Failed to read the selected .pem file:\n{0} +network.ui.options.servercertificates.import.pem.nocertsection = No certificate section found in the .pem file.\nIt should contain the certificate surrounded with the tokens:\n{0}\nand:\n{1} +network.ui.options.servercertificates.import.pem.noprivkeysection = No private key section found in the .pem file.\nIt should contain the private key surrounded with the tokens:\n{0}\nand:\n{1} +network.ui.options.servercertificates.import.pem.privkeynobase64 = The private key is not properly base64 encoded. +network.ui.options.servercertificates.name = Server Certificates +network.ui.options.servercertificates.overwrite.message = A Root CA certificate already exists.\nCreating a new certificate, will replace the existing one.\n\nDo you want to overwrite the current certificate? +network.ui.options.servercertificates.overwrite.title = Overwrite Existing Certificate? +network.ui.options.servercertificates.tab.issuedcerts = Issued Certificates +network.ui.options.servercertificates.tab.rootcacert = Root CA Certificate + +network.ui.prompt.httpproxy.password.button = OK +network.ui.prompt.httpproxy.password.label = HTTP Proxy Password: +network.ui.prompt.httpproxy.password.title = HTTP Proxy Password Required + +network.ui.ratelimit.add.title = Add Rate Limit Rule +network.ui.ratelimit.add.warning.badregex = The Match String is not a valid regex pattern. +network.ui.ratelimit.add.warning.existdesc = A rule with this description already exists. +network.ui.ratelimit.add.warning.nodesc = You must supply a description. +network.ui.ratelimit.add.warning.nomatch = You must supply a Match String. +network.ui.ratelimit.context.limitdomain.title = Domain +network.ui.ratelimit.context.limithost.title = Host +network.ui.ratelimit.context.title = Limit Request Rate +network.ui.ratelimit.desc = Limits request rate to prevent overloading or being blocked. +network.ui.ratelimit.groupby.host = Host +network.ui.ratelimit.groupby.rule = Rule +network.ui.ratelimit.label.desc = Description: +network.ui.ratelimit.label.enable = Enable: +network.ui.ratelimit.label.groupby = Group By: +network.ui.ratelimit.label.matchstr = Match String: +network.ui.ratelimit.label.regex = Match Regex: +network.ui.ratelimit.label.requestspersecond = Requests per Second: +network.ui.ratelimit.modify.title = Modify Rate Limit Rule +network.ui.ratelimit.name = Rate Limit Requests +network.ui.ratelimit.options.dialog.remove.button.cancel = Biykarlaw +network.ui.ratelimit.options.dialog.remove.button.confirm = Alıp taslaw +network.ui.ratelimit.options.dialog.remove.checkbox.label = Do not show this message again. +network.ui.ratelimit.options.dialog.remove.text = Are you sure you want to remove this rule? +network.ui.ratelimit.options.dialog.remove.title = Remove Rate Limit Rule +network.ui.ratelimit.options.label.rules = Rules: +network.ui.ratelimit.options.table.header.description = Description +network.ui.ratelimit.options.table.header.enabled = Qosılǵan +network.ui.ratelimit.options.table.header.groupby = Group By +network.ui.ratelimit.options.table.header.match = Match String +network.ui.ratelimit.options.table.header.requestspersecond = Req/Sec +network.ui.ratelimit.options.title = Rate Limit +network.ui.ratelimit.panel.title = Rate Limit Options +network.ui.ratelimit.status.header.description = Rule +network.ui.ratelimit.status.header.effectiverate = Effective Rate +network.ui.ratelimit.status.header.group = Group +network.ui.ratelimit.status.header.lastrequest = Last +network.ui.ratelimit.status.header.requestcount = Sorawlar +network.ui.ratelimit.status.title = Rate Limit +network.ui.ratelimit.tab.rule = Rule + +network.warn.cert.expired = ZAP''s Root CA certificate has expired as of {0} (now: {1}).\nYou should regenerate it and re-install it in your browsers.\nRegenerate the certificate and go to the relevant options screen now? +network.warn.cert.failed = Failed to create Root CA certificate.\nRefer to log for more details. diff --git a/addOns/oast/src/main/resources/org/zaproxy/addon/oast/resources/Messages_kaa.properties b/addOns/oast/src/main/resources/org/zaproxy/addon/oast/resources/Messages_kaa.properties new file mode 100644 index 00000000000..73dff20ce1a --- /dev/null +++ b/addOns/oast/src/main/resources/org/zaproxy/addon/oast/resources/Messages_kaa.properties @@ -0,0 +1,68 @@ +oast.alert.otherinfo.received = Received out-of-band interaction [{0}] +oast.alert.otherinfo.request = Soraw +oast.alert.otherinfo.response = Response + +oast.boast.error.payload = Could not create payload [{0}] +oast.boast.error.persist = Failed to persist boast event +oast.boast.error.poll = Could not poll BOAST server {0} [{1}] +oast.boast.event.badMsgDump = Malformed HTTP Message: Dumping entire message in request body +oast.boast.name = BOAST +oast.boast.options.activeServers.canary = Canary +oast.boast.options.activeServers.payload = Payload +oast.boast.options.button.register = Register +oast.boast.options.label.activeServers = Active Servers +oast.boast.options.label.pollingFrequency = Polling Frequency (in seconds): +oast.boast.options.label.uri = Server URI: +oast.boast.param.info.minPollingFrequency = The polling frequency ({0} seconds) is less than the minimum permissible value (10 seconds). The polling frequency will be set to 10 seconds. + +oast.callback.handler.none.name = No callback handler +oast.callback.name = Callback +oast.callback.options.label.localaddress = Local Address (e.g. 0.0.0.0): +oast.callback.options.label.port = Specify Port: +oast.callback.options.label.remoteaddress = Remote Address: +oast.callback.options.label.rndport = Random Port: +oast.callback.options.label.secure = Qáwipsiz: +oast.callback.options.label.testurl = Test URL: + +oast.ext.description = Adds Out-of-band Application Security Testing functionality. +oast.ext.name = Out-of-band Application Security Testing + +oast.interactsh.error.badHttpCode = Bad HTTP Code received from Interactsh server +oast.interactsh.error.poll.unregistered = Cannot poll unregistered server. +oast.interactsh.error.register = Could not register with Interactsh server: {0} +oast.interactsh.options.activePayloads.canary = Canary +oast.interactsh.options.activePayloads.payload = Payload +oast.interactsh.options.button.newPayload = New Payload +oast.interactsh.options.label.activePayloads = Active Payloads +oast.interactsh.options.label.authToken = Authorization Token: +oast.interactsh.options.label.pollingFrequency = Polling Frequency (in seconds): +oast.interactsh.options.label.url = Server URL: + +oast.options.activeScanService = OOB Service Used In Active Scans: +oast.options.activeScanService.tooltip = The selected service will be used to generate payloads for active scan rules that support OAST. +oast.options.general.title = General +oast.options.title = OAST +oast.options.usePermanentDatabase = Use Permanent Database +oast.options.usePermanentDatabase.tooltip = Use the Permanent Database to persist registered OAST service instances across ZAP sessions. + +oast.panel.clear.button.label = Clear +oast.panel.clear.button.toolTip = Clear Messages +oast.panel.currentState.lastPoll = {0}: {1} +oast.panel.currentState.tooltip.lastPolled = {0}: Last Polled Time +oast.panel.name = OAST +oast.panel.options.button.label = Options +oast.panel.pollNow.button.label = Poll Now +oast.panel.pollNow.button.toolTip = Poll All Services +oast.panel.table.column.handler = Handler +oast.panel.table.column.referer = Referer +oast.panel.table.column.source = Source + +oast.popup.menu.insertPayload = Insert OAST Payload +oast.popup.menu.warning = Failed to generate and insert the OAST payload.\n{0} + +oast.scripts.desc = Adds OAST scripts. +oast.scripts.getBoastServers.desc = This script lists the details of all registered BOAST Servers. +oast.scripts.getInteractshPayloads.desc = This script demonstrates how to get Interactsh payloads in scripts. +oast.scripts.name = OAST Scripts +oast.scripts.requestHandler.desc = This script registers an OAST message handler. Change it to do whatever you want to do. +oast.scripts.warn.couldNotAddScripts = Could not add OAST scripts: {0}. diff --git a/addOns/onlineMenu/src/main/resources/org/zaproxy/zap/extension/onlineMenu/resources/Messages_kaa.properties b/addOns/onlineMenu/src/main/resources/org/zaproxy/zap/extension/onlineMenu/resources/Messages_kaa.properties new file mode 100644 index 00000000000..fef397b9d18 --- /dev/null +++ b/addOns/onlineMenu/src/main/resources/org/zaproxy/zap/extension/onlineMenu/resources/Messages_kaa.properties @@ -0,0 +1,16 @@ +# Strings used by the add-on +onlineMenu.desc = The Online menu links +onlineMenu.devgroup = ZAP Developer Group +onlineMenu.devgroup.mnemonic = d +onlineMenu.ext = ZAP Marketplace +onlineMenu.ext.mnemonic = m +onlineMenu.faq = ZAP Frequently Asked Questions +onlineMenu.faq.mnemonic = f +onlineMenu.home = ZAP Website +onlineMenu.home.mnemonic = z +onlineMenu.issues = Report an Issue +onlineMenu.issues.mnemonic = i +onlineMenu.usergroup = ZAP User Group +onlineMenu.usergroup.mnemonic = u +onlineMenu.videos = ZAP Videos +onlineMenu.videos.mnemonic = v diff --git a/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages_kaa.properties b/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages_kaa.properties new file mode 100644 index 00000000000..67e7e50d321 --- /dev/null +++ b/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages_kaa.properties @@ -0,0 +1,82 @@ +openapi.api.action.importFile = Imports an OpenAPI definition from a local file. +openapi.api.action.importFile.param.file = The file that contains the OpenAPI definition. +openapi.api.action.importFile.param.target = The Target URL to override the server URL present in the definition. +openapi.api.action.importUrl = Imports an OpenAPI definition from a URL. +openapi.api.action.importUrl.param.hostOverride = The Target URL (called hostOverride for historical reasons) to override the server URL present in the definition. +openapi.api.action.importUrl.param.url = The URL locating the OpenAPI definition. + +openapi.automation.desc = OpenAPI Automation Framework Integration +openapi.automation.dialog.apifile = API File: +openapi.automation.dialog.apiurl = API URL: +openapi.automation.dialog.context = Context: +openapi.automation.dialog.name = Job Name: +openapi.automation.dialog.summary = URL: {0}, File: {1} +openapi.automation.dialog.targeturl = Target URL: +openapi.automation.dialog.title = OpenAPI Job +openapi.automation.error.file = Job {0} cannot read file: {1} +openapi.automation.error.misc = Job {0} target: {1} error: {2} +openapi.automation.error.nofile = Cannot access file: {0} +openapi.automation.error.url = Job {0} target: {1} invalid API URL: {2} +openapi.automation.info.urlsadded = Job {0} added {1} URLs +openapi.automation.name = OpenAPI Automation + +openapi.cmdline.contextid.help = The Context ID used to associate data driven nodes generated from path parameters in the OpenAPI definition +openapi.cmdline.file.help = Imports an OpenAPI definition from the specified file name +openapi.cmdline.targeturl.help = The Target URL, to override the server URL present in the OpenAPI definition. Refer to the help for supported format. +openapi.cmdline.url.help = Imports an OpenAPI definition from the specified URL + +openapi.desc = Allows you to spider and import OpenAPI (Swagger) definitions + +openapi.formhandler.desc = OpenAPI Form Handler Integration +openapi.formhandler.name = OpenAPI Form Handler + +openapi.import.error = Failed to access URL: {0} : {1} : {2} + +openapi.importfromdialog.importbutton = Importlaw +openapi.importfromdialog.invalidurl = Invalid URL:\n{0} +openapi.importfromdialog.labelcontext = Context For Adding DDNs: +openapi.importfromdialog.labeltarget = Target URL: +openapi.importfromdialog.pasteaction = Paste + +openapi.importfromfiledialog.badfile = Can't find the specified file +openapi.importfromfiledialog.choosefilebutton = Choose File +openapi.importfromfiledialog.labelfile = File Path: +openapi.importfromfiledialog.title = Import OpenAPI Definition from File + +openapi.importfromurldialog.labelurl = URL Pointing to OpenAPI defn: +openapi.importfromurldialog.title = Import OpenAPI Definition from URL +openapi.importfromurldialog.urlerror.empty = The URL to import is empty. +openapi.importfromurldialog.urlerror.invalid = The URL to import is invalid:\n{0} + +openapi.io.error = Failed to access specified definition + +openapi.name = OpenAPI Import + +openapi.parse.error = Failed to parse OpenAPI definition.\n\n{0} +openapi.parse.ok = Successfully parsed OpenAPI definition +openapi.parse.trailer = Further details may be available in the Output tab. +openapi.parse.warn = Parsed OpenAPI definition with warnings - \nsee Output tab for details + +openapi.progress.importpane.currentimport = Importing: {0} + +openapi.spider.desc = OpenAPI Spider Integration +openapi.spider.name = OpenAPI Spider + +openapi.swaggerconverter.definitionurl = Definition URL: {0} +openapi.swaggerconverter.definitionurl.errorsyntax = Invalid definition URL:\n{0}\nRefer to log for more details. +openapi.swaggerconverter.definitionurl.missingcomponents = The definition URL does not have the scheme or authority component:\n{0} +openapi.swaggerconverter.nourls = Unable to obtain any server URL from the definition. +openapi.swaggerconverter.parse.defn.exception = Failed to parse swagger defn {0} +openapi.swaggerconverter.serverurl = Server URL: {0} +openapi.swaggerconverter.targeturl.errorsyntax = Invalid target URL:\n{0}\nRefer to the help for the supported syntax. +openapi.swaggerconverter.targeturl.invalid = Failed to create/normalise the target URL:\n{0} +openapi.swaggerconverter.targeturl.missingcomponents = The target URL does not have the scheme or authority component:\n{0} + +openapi.topmenu.import.importopenapi = Import an OpenAPI definition from the local file system +openapi.topmenu.import.importopenapi.tooltip = The file must be a formal described OpenAPI definition. +openapi.topmenu.import.importremoteopenapi = Import an OpenAPI definition from a URL +openapi.topmenu.import.importremoteopenapi.tooltip = The contents must be a formal described OpenAPI definition. + +openapi.unsupportedcontent = Not generating request body for operation {0}, the content type {1} is not supported. + +openapi.unsupportedscheme = The scheme of the URL is not HTTP or HTTPS:\n{0} diff --git a/addOns/paramdigger/src/main/resources/org/zaproxy/addon/paramdigger/resources/Messages_kaa.properties b/addOns/paramdigger/src/main/resources/org/zaproxy/addon/paramdigger/resources/Messages_kaa.properties new file mode 100644 index 00000000000..cc6d2a1d520 --- /dev/null +++ b/addOns/paramdigger/src/main/resources/org/zaproxy/addon/paramdigger/resources/Messages_kaa.properties @@ -0,0 +1,85 @@ +paramdigger.api.action.helloWorld = Logs "hello world called" with debug level. + +paramdigger.desc = Parameter Digger + +paramdigger.dialog.button.scan = Scan +paramdigger.dialog.context = Context: +paramdigger.dialog.cookieguess = Cookie Guess: +paramdigger.dialog.cookieguess.wordlist = Wordlist: +paramdigger.dialog.cookieguess.wordlist.custom.file.location = File Location: +paramdigger.dialog.error.no.guess = No guess selected. +paramdigger.dialog.error.url.empty = URL is required. +paramdigger.dialog.error.url.invalid = URL is invalid. +paramdigger.dialog.error.wordlist.empty = Wordlist is required. +paramdigger.dialog.error.wordlist.notfound = Wordlist not found. +paramdigger.dialog.fcbz.cache.buster = Add fcbz Cache Buster: +paramdigger.dialog.headerguess = Header Guess: +paramdigger.dialog.headerguess.methods = Methods: +paramdigger.dialog.headerguess.methods.tooltip = Multi-select with CTRL + Click (or CMD + Click). +paramdigger.dialog.headerguess.wordlist = Wordlist: +paramdigger.dialog.headerguess.wordlist.custom.file.location = File Location: +paramdigger.dialog.methods.get = GET +paramdigger.dialog.methods.json = JSON +paramdigger.dialog.methods.post = POST +paramdigger.dialog.methods.xml = XML +paramdigger.dialog.skip.boring.headers = Skip Boring Headers: +paramdigger.dialog.tab.control = Control +paramdigger.dialog.tab.cookieguess = Cookie Guess +paramdigger.dialog.tab.headerguess = Header Guess +paramdigger.dialog.tab.urlguess = URL Guess +paramdigger.dialog.threadpool.size = Number of Threads: +paramdigger.dialog.url = URL: +paramdigger.dialog.urlguess = URL Guess: +paramdigger.dialog.urlguess.chunksize = Number of Chunks: +paramdigger.dialog.urlguess.methods = Methods: +paramdigger.dialog.urlguess.methods.tooltip = Multi-select with CTRL + Click (or CMD + Click). +paramdigger.dialog.urlguess.wordlist = Wordlist: +paramdigger.dialog.urlguess.wordlist.custom.file.location = File Location: +paramdigger.dialog.wordlist.both = Both +paramdigger.dialog.wordlist.custom = Custom +paramdigger.dialog.wordlist.predefined = Predefined + +paramdigger.error.nofile = File not found : {0} + +paramdigger.exception.method.not.supported = Method not supported: {0} + +paramdigger.options.title = Param Digger + +paramdigger.output.table.result.column.name = Result + +paramdigger.panel.tab.history = Tariyx +paramdigger.panel.tab.output = Output +paramdigger.panel.title = Param Digger + +paramdigger.popup.title = Param Digger... + +paramdigger.results.maintext = Found parameter: {0} Reason: {1}. +paramdigger.results.poison.definition = {0}. Poison used: {1}. WebCache poisoning vulnerability found. +paramdigger.results.poison.definition.first = {0}. Poison used: {1}. Detected in Primary Poisoning Check. +paramdigger.results.reason.BODY_HEURISTIC_MISMATCH = Response body content mismatch (using heuristic comparison) +paramdigger.results.reason.HTTP_CODE = HTTP status code mismatch +paramdigger.results.reason.HTTP_HEADERS = HTTP headers mismatch +paramdigger.results.reason.LINE_COUNT = Line count mismatch +paramdigger.results.reason.PARAM_NAME_REFLECTION = Parameter name reflection +paramdigger.results.reason.PARAM_VALUE_REFLECTION = Parameter value reflection +paramdigger.results.reason.POISON_REFLECTION_IN_BODY = Poison reflected in response body. +paramdigger.results.reason.POISON_REFLECTION_IN_COOKIE = Poison reflected in response cookie. +paramdigger.results.reason.POISON_REFLECTION_IN_HEADER = Poison reflected in response headers. +paramdigger.results.reason.REDIRECT = Redirect Location mismatch +paramdigger.results.reason.TEXT = Text (Without tags) mismatch +paramdigger.results.reason.WORD_COUNT = Word count mismatch + +paramdigger.toolbar.ascans.label = Current Scans: +paramdigger.toolbar.button.clear = Clean Finished Scans +paramdigger.toolbar.button.new = New Scan +paramdigger.toolbar.button.options = Param Digger Options +paramdigger.toolbar.button.pause = Pause Selected Scan +paramdigger.toolbar.button.stop = Stop Selected Scan +paramdigger.toolbar.button.unpause = Resume Selected Scan +paramdigger.toolbar.confirm.clear = Are you sure you want to clear all finished scans? +paramdigger.toolbar.confirm.clear.dontPrompt = Do not show this message again. +paramdigger.toolbar.progress.label = Progress: +paramdigger.toolbar.progress.select = --Select Scan-- + +paramdigger.topmenu.tools.msg = Param Digger: Useful for finding cache poisoning vulnerabilities +paramdigger.topmenu.tools.title = Param Digger diff --git a/addOns/plugnhack/src/main/resources/org/zaproxy/zap/extension/plugnhack/resources/Messages_kaa.properties b/addOns/plugnhack/src/main/resources/org/zaproxy/zap/extension/plugnhack/resources/Messages_kaa.properties new file mode 100644 index 00000000000..9efbf6aa8d9 --- /dev/null +++ b/addOns/plugnhack/src/main/resources/org/zaproxy/zap/extension/plugnhack/resources/Messages_kaa.properties @@ -0,0 +1,58 @@ +plugnhack.activated = ZAP support has been activated in your browser: +plugnhack.brk.client.label = Client Id: +plugnhack.brk.clients.all = -- All Clients -- +plugnhack.brk.display = Type: {0} Client: {1} Payload pattern: {2} +plugnhack.brk.payload.label = Payload Pattern: +plugnhack.brk.type.label = Message Type: +plugnhack.brk.types.all = -- All Types -- +plugnhack.button = Click to setup! +plugnhack.client.button.active.off = List active clients only +plugnhack.client.button.active.on = List active and inactive clients +plugnhack.client.button.custom.tooltip = Add custom breakpoint +plugnhack.client.panel.mnemonic = c +plugnhack.client.panel.title = Clients +plugnhack.clientconf.popup = Configure Client... +plugnhack.clientmsg = Time: {0} Client ID: {1} Type: {2} +plugnhack.desc = Simple browser configuration +plugnhack.dialog.clientconf.heartbeat = Heartbeat interval: +plugnhack.dialog.clientconf.interceptEvents = Intercept Events: +plugnhack.dialog.clientconf.interceptPostMessage = Intercept Post Messages: +plugnhack.dialog.clientconf.monitorEvents = Monitor Events: +plugnhack.dialog.clientconf.monitorPostMessage = Monitor Post Messages: +plugnhack.dialog.clientconf.title = Client Configuration +plugnhack.failure = Configuration failed +plugnhack.firefox = Add to Firefox +plugnhack.header = Welcome to the OWASP Zed Attack Proxy (ZAP) +plugnhack.intro1 = ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. +plugnhack.intro2 = Please be aware that you should only attack applications that you have been specifically been given permission to test. +plugnhack.invalidpattern = Invalid regular expression. +plugnhack.label.initialMessage = To receive client events:\n\n
    \n
  • Access the pages you want to monitor while proxying through ZAP
  • \n
  • Right click in the relevant node(s) in the Sites tree and select 'Monitor Clients -> Include Subtree'
  • \n
  • Force your browser to reload those pages
  • \n
  • Client events (such as postMessage, click, mouseover, etc.) will then be listed in this tab - select them to see the full details.
+plugnhack.manual.ext.desc = Provides the Client Message Editor dialogue. + +plugnhack.manual.ext.name = Client Message Editor + +plugnhack.menu.monitor = Monitor Clients +plugnhack.menu.monitor.exclude = Exclude Subtree +plugnhack.menu.monitor.exscope = Exclude All in Scope +plugnhack.menu.monitor.include = Include Subtree +plugnhack.menu.monitor.inscope = Include All in Scope +plugnhack.menu.monitor.open = Open as Monitored URL +plugnhack.msg.table.header.client = Client +plugnhack.msg.table.header.data = Data +plugnhack.msg.table.header.date = Received +plugnhack.msg.table.header.type = Type +plugnhack.panel.component.all.tooltip = Client Message +plugnhack.progress = Configuring your browser to work with ZAP... +plugnhack.resend.dialog.title = Resend Client Message +plugnhack.resend.popup = Resend +plugnhack.session.label.exclude = URLs that will not be monitored +plugnhack.session.label.include = URLs that will be monitored (unless excluded) +plugnhack.session.label.inscope = All URLs in scope (unless excluded) +plugnhack.session.table.header.exclude = URL regexes +plugnhack.session.table.header.include = URL regexes +plugnhack.session.title = Monitor Clients +plugnhack.setup1 = Your browser does not seem to support automatic man-in-the-middle configuration. +plugnhack.setup2 = If you are using a recent version of Firefox, you can get the add-on here: +plugnhack.success = Configuration succeeded, you are now proxying through ZAP!

\nYou can control both Plug-n-Hack and ZAP via the Firefox Developer Toolbar (Shift+F2) - type 'help pnh' or 'help zap' to get started. +plugnhack.title = ZAP Simple Browser Configuration +plugnhack.view.pnhjson = PnH JSON diff --git a/addOns/portscan/src/main/resources/org/zaproxy/zap/extension/portscan/resources/Messages_kaa.properties b/addOns/portscan/src/main/resources/org/zaproxy/zap/extension/portscan/resources/Messages_kaa.properties new file mode 100644 index 00000000000..422f16abeb3 --- /dev/null +++ b/addOns/portscan/src/main/resources/org/zaproxy/zap/extension/portscan/resources/Messages_kaa.properties @@ -0,0 +1,740 @@ +#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net) + +ports.copy.popup = K\u00f3shirip al\u0131w +ports.desc = Simple but effective port scanner +ports.options.label.maxPort = Highest port number to scan\: +ports.options.label.threads = Concurrent scanning threads per host\: +ports.options.label.timeoutInMs = Timeout in MS\: +ports.options.label.useProxy = Use proxy\: +ports.options.title = Port Scan +ports.panel.title = Port Scan +ports.panel.mnemonic = p +ports.scan.results.table.header.port = Port +ports.scan.results.table.header.description = Description +ports.site.popup = Port Scan Host +ports.table.header.description = Description +ports.table.header.port = Port +ports.toolbar.ascans.label = Current Scans\: +ports.toolbar.button.options = Port Scan Options +ports.toolbar.button.pause = Pause Port Scan +ports.toolbar.button.start = Start Port Scan +ports.toolbar.button.stop = Stop Port Scan +ports.toolbar.button.unpause = Resume Port Scan +ports.toolbar.site.label = Host\: +ports.toolbar.site.select = --Select Host-- + +# Port descriptions taken from http://www.iana.org/assignments/port-numbers +# Note to translators - its probably not worth translating these :) + +ports.port.0 = Reserved +ports.port.1 = TCP Port Service Multiplexer +ports.port.10 = Unassigned +ports.port.100 = [unauthorized use] +ports.port.1000\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.101 = NIC Host Name Server +ports.port.1010 = surf +ports.port.102 = ISO-TSAP Class 0 +ports.port.1021 = RFC3692-style Experiment 1 (*) [RFC4727] +ports.port.1022 = RFC3692-style Experiment 2 (*) [RFC4727] +ports.port.1023 = Reserved +ports.port.103 = Genesis Point-to-Point Trans Net +ports.port.104 = ACR-NEMA Digital Imag. & Comm. 300 +ports.port.105 = Mailbox Name Nameserver +ports.port.106 = 3COM-TSMUX +ports.port.107 = Remote Telnet Service +ports.port.108 = SNA Gateway Access Server +ports.port.109 = Post Office Protocol - Version 2 +ports.port.11 = Active Users +ports.port.110 = Post Office Protocol - Version 3 +ports.port.111 = SUN Remote Procedure Call +ports.port.112 = McIDAS Data Transmission Protocol +ports.port.113 = Authentication Service +ports.port.115 = Simple File Transfer Protocol +ports.port.116 = ANSA REX Notify +ports.port.117 = UUCP Path Service +ports.port.118 = SQL Services +ports.port.119 = Network News Transfer Protocol +ports.port.12 = Unassigned +ports.port.120 = CFDPTKT +ports.port.121 = Encore Expedited Remote Pro.Call +ports.port.122 = SMAKYNET +ports.port.123 = Network Time Protocol +ports.port.124 = ANSA REX Trader +ports.port.125 = Locus PC-Interface Net Map Ser +ports.port.126 = NXEdit +ports.port.127 = Locus PC-Interface Conn Server +ports.port.128 = GSS X License Verification +ports.port.129 = Password Generator Protocol +ports.port.13 = Daytime (RFC 867) +ports.port.130 = cisco FNATIVE +ports.port.131 = cisco TNATIVE +ports.port.132 = cisco SYSMAINT +ports.port.133 = Statistics Service +ports.port.134 = INGRES-NET Service +ports.port.135 = DCE endpoint resolution +ports.port.136 = PROFILE Naming System +ports.port.137 = NETBIOS Name Service +ports.port.138 = NETBIOS Datagram Service +ports.port.139 = NETBIOS Session Service +ports.port.14 = Unassigned +ports.port.140 = EMFIS Data Service +ports.port.141 = EMFIS Control Service +ports.port.142 = Britton-Lee IDM +ports.port.143 = Internet Message Access Protocol +ports.port.144 = Universal Management Architecture +ports.port.145 = UAAC Protocol +ports.port.146 = ISO-IP0 +ports.port.147 = ISO-IP +ports.port.148 = Jargon +ports.port.149 = AED 512 Emulation Service +ports.port.15 = Unassigned [was netstat] +ports.port.150 = SQL-NET +ports.port.151 = HEMS +ports.port.152 = Background File Transfer Program +ports.port.153 = SGMP +ports.port.154 = NETSC +ports.port.155 = NETSC +ports.port.156 = SQL Service +ports.port.157 = KNET/VM Command/Message Protocol +ports.port.158 = PCMail Server +ports.port.159 = NSS-Routing +ports.port.16 = Unassigned +ports.port.160 = SGMP-TRAPS +ports.port.161 = SNMP +ports.port.162 = SNMPTRAP +ports.port.163 = CMIP/TCP Manager +ports.port.164 = CMIP/TCP Agent +ports.port.165 = Xerox +ports.port.166 = Sirius Systems +ports.port.167 = NAMP +ports.port.168 = RSVD +ports.port.169 = SEND +ports.port.17 = Quote of the Day +ports.port.170 = Network PostScript +ports.port.171 = Network Innovations Multiplex +ports.port.172 = Network Innovations CL/1 +ports.port.173 = Xyplex +ports.port.174 = MAILQ +ports.port.175 = VMNET +ports.port.176 = GENRAD-MUX +ports.port.177 = X Display Manager Control Protocol +ports.port.178 = NextStep Window Server +ports.port.179 = Border Gateway Protocol +ports.port.18 = Message Send Protocol +ports.port.180 = Intergraph +ports.port.181 = Unify +ports.port.182 = Unisys Audit SITP +ports.port.183 = OCBinder +ports.port.184 = OCServer +ports.port.185 = Remote-KIS +ports.port.186 = KIS Protocol +ports.port.187 = Application Communication Interface +ports.port.188 = Plus Five's MUMPS +ports.port.189 = Queued File Transport +ports.port.19 = Character Generator +ports.port.190 = Gateway Access Control Protocol +ports.port.191 = Prospero Directory Service +ports.port.192 = OSU Network Monitoring System +ports.port.193 = Spider Remote Monitoring Protocol +ports.port.194 = Internet Relay Chat Protocol +ports.port.195 = DNSIX Network Level Module Audit +ports.port.196 = DNSIX Session Mgt Module Audit Redir +ports.port.197 = Directory Location Service +ports.port.198 = Directory Location Service Monitor +ports.port.199 = SMUX +ports.port.2 = Management Utility +ports.port.20 = File Transfer [Default Data] +ports.port.200 = IBM System Resource Controller +ports.port.201 = AppleTalk Routing Maintenance +ports.port.202 = AppleTalk Name Binding +ports.port.203 = AppleTalk Unused +ports.port.204 = AppleTalk Echo +ports.port.205 = AppleTalk Unused +ports.port.206 = AppleTalk Zone Information +ports.port.207 = AppleTalk Unused +ports.port.208 = AppleTalk Unused +ports.port.209 = The Quick Mail Transfer Protocol +ports.port.21 = File Transfer [Control] +ports.port.210 = ANSI Z39.50 +ports.port.211 = Texas Instruments 914C/G Terminal +ports.port.212 = ATEXSSTR +ports.port.213 = IPX +ports.port.214 = VM PWSCS +ports.port.215 = Insignia Solutions +ports.port.216 = Computer Associates Int'l License Server +ports.port.217 = dBASE Unix +ports.port.218 = Netix Message Posting Protocol +ports.port.219 = Unisys ARPs +ports.port.22 = The Secure Shell (SSH) Protocol +ports.port.220 = Interactive Mail Access Protocol v3 +ports.port.221 = Berkeley rlogind with SPX auth +ports.port.222 = Berkeley rshd with SPX auth +ports.port.223 = Certificate Distribution Center +ports.port.224 = masqdialer +ports.port.23 = Telnet +ports.port.24 = any private mail system +ports.port.242 = Direct +ports.port.243 = Survey Measurement +ports.port.244 = inbusiness +ports.port.245 = LINK +ports.port.246 = Display Systems Protocol +ports.port.247 = SUBNTBCST_TFTP +ports.port.248 = bhfhs +ports.port.25 = Simple Mail Transfer +ports.port.256 = RAP +ports.port.257 = Secure Electronic Transaction +ports.port.259 = Efficient Short Remote Operations +ports.port.26 = Unassigned +ports.port.260 = Openport +ports.port.261 = IIOP Name Service over TLS/SSL +ports.port.262 = Arcisdms +ports.port.263 = HDAP +ports.port.264 = BGMP +ports.port.265 = X-Bone CTL +ports.port.266 = SCSI on ST +ports.port.267 = Tobit David Service Layer +ports.port.268 = Tobit David Replica +ports.port.269 = MANET Protocols +ports.port.27 = NSW User System FE +ports.port.270 = Reserved +ports.port.28 = Unassigned +ports.port.280 = http-mgmt +ports.port.281 = Personal Link +ports.port.282 = Cable Port A/X +ports.port.283 = rescap +ports.port.284 = corerjd +ports.port.286 = FXP Communication +ports.port.287 = K-BLOCK +ports.port.29 = MSG ICP +ports.port.3 = Compression Process +ports.port.30 = Unassigned +ports.port.308 = Novastor Backup +ports.port.309 = EntrustTime +ports.port.31 = MSG Authentication +ports.port.310 = bhmds +ports.port.311 = AppleShare IP WebAdmin +ports.port.312 = VSLMP +ports.port.313 = Magenta Logic +ports.port.314 = Opalis Robot +ports.port.315 = DPSI +ports.port.316 = decAuth +ports.port.317 = Zannet +ports.port.318 = PKIX TimeStamp +ports.port.319 = PTP Event +ports.port.32 = Unassigned +ports.port.320 = PTP General +ports.port.321 = PIP +ports.port.322 = RTSPS +ports.port.33 = Display Support Protocol +ports.port.333 = Texar Security Port +ports.port.34 = Unassigned +ports.port.344 = Prospero Data Access Protocol +ports.port.345 = Perf Analysis Workbench +ports.port.346 = Zebra server +ports.port.347 = Fatmen Server +ports.port.348 = Cabletron Management Protocol +ports.port.349 = mftp +ports.port.35 = any private printer server +ports.port.350 = MATIP Type A +ports.port.351 = bhoetty +ports.port.352 = bhoedap4 +ports.port.353 = NDSAUTH +ports.port.354 = bh611 +ports.port.355 = DATEX-ASN +ports.port.356 = Cloanto Net 1 +ports.port.357 = bhevent +ports.port.358 = Shrinkwrap +ports.port.359 = Network Security Risk Management Protocol +ports.port.36 = Unassigned +ports.port.360 = scoi2odialog +ports.port.361 = Semantix +ports.port.362 = SRS Send +ports.port.363 = RSVP Tunnel +ports.port.364 = Aurora CMGR +ports.port.365 = DTK +ports.port.366 = ODMR +ports.port.367 = MortgageWare +ports.port.368 = QbikGDP +ports.port.369 = rpc2portmap +ports.port.37 = Time +ports.port.370 = codaauth2 +ports.port.371 = Clearcase +ports.port.372 = ListProcessor +ports.port.373 = Legent Corporation +ports.port.374 = Legent Corporation +ports.port.375 = Hassle +ports.port.376 = Amiga Envoy Network Inquiry Proto +ports.port.377 = NEC Corporation +ports.port.378 = NEC Corporation +ports.port.379 = TIA/EIA/IS-99 modem client +ports.port.38 = Route Access Protocol +ports.port.380 = TIA/EIA/IS-99 modem server +ports.port.381 = hp performance data collector +ports.port.382 = hp performance data managed node +ports.port.383 = hp performance data alarm manager +ports.port.384 = A Remote Network Server System +ports.port.385 = IBM Application +ports.port.386 = ASA Message Router Object Def. +ports.port.387 = Appletalk Update-Based Routing Pro. +ports.port.388 = Unidata LDM +ports.port.389 = Lightweight Directory Access Protocol +ports.port.39 = Resource Location Protocol +ports.port.390 = UIS +ports.port.391 = SynOptics SNMP Relay Port +ports.port.392 = SynOptics Port Broker Port +ports.port.393 = Meta5 +ports.port.394 = EMBL Nucleic Data Transfer +ports.port.395 = NetScout Control Protocol +ports.port.396 = Novell Netware over IP +ports.port.397 = Multi Protocol Trans. Net. +ports.port.398 = Kryptolan +ports.port.399 = ISO Transport Class 2 Non-Control over TCP +ports.port.4 = Unassigned +ports.port.40 = Unassigned +ports.port.400 = Oracle Secure Backup +ports.port.401 = Uninterruptible Power Supply +ports.port.402 = Genie Protocol +ports.port.403 = decap +ports.port.404 = nced +ports.port.405 = ncld +ports.port.406 = Interactive Mail Support Protocol +ports.port.407 = Timbuktu +ports.port.408 = Prospero Resource Manager Sys. Man. +ports.port.409 = Prospero Resource Manager Node Man. +ports.port.41 = Graphics +ports.port.410 = DECLadebug Remote Debug Protocol +ports.port.411 = Remote MT Protocol +ports.port.412 = Trap Convention Port +ports.port.413 = Storage Management Services Protocol +ports.port.414 = InfoSeek +ports.port.415 = BNet +ports.port.416 = Silverplatter +ports.port.417 = Onmux +ports.port.418 = Hyper-G +ports.port.419 = Ariel 1 +ports.port.42 = Host Name Server +ports.port.420 = SMPTE +ports.port.421 = Ariel 2 +ports.port.422 = Ariel 3 +ports.port.423 = IBM Operations Planning and Control Start +ports.port.424 = IBM Operations Planning and Control Track +ports.port.425 = ICAD +ports.port.426 = smartsdp +ports.port.427 = Server Location +ports.port.428 = OCS_CMU +ports.port.429 = OCS_AMU +ports.port.43 = Who Is +ports.port.430 = UTMPSD +ports.port.431 = UTMPCD +ports.port.432 = IASD +ports.port.433 = NNSP +ports.port.434 = MobileIP-Agent +ports.port.435 = MobilIP-MN +ports.port.436 = DNA-CML +ports.port.437 = comscm +ports.port.438 = dsfgw +ports.port.439 = dasp Thomas Obermair +ports.port.44 = MPM FLAGS Protocol +ports.port.440 = sgcp +ports.port.441 = decvms-sysmgt +ports.port.442 = cvc_hostd +ports.port.443 = http protocol over TLS/SSL +ports.port.444 = Simple Network Paging Protocol +ports.port.445 = Microsoft-DS +ports.port.446 = DDM-Remote Relational Database Access +ports.port.447 = DDM-Distributed File Management +ports.port.448 = DDM-Remote DB Access Using Secure Sockets +ports.port.449 = AS Server Mapper +ports.port.45 = Message Processing Module [recv] +ports.port.450 = Computer Supported Telecomunication Applications +ports.port.451 = Cray Network Semaphore server +ports.port.452 = Cray SFS config server +ports.port.453 = CreativeServer +ports.port.454 = ContentServer +ports.port.455 = CreativePartnr +ports.port.456 = macon-tcp +ports.port.457 = scohelp +ports.port.458 = apple quick time +ports.port.459 = ampr-rcmd +ports.port.46 = MPM [default send] +ports.port.460 = skronk +ports.port.461 = DataRampSrv +ports.port.462 = DataRampSrvSec +ports.port.463 = alpes +ports.port.464 = kpasswd +ports.port.465 = URL Rendesvous Directory for SSM +ports.port.466 = digital-vrc +ports.port.467 = mylex-mapd +ports.port.468 = proturis +ports.port.469 = Radio Control Protocol +ports.port.47 = NI FTP +ports.port.470 = scx-proxy +ports.port.471 = Mondex +ports.port.472 = ljk-login +ports.port.473 = hybrid-pop +ports.port.474 = tn-tl-w1 +ports.port.475 = tcpnethaspsrv +ports.port.476 = tn-tl-fd1 +ports.port.477 = ss7ns +ports.port.478 = spsc +ports.port.479 = iafserver +ports.port.48 = Digital Audit Daemon +ports.port.480 = iafdbase +ports.port.481 = Ph service +ports.port.482 = bgs-nsi +ports.port.483 = ulpnet +ports.port.484 = Integra Software Management Environment +ports.port.485 = Air Soft Power Burst +ports.port.486 = avian +ports.port.487 = saft Simple Asynchronous File Transfer +ports.port.488 = gss-http +ports.port.489 = nest-protocol +ports.port.49 = Login Host Protocol (TACACS) +ports.port.490 = micom-pfs +ports.port.491 = go-login +ports.port.492 = Transport Independent Convergence for FNA +ports.port.493 = Transport Independent Convergence for FNA +ports.port.494 = POV-Ray +ports.port.495 = intecourier +ports.port.496 = PIM-RP-DISC +ports.port.497 = dantz +ports.port.498 = siam +ports.port.499 = ISO ILL Protocol +ports.port.5 = Remote Job Entry +ports.port.50 = Remote Mail Checking Protocol +ports.port.500 = isakmp +ports.port.501 = STMF +ports.port.502 = asa-appl-proto +ports.port.503 = Intrinsa +ports.port.504 = citadel +ports.port.505 = mailbox-lm +ports.port.506 = ohimsrv +ports.port.507 = crs +ports.port.508 = xvttp +ports.port.509 = snare +ports.port.51 = IMP Logical Address Maintenance +ports.port.510 = FirstClass Protocol +ports.port.511 = PassGo +ports.port.512 = remote process execution; +ports.port.513 = remote login a la telnet; +ports.port.514 = cmd +ports.port.515 = spooler +ports.port.516 = videotex +ports.port.517 = like tenex link, but across +ports.port.518\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.519 = unixtime +ports.port.52 = XNS Time Protocol +ports.port.520 = extended file name server +ports.port.521 = ripng +ports.port.522 = ULP +ports.port.523 = IBM-DB2 +ports.port.524 = NCP +ports.port.525 = timeserver +ports.port.526 = newdate +ports.port.527 = Stock IXChange +ports.port.528 = Customer IXChange +ports.port.529 = IRC-SERV +ports.port.53 = Domain Name Server +ports.port.530 = rpc +ports.port.531 = chat +ports.port.532 = readnews +ports.port.533 = for emergency broadcasts +ports.port.534 = windream Admin +ports.port.535 = iiop +ports.port.536 = opalis-rdv +ports.port.537 = Networked Media Streaming Protocol +ports.port.538 = gdomap +ports.port.539 = Apertus Technologies Load Determination +ports.port.54 = XNS Clearinghouse +ports.port.540 = uucpd +ports.port.541 = uucp-rlogin +ports.port.542 = commerce +ports.port.543\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.544 = krcmd +ports.port.545 = appleqtcsrvr +ports.port.546 = DHCPv6 Client +ports.port.547 = DHCPv6 Server +ports.port.548 = AFP over TCP +ports.port.549 = IDFP +ports.port.55 = ISI Graphics Language +ports.port.550 = new-who +ports.port.551 = cybercash +ports.port.552 = DeviceShare +ports.port.553 = pirp +ports.port.554 = Real Time Streaming Protocol (RTSP) +ports.port.555\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.556 = rfs server +ports.port.557 = openvms-sysipc +ports.port.558 = SDNSKMP +ports.port.559 = TEEDTAP +ports.port.56 = XNS Authentication +ports.port.560 = rmonitord +ports.port.561\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.562 = chcmd +ports.port.563 = nntp protocol over TLS/SSL (was snntp) +ports.port.564 = plan 9 file service +ports.port.565 = whoami +ports.port.566 = streettalk +ports.port.567 = banyan-rpc +ports.port.568 = microsoft shuttle +ports.port.569 = microsoft rome +ports.port.57 = any private terminal access +ports.port.570 = demon +ports.port.571 = udemon +ports.port.572 = sonar +ports.port.573 = banyan-vip +ports.port.574 = FTP Software Agent System +ports.port.575 = VEMMI +ports.port.576 = ipcd +ports.port.577 = vnas +ports.port.578 = ipdd +ports.port.579 = decbsrv +ports.port.58 = XNS Mail +ports.port.580 = SNTP HEARTBEAT +ports.port.581 = Bundle Discovery Protocol +ports.port.582 = SCC Security +ports.port.583 = Philips Video-Conferencing +ports.port.584 = Key Server +ports.port.586 = Password Change +ports.port.587 = Submission +ports.port.588 = CAL +ports.port.589 = EyeLink +ports.port.59 = any private file service +ports.port.590 = TNS CML +ports.port.591 = FileMaker, Inc. - HTTP Alternate (see Port 80) +ports.port.592 = Eudora Set +ports.port.593 = HTTP RPC Ep Map +ports.port.594 = TPIP +ports.port.595 = CAB Protocol +ports.port.596 = SMSD +ports.port.597 = PTC Name Service +ports.port.598 = SCO Web Server Manager 3 +ports.port.599 = Aeolon Core Protocol +ports.port.6 = Unassigned +ports.port.60 = Unassigned +ports.port.600 = Sun IPC server +ports.port.601 = Reliable Syslog Service +ports.port.602 = XML-RPC over BEEP +ports.port.603 = IDXP +ports.port.604 = TUNNEL +ports.port.605 = SOAP over BEEP +ports.port.606 = Cray Unified Resource Manager +ports.port.607 = nqs +ports.port.608 = Sender-Initiated/Unsolicited File Transfer +ports.port.609 = npmp-trap +ports.port.61 = NI MAIL +ports.port.610 = npmp-local +ports.port.611 = npmp-gui +ports.port.612 = HMMP Indication +ports.port.613 = HMMP Operation +ports.port.614 = SSLshell +ports.port.615 = Internet Configuration Manager +ports.port.616 = SCO System Administration Server +ports.port.617 = SCO Desktop Administration Server +ports.port.618 = DEI-ICDA +ports.port.619 = Compaq EVM +ports.port.62 = ACA Services +ports.port.620 = SCO WebServer Manager +ports.port.621 = ESCP +ports.port.622 = Collaborator +ports.port.623 = DMTF out-of-band web services management protocol +ports.port.624 = Crypto Admin +ports.port.625 = DEC DLM +ports.port.626 = ASIA +ports.port.627 = PassGo Tivoli +ports.port.628 = QMQP +ports.port.629 = 3Com AMP3 +ports.port.63 = whois++ +ports.port.630 = RDA +ports.port.631 = IPP (Internet Printing Protocol) +ports.port.632 = bmpp +ports.port.633 = Service Status update (Sterling Software) +ports.port.634 = ginad +ports.port.635 = RLZ DBase +ports.port.636 = ldap protocol over TLS/SSL (was sldap) +ports.port.637 = lanserver +ports.port.638 = mcns-sec +ports.port.639 = MSDP +ports.port.64 = Communications Integrator (CI) +ports.port.640 = entrust-sps +ports.port.641 = repcmd +ports.port.642 = ESRO-EMSDP V1.3 +ports.port.643 = SANity +ports.port.644 = dwr +ports.port.645 = PSSC +ports.port.646 = LDP +ports.port.647 = DHCP Failover +ports.port.648 = Registry Registrar Protocol (RRP) +ports.port.649 = Cadview-3d - streaming 3d models over the internet +ports.port.65 = TACACS-Database Service +ports.port.650 = OBEX +ports.port.651 = IEEE MMS +ports.port.652 = HELLO_PORT +ports.port.653 = RepCmd +ports.port.654 = AODV +ports.port.655 = TINC +ports.port.656 = SPMP +ports.port.657 = RMC +ports.port.658 = TenFold +ports.port.66 = Oracle SQL*NET +ports.port.660 = MacOS Server Admin +ports.port.661 = HAP +ports.port.662 = PFTP +ports.port.663 = PureNoise +ports.port.664 = DMTF out-of-band secure web services management protocol +ports.port.665 = Sun DR +ports.port.666 = doom Id Software +ports.port.667 = campaign contribution disclosures - SDR Technologies +ports.port.668 = MeComm +ports.port.669 = MeRegister +ports.port.67 = Bootstrap Protocol Server +ports.port.670 = VACDSM-SWS +ports.port.671 = VACDSM-APP +ports.port.672 = VPPS-QUA +ports.port.673 = CIMPLEX +ports.port.674 = ACAP +ports.port.675 = DCTP +ports.port.676 = VPPS Via +ports.port.677 = Virtual Presence Protocol +ports.port.678 = GNU Generation Foundation NCP +ports.port.679 = MRM +ports.port.68 = Bootstrap Protocol Client +ports.port.680 = entrust-aaas +ports.port.681 = entrust-aams +ports.port.682 = XFR +ports.port.683 = CORBA IIOP +ports.port.684 = CORBA IIOP SSL +ports.port.685 = MDC Port Mapper +ports.port.686 = Hardware Control Protocol Wismar +ports.port.687 = asipregistry +ports.port.688 = ApplianceWare managment protocol +ports.port.689 = NMAP +ports.port.69 = Trivial File Transfer +ports.port.690 = Velazquez Application Transfer Protocol +ports.port.691 = MS Exchange Routing +ports.port.692 = Hyperwave-ISP +ports.port.693 = almanid Connection Endpoint +ports.port.694 = ha-cluster +ports.port.695 = IEEE-MMS-SSL +ports.port.696 = RUSHD +ports.port.697 = UUIDGEN +ports.port.698 = OLSR +ports.port.699 = Access Network +ports.port.7 = Echo +ports.port.70 = Gopher +ports.port.700 = Extensible Provisioning Protocol +ports.port.701 = Link Management Protocol (LMP) +ports.port.702 = IRIS over BEEP +ports.port.704 = errlog copy/server daemon +ports.port.705 = AgentX +ports.port.706 = SILC +ports.port.707 = Borland DSJ +ports.port.709 = Entrust Key Management Service Handler +ports.port.71 = Remote Job Service +ports.port.710 = Entrust Administration Service Handler +ports.port.711 = Cisco TDP +ports.port.712 = TBRPF +ports.port.713 = IRIS over XPC +ports.port.714 = IRIS over XPCS +ports.port.715 = IRIS-LWZ +ports.port.72 = Remote Job Service +ports.port.729 = IBM NetView DM/6000 Server/Client +ports.port.73 = Remote Job Service +ports.port.730 = IBM NetView DM/6000 send\= +ports.port.731 = IBM NetView DM/6000 receive\= +ports.port.74 = Remote Job Service +ports.port.741 = netGW +ports.port.742 = Network based Rev. Cont. Sys. +ports.port.744 = Flexible License Manager +ports.port.747 = Fujitsu Device Control +ports.port.748 = Russell Info Sci Calendar Manager +ports.port.749 = kerberos administration +ports.port.75 = any private dial out service +ports.port.750\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.751\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.752\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.753\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.754\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.758\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.759\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.76 = Distributed External Object Store +ports.port.760\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.761\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.762\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.763\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.764\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.765\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.767\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.769\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.77 = any private RJE service +ports.port.770\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.771\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.772\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.773\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.774\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.775\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.776\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.777 = Multiling HTTP +ports.port.78 = vettcp +ports.port.780\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.79 = Finger +ports.port.8 = Unassigned +ports.port.80 = World Wide Web HTTP +ports.port.800\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.801\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.810 = FCP +ports.port.82 = XFER Utility +ports.port.828 = itm-mcell-s +ports.port.829 = PKIX-3 CA/RA +ports.port.83 = MIT ML Device +ports.port.830 = NETCONF over SSH +ports.port.831 = NETCONF over BEEP +ports.port.832 = NETCONF for SOAP over HTTPS +ports.port.833 = NETCONF for SOAP over BEEP +ports.port.84 = Common Trace Facility +ports.port.847 = dhcp-failover 2 +ports.port.848 = GDOI +ports.port.85 = MIT ML Device +ports.port.86 = Micro Focus Cobol +ports.port.860 = iSCSI +ports.port.861 = OWAMP-Control +ports.port.862 = Two-way Active Measurement Protocol (TWAMP) Control +ports.port.87 = any private terminal link +ports.port.873 = rsync +ports.port.88 = Kerberos +ports.port.886 = ICL coNETion locate server +ports.port.887 = ICL coNETion server info +ports.port.888 = CD Database Protocol +ports.port.89 = SU/MIT Telnet Gateway +ports.port.9 = Discard +ports.port.90 = DNSIX Securit Attribute Token Map +ports.port.900 = OMG Initial Refs +ports.port.901 = SMPNAMERES +ports.port.902 = self documenting Telnet Door +ports.port.903 = self documenting Telnet Panic Door +ports.port.91 = MIT Dover Spooler +ports.port.910 = Kerberized Internet Negotiation of Keys (KINK) +ports.port.911 = xact-backup +ports.port.912 = APEX relay-relay service +ports.port.913 = APEX endpoint-relay service +ports.port.92 = Network Printing Protocol +ports.port.93 = Device Control Protocol +ports.port.94 = Tivoli Object Dispatcher +ports.port.95 = SUPDUP +ports.port.96 = DIXIE Protocol Specification +ports.port.97 = Swift Remote Virtural File Protocol +ports.port.98 = TAC News +ports.port.989 = ftp protocol, data, over TLS/SSL +ports.port.99 = Metagram Relay +ports.port.990 = ftp protocol, control, over TLS/SSL +ports.port.991 = Netnews Administration System +ports.port.992 = telnet protocol over TLS/SSL +ports.port.993 = imap4 protocol over TLS/SSL +ports.port.994 = irc protocol over TLS/SSL +ports.port.995 = pop3 protocol over TLS/SSL (was spop3) +ports.port.996 = vsinet +ports.port.997\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.998\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.999\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ = +ports.port.unknown = Unknown + diff --git a/addOns/pscanrules/src/main/resources/org/zaproxy/zap/extension/pscanrules/resources/Messages_kaa.properties b/addOns/pscanrules/src/main/resources/org/zaproxy/zap/extension/pscanrules/resources/Messages_kaa.properties new file mode 100644 index 00000000000..e50cadf2598 --- /dev/null +++ b/addOns/pscanrules/src/main/resources/org/zaproxy/zap/extension/pscanrules/resources/Messages_kaa.properties @@ -0,0 +1,422 @@ +pscanrules.anticlickjacking.compliance.malformed.setting.desc = An X-Frame-Options header was present in the response but the value was not correctly set. +pscanrules.anticlickjacking.compliance.malformed.setting.name = X-Frame-Options Setting Malformed +pscanrules.anticlickjacking.compliance.malformed.setting.refs = https://tools.ietf.org/html/rfc7034#section-2.1 +pscanrules.anticlickjacking.compliance.malformed.setting.soln = Ensure a valid setting is used on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive. +pscanrules.anticlickjacking.compliance.meta.desc = An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034). +pscanrules.anticlickjacking.compliance.meta.name = X-Frame-Options Defined via META (Non-compliant with Spec) +pscanrules.anticlickjacking.compliance.meta.refs = https://tools.ietf.org/html/rfc7034#section-4 +pscanrules.anticlickjacking.compliance.meta.soln = Ensure X-Frame-Options is set via a response header field. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive. +pscanrules.anticlickjacking.incInCsp = The Content-Security-Policy does include a 'frame-ancestors' element which takes precedence over the X-Frame-Options header, which is why this has been raised with a LOW risk. +pscanrules.anticlickjacking.missing.desc = The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks. +pscanrules.anticlickjacking.missing.name = Missing Anti-clickjacking Header +pscanrules.anticlickjacking.missing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options +pscanrules.anticlickjacking.missing.soln = Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive. +pscanrules.anticlickjacking.multiple.header.desc = X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents. +pscanrules.anticlickjacking.multiple.header.name = Multiple X-Frame-Options Header Entries +pscanrules.anticlickjacking.multiple.header.refs = https://tools.ietf.org/html/rfc7034 +pscanrules.anticlickjacking.multiple.header.soln = Ensure only a single X-Frame-Options header is present in the response. +pscanrules.anticlickjacking.name = Anti-clickjacking Header + +pscanrules.applicationerrors.desc = This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page. +pscanrules.applicationerrors.name = Application Error Disclosure +pscanrules.applicationerrors.soln = Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user. + +pscanrules.authenticationcredentialscaptured.alert.basicauth.extrainfo = [{0}] [{1}] uses insecure authentication mechanism [{2}], revealing username [{3}] and password [{4}]. +pscanrules.authenticationcredentialscaptured.alert.digestauth.extrainfo = [{0}] [{1}] uses insecure authentication mechanism [{2}], revealing username [{3}] and additional information [{4}]. +pscanrules.authenticationcredentialscaptured.desc = An insecure authentication mechanism is in use. This allows an attacker on the network access to the userid and password of the authenticated user. For Basic Authentication, the attacker must merely monitor the network traffic until a Basic Authentication request is received, and then base64 decode the username and password. For Digest Authentication, the attacker has access to the username, and possibly also the password, if the hash (including a nonce) can be successfully cracked, or if a Man-In-The-Middle attack is mounted.\nThe attacker eavesdrops on the network until an authentication has completed. +pscanrules.authenticationcredentialscaptured.name = Authentication Credentials Captured +pscanrules.authenticationcredentialscaptured.refs = https://owasp.org/www-community/attacks/Brute_force_attack\nhttp://en.wikipedia.org/wiki/Digest_access_authentication +pscanrules.authenticationcredentialscaptured.soln = Use HTTPS, and use a secure authentication mechanism that does not transmit the userid or password in an un-encrypted fashion. In particular, avoid use of the Basic Authentication mechanism, since this trivial obfuscation mechanism is easily broken. + +pscanrules.bigredirects.desc = The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.). +pscanrules.bigredirects.extrainfo = Location header URI length: {0} [{1}].\nPredicted response size: {2}.\nResponse Body Length: {3}. +pscanrules.bigredirects.name = Big Redirect Detected (Potential Sensitive Information Leak) +pscanrules.bigredirects.refs = +pscanrules.bigredirects.soln = Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content. + +pscanrules.cachecontrol.desc = The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached. +pscanrules.cachecontrol.name = Re-examine Cache-control Directives +pscanrules.cachecontrol.refs = https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/ +pscanrules.cachecontrol.soln = For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable". + +pscanrules.charsetmismatch.desc = This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text. +pscanrules.charsetmismatch.extrainfo.html.header_metacharset_mismatch = There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [{0}] and [{1}] do not match. +pscanrules.charsetmismatch.extrainfo.html.header_metacontentype_mismatch = There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [{0}] and [{1}] do not match. +pscanrules.charsetmismatch.extrainfo.html.metacontenttype_metacharset_mismatch = There was a charset mismatch between the META charset and the META content-type encoding declaration: [{0}] and [{1}] do not match. +pscanrules.charsetmismatch.extrainfo.html.no_mismatch_metacontenttype_missing = Charset is defined only by META charset, older clients that expect character set to be defined by META content-type may not correctly display this content. +pscanrules.charsetmismatch.extrainfo.xml = There was a charset mismatch between the HTTP Header and the XML encoding declaration: [{0}] and [{1}] do not match. +pscanrules.charsetmismatch.name = Charset Mismatch +pscanrules.charsetmismatch.refs = http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection +pscanrules.charsetmismatch.soln = Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML. +pscanrules.charsetmismatch.variant.header_metacharset_mismatch = (Header Versus Meta Charset) +pscanrules.charsetmismatch.variant.header_metacontentype_mismatch = (Header Versus Meta Content-Type Charset) +pscanrules.charsetmismatch.variant.metacontenttype_metacharset_mismatch = (Meta Charset Versus Meta Content-Type Charset) +pscanrules.charsetmismatch.variant.no_mismatch_metacontenttype_missing = (Meta Content-Type Charset Missing) + +pscanrules.contentsecuritypolicymissing.desc = Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files. +pscanrules.contentsecuritypolicymissing.name = Content Security Policy (CSP) Header Not Set +pscanrules.contentsecuritypolicymissing.obs.desc = The "X-Content-Security-Policy" and "X-WebKit-CSP" headers are no longer recommended. +pscanrules.contentsecuritypolicymissing.obs.name = Obsolete Content Security Policy (CSP) Header Found +pscanrules.contentsecuritypolicymissing.refs = https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttp://www.w3.org/TR/CSP/\nhttp://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html\nhttp://www.html5rocks.com/en/tutorials/security/content-security-policy/\nhttp://caniuse.com/#feat=contentsecuritypolicy\nhttp://content-security-policy.com/ +pscanrules.contentsecuritypolicymissing.ro.desc = The response contained a Content-Security-Policy-Report-Only header, this may indicate a work-in-progress implementation, or an oversight in promoting pre-Prod to Prod, etc.\n\nContent Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files. +pscanrules.contentsecuritypolicymissing.ro.name = Content Security Policy (CSP) Report-Only Header Found +pscanrules.contentsecuritypolicymissing.ro.refs = https://www.w3.org/TR/CSP2/\nhttps://w3c.github.io/webappsec-csp/\nhttp://caniuse.com/#feat=contentsecuritypolicy\nhttp://content-security-policy.com/ +pscanrules.contentsecuritypolicymissing.soln = Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header. + +pscanrules.contenttypemissing.desc = The Content-Type header was either missing or empty. +pscanrules.contenttypemissing.name = Content-Type Header Missing +pscanrules.contenttypemissing.name.empty = Content-Type Header Empty +pscanrules.contenttypemissing.refs = http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx +pscanrules.contenttypemissing.soln = Ensure each page is setting the specific and appropriate content-type value for the content being delivered. + +pscanrules.cookiehttponly.desc = A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible. +pscanrules.cookiehttponly.name = Cookie No HttpOnly Flag +pscanrules.cookiehttponly.refs = https://owasp.org/www-community/HttpOnly +pscanrules.cookiehttponly.soln = Ensure that the HttpOnly flag is set for all cookies. + +pscanrules.cookielooselyscoped.desc = Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent. +pscanrules.cookielooselyscoped.extrainfo = The origin domain used for comparison was: \r\n{0}\r\n{1} +pscanrules.cookielooselyscoped.extrainfo.cookie = {0}\r\n +pscanrules.cookielooselyscoped.name = Loosely Scoped Cookie +pscanrules.cookielooselyscoped.refs = https://tools.ietf.org/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttp://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies +pscanrules.cookielooselyscoped.soln = Always scope cookies to a FQDN (Fully Qualified Domain Name). + +pscanrules.cookiesamesite.badval.desc = A cookie has been set with an invalid SameSite attribute value, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks. +pscanrules.cookiesamesite.badval.name = Cookie with Invalid SameSite Attribute +pscanrules.cookiesamesite.desc = A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks. +pscanrules.cookiesamesite.name = Cookie without SameSite Attribute +pscanrules.cookiesamesite.none.desc = A cookie has been set with its SameSite attribute set to "none", which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks. +pscanrules.cookiesamesite.none.name = Cookie with SameSite Attribute None +pscanrules.cookiesamesite.refs = https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site +pscanrules.cookiesamesite.soln = Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies. + +pscanrules.cookiesecureflag.desc = A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections. +pscanrules.cookiesecureflag.name = Cookie Without Secure Flag +pscanrules.cookiesecureflag.refs = https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html +pscanrules.cookiesecureflag.soln = Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information. + +pscanrules.crossdomain.desc = Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server +pscanrules.crossdomain.extrainfo = The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. +pscanrules.crossdomain.name = Cross-Domain Misconfiguration +pscanrules.crossdomain.refs = https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy +pscanrules.crossdomain.soln = Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner. + +pscanrules.crossdomainscriptinclusion.desc = The page includes one or more script files from a third-party domain. +pscanrules.crossdomainscriptinclusion.name = Cross-Domain JavaScript Source File Inclusion +pscanrules.crossdomainscriptinclusion.soln = Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application. + +pscanrules.csp.both.desc = The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually. +pscanrules.csp.both.name = Header & Meta +pscanrules.csp.desc = Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files. +pscanrules.csp.malformed.name = Malformed Policy (Non-ASCII) +pscanrules.csp.malformed.otherinfo = A non-ASCII character was encountered while attempting to parse the policy, thus rendering it invalid (no further evaluation occurred). The following invalid characters were collected: {0} +pscanrules.csp.meta.bad.directive.desc = The policy specified via meta element contains either or both the sandbox or frame-ancestors directive, which are not permitted inside meta CSP definitions. +pscanrules.csp.meta.bad.directive.name = Meta Policy Invalid Directive +pscanrules.csp.name = CSP +pscanrules.csp.notices.errors = Errors: +pscanrules.csp.notices.infoitems = Info Items: +pscanrules.csp.notices.name = Notices +pscanrules.csp.notices.warnings = Warnings: +pscanrules.csp.otherinfo.extended = \n\nThe directive(s): {0} are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. +pscanrules.csp.refs = http://www.w3.org/TR/CSP2/\nhttp://www.w3.org/TR/CSP/\nhttp://caniuse.com/#search=content+security+policy\nhttp://content-security-policy.com/\nhttps://github.com/shapesecurity/salvation\nhttps://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources +pscanrules.csp.scriptsrc.unsafe.eval.name = script-src unsafe-eval +pscanrules.csp.scriptsrc.unsafe.eval.otherinfo = script-src includes unsafe-eval. +pscanrules.csp.scriptsrc.unsafe.hashes.name = script-src unsafe-hashes +pscanrules.csp.scriptsrc.unsafe.hashes.otherinfo = script-src includes unsafe-hashes, an attacker will be able to use any of the code covered by such hashes. +pscanrules.csp.scriptsrc.unsafe.hashes.refs = https://www.w3.org/TR/CSP3/#unsafe-hashes-usage\nhttps://content-security-policy.com/examples/allow-inline-script/ +pscanrules.csp.scriptsrc.unsafe.name = script-src unsafe-inline +pscanrules.csp.scriptsrc.unsafe.otherinfo = script-src includes unsafe-inline. +pscanrules.csp.soln = Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header. +pscanrules.csp.stylesrc.unsafe.hashes.name = style-src unsafe-hashes +pscanrules.csp.stylesrc.unsafe.hashes.otherinfo = style-src includes unsafe-hashes, an attacker will be able to use any of the code covered by such hashes. +pscanrules.csp.stylesrc.unsafe.hashes.refs = https://www.w3.org/TR/CSP3/#unsafe-hashes-usage\nhttps://content-security-policy.com/examples/allow-inline-style/ +pscanrules.csp.stylesrc.unsafe.name = style-src unsafe-inline +pscanrules.csp.stylesrc.unsafe.otherinfo = style-src includes unsafe-inline. +pscanrules.csp.wildcard.name = Wildcard Directive +pscanrules.csp.wildcard.otherinfo = The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: \n{0} +pscanrules.csp.xcsp.name = X-Content-Security-Policy +pscanrules.csp.xcsp.otherinfo = The header X-Content-Security-Policy was found on this response. While it is a good sign that CSP is implemented to some degree the policy specified in this header has not been analyzed by ZAP. To ensure full support by modern browsers ensure that the Content-Security-Policy header is defined and attached to responses. +pscanrules.csp.xwkcsp.name = X-WebKit-CSP +pscanrules.csp.xwkcsp.otherinfo = The header X-WebKit-CSP was found on this response. While it is a good sign that CSP is implemented to some degree the policy specified in this header has not been analyzed by ZAP. To ensure full support by modern browsers ensure that the Content-Security-Policy header is defined and attached to responses. + +pscanrules.desc = Release status passive scan rules + +pscanrules.directorybrowsing.desc = It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which can be accessed to reveal sensitive information. +pscanrules.directorybrowsing.extrainfo = Web server identified: {0} +pscanrules.directorybrowsing.name = Directory Browsing +pscanrules.directorybrowsing.refs = https://cwe.mitre.org/data/definitions/548.html +pscanrules.directorybrowsing.soln = Configure the web server to disable directory browsing. + +pscanrules.hashdisclosure.desc = A hash was disclosed by the web server. +pscanrules.hashdisclosure.extrainfo = {0} +pscanrules.hashdisclosure.name = Hash Disclosure +pscanrules.hashdisclosure.refs = http://projects.webappsec.org/w/page/13246936/Information%20Leakage\nhttp://openwall.info/wiki/john/sample-hashes +pscanrules.hashdisclosure.soln = Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser. + +pscanrules.heartbleed.desc = The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.\t +pscanrules.heartbleed.extrainfo = {0} is in use. Note however that the reported version could contain back-ported security fixes, and so the issue could be a false positive. This is common on Red Hat, for instance. +pscanrules.heartbleed.name = Heartbleed OpenSSL Vulnerability (Indicative) +pscanrules.heartbleed.refs = https://nvd.nist.gov/vuln/detail/CVE-2014-0160 +pscanrules.heartbleed.soln = Update to OpenSSL 1.0.1g or later. Re-issue HTTPS certificates. Change asymmetric private keys and shared secret keys, since these may have been compromised, with no evidence of compromise in the server log files. + +pscanrules.infoprivateaddressdisclosure.desc = A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems. +pscanrules.infoprivateaddressdisclosure.name = Private IP Disclosure +pscanrules.infoprivateaddressdisclosure.refs = https://tools.ietf.org/html/rfc1918 +pscanrules.infoprivateaddressdisclosure.soln = Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers. + +pscanrules.informationdisclosuredebugerrors.desc = The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages. +pscanrules.informationdisclosuredebugerrors.name = Information Disclosure - Debug Error Messages +pscanrules.informationdisclosuredebugerrors.soln = Disable debugging messages before pushing to production. + +pscanrules.informationdisclosureinurl.desc = The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment. +pscanrules.informationdisclosureinurl.name = Information Disclosure - Sensitive Information in URL +pscanrules.informationdisclosureinurl.otherinfo.cc = The URL appears to contain credit card information. +pscanrules.informationdisclosureinurl.otherinfo.email = The URL contains email address(es). +pscanrules.informationdisclosureinurl.otherinfo.sensitiveinfo = The URL contains potentially sensitive information. The following string was found via the pattern: {0}\n{1} +pscanrules.informationdisclosureinurl.otherinfo.ssn = The URL appears to contain US Social Security Number(s) +pscanrules.informationdisclosureinurl.soln = Do not pass sensitive information in URIs. + +pscanrules.informationdisclosurereferrer.bin.field = Bank Identification Number: +pscanrules.informationdisclosurereferrer.brand.field = Brand: +pscanrules.informationdisclosurereferrer.category.field = Category: +pscanrules.informationdisclosurereferrer.desc = The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment. +pscanrules.informationdisclosurereferrer.issuer.field = Issuer: +pscanrules.informationdisclosurereferrer.name = Information Disclosure - Sensitive Information in HTTP Referrer Header +pscanrules.informationdisclosurereferrer.otherinfo.cc = The URL in the HTTP referrer header field appears to contain credit card information. +pscanrules.informationdisclosurereferrer.otherinfo.email = The URL in the HTTP referrer header field contains email address(es). +pscanrules.informationdisclosurereferrer.otherinfo.sensitiveinfo = The URL in the HTTP referrer header field appears to contain sensitive information. +pscanrules.informationdisclosurereferrer.otherinfo.ssn = The URL in the HTTP referrer header field appears to contain US Social Security Number(s). +pscanrules.informationdisclosurereferrer.soln = Do not pass sensitive information in URIs. + +pscanrules.informationdisclosuresuspiciouscomments.desc = The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments. +pscanrules.informationdisclosuresuspiciouscomments.name = Information Disclosure - Suspicious Comments +pscanrules.informationdisclosuresuspiciouscomments.otherinfo = The following pattern was used: {0} and was detected in the element starting with: "{1}", see evidence field for the suspicious comment/snippet. +pscanrules.informationdisclosuresuspiciouscomments.otherinfo2 = The following pattern was used: {0} and was detected {2} times, the first in the element starting with: "{1}", see evidence field for the suspicious comment/snippet. +pscanrules.informationdisclosuresuspiciouscomments.soln = Remove all comments that return information that may help an attacker and fix any underlying problems they refer to. + +pscanrules.infosessionidurl.desc = URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs. +pscanrules.infosessionidurl.name = Session ID in URL Rewrite +pscanrules.infosessionidurl.referrer.alert = Referer Exposes Session ID +pscanrules.infosessionidurl.referrer.desc = A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts. +pscanrules.infosessionidurl.referrer.soln = This is a risk if the session ID is sensitive and the hyperlink refers to an external or third party host. For secure content, put session ID in secured session cookie. +pscanrules.infosessionidurl.refs = http://seclists.org/lists/webappsec/2002/Oct-Dec/0111.html +pscanrules.infosessionidurl.soln = For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite. + +pscanrules.insecureauthentication.desc = HTTP basic or digest authentication has been used over an unsecured connection. The credentials can be read and then reused by someone with access to the network. +pscanrules.insecureauthentication.name = Weak Authentication Method +pscanrules.insecureauthentication.refs = https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html +pscanrules.insecureauthentication.soln = Protect the connection using HTTPS or use a stronger authentication mechanism + +pscanrules.insecureformload.desc = This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed. +pscanrules.insecureformload.extrainfo = The response to the following request over HTTP included an HTTPS form tag action attribute value:\r\n\r\n{0}The context was:\r\n\r\n{1} +pscanrules.insecureformload.name = HTTP to HTTPS Insecure Transition in Form Post +pscanrules.insecureformload.refs = +pscanrules.insecureformload.soln = Use HTTPS for landing pages that host secure forms. + +pscanrules.insecureformpost.desc = This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they're submitting data to a secure page when in fact they are not. +pscanrules.insecureformpost.extrainfo = The response to the following request over HTTPS included an HTTP form tag action attribute value:\r\n\r\n{0}The context was:\r\n\r\n{1} +pscanrules.insecureformpost.name = HTTPS to HTTP Insecure Transition in Form Post +pscanrules.insecureformpost.refs = +pscanrules.insecureformpost.soln = Ensure sensitive data is only sent over secured HTTPS channels. + +pscanrules.insecurejsfviewstate.desc = The response at the following URL contains a ViewState value that has no cryptographic protections. +pscanrules.insecurejsfviewstate.extrainfo = JSF ViewState [{0}] is insecure +pscanrules.insecurejsfviewstate.name = Insecure JSF ViewState +pscanrules.insecurejsfviewstate.refs = https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt +pscanrules.insecurejsfviewstate.soln = Secure VIEWSTATE with a MAC specific to your environment + +pscanrules.linktarget.desc = At least one link on this page is vulnerable to Reverse tabnabbing as it uses a target attribute without using both of the "noopener" and "noreferrer" keywords in the "rel" attribute, which allows the target page to take control of this page. +pscanrules.linktarget.name = Reverse Tabnabbing +pscanrules.linktarget.refs = https://owasp.org/www-community/attacks/Reverse_Tabnabbing\nhttps://dev.to/ben/the-targetblank-vulnerability-by-example\nhttps://mathiasbynens.github.io/rel-noopener/\nhttps://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c +pscanrules.linktarget.soln = Do not use a target attribute, or if you have to then also add the attribute: rel="noopener noreferrer". + +pscanrules.mixedcontent.desc = The page includes mixed content, that is content accessed via HTTP instead of HTTPS. +pscanrules.mixedcontent.name = Secure Pages Include Mixed Content +pscanrules.mixedcontent.name.inclscripts = Secure Pages Include Mixed Content (Including Scripts) +pscanrules.mixedcontent.refs = https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html +pscanrules.mixedcontent.soln = A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS.\nThe page must not contain any content that is transmitted over unencrypted HTTP.\n This includes content from third party sites. + +pscanrules.modernapp.desc = The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one. +pscanrules.modernapp.name = Modern Web Application +pscanrules.modernapp.other.links = Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application. +pscanrules.modernapp.other.nolinks = No links have been found while there are scripts, which is an indication that this is a modern web application. +pscanrules.modernapp.other.noscript = A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not. +pscanrules.modernapp.other.self = Links have been found with a target of '_self' - this is often used by modern frameworks to force a full page reload. +pscanrules.modernapp.soln = This is an informational alert and so no changes are required. + +pscanrules.name = Passive Scan Rules + +pscanrules.noanticsrftokens.alert.extrainfo = No known Anti-CSRF token {0} was found in the following HTML form: {1}. +pscanrules.noanticsrftokens.desc = No Anti-CSRF tokens were found in a HTML submission form. +pscanrules.noanticsrftokens.extrainfo.annotation = This is an informational alert as the form has a security annotation indicating that it does not need an anti-CSRF Token. This should be tested manually to ensure the annotation is correct. +pscanrules.noanticsrftokens.name = Absence of Anti-CSRF Tokens + +pscanrules.payloader.desc = Provides support for custom payloads in scan rules. +pscanrules.payloader.name = Passive Scan Rules Release Custom Payloads + +pscanrules.pii.bin.field = Bank Identification Number: +pscanrules.pii.brand.field = Brand: +pscanrules.pii.category.field = Category: +pscanrules.pii.desc = The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data. +pscanrules.pii.extrainfo = Credit Card Type detected: {0} +pscanrules.pii.issuer.field = Issuer: +pscanrules.pii.name = PII Disclosure +pscanrules.pii.soln = Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application. + +pscanrules.retrievedfromcache.desc = The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance. +pscanrules.retrievedfromcache.extrainfo = {0} +pscanrules.retrievedfromcache.extrainfo.http11ageheader = The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use. +pscanrules.retrievedfromcache.name = Retrieved from Cache +pscanrules.retrievedfromcache.refs = https://tools.ietf.org/html/rfc7234\nhttps://tools.ietf.org/html/rfc7231\nhttp://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) +pscanrules.retrievedfromcache.soln = Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request. + +pscanrules.serverheader.rule.name = HTTP Server Response Header + +pscanrules.serverheaderinfoleak.desc = The web/application server is leaking the application it uses as a webserver via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. This information alone, i.e. without a version string, is not very dangerous for the security of a server, nevertheless this information in the response header field is almost always useless and thus just an obsolete attacking vector. +pscanrules.serverheaderinfoleak.general.refs = http://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttp://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007\nhttp://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx\nhttp://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html +pscanrules.serverheaderinfoleak.general.soln = Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details. +pscanrules.serverheaderinfoleak.name = Server Leaks its Webserver Application via "Server" HTTP Response Header Field + +pscanrules.serverheaderversioninfoleak.desc = The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to. +pscanrules.serverheaderversioninfoleak.name = Server Leaks Version Information via "Server" HTTP Response Header Field + +pscanrules.stricttransportsecurity.compliance.malformed.content.desc = A HTTP Strict Transport Security (HSTS) header was found, but it contains some content that was not expected (perhaps curly quotes), the expectation is that the content be printable ASCII characters. +pscanrules.stricttransportsecurity.compliance.malformed.content.name = Strict-Transport-Security Malformed Content (Non-compliant with Spec) +pscanrules.stricttransportsecurity.compliance.malformed.content.refs = http://tools.ietf.org/html/rfc6797 +pscanrules.stricttransportsecurity.compliance.malformed.content.soln = Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with appropriate content. +pscanrules.stricttransportsecurity.compliance.max.age.malformed.desc = A HTTP Strict Transport Security (HSTS) header was found, but it contains quotes preceding the max-age directive (the max-age value can be quoted, but the directive itself cannot be). See RFC 6797 for further details.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). +pscanrules.stricttransportsecurity.compliance.max.age.malformed.name = Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec) +pscanrules.stricttransportsecurity.compliance.max.age.malformed.refs = http://tools.ietf.org/html/rfc6797#section-6.1 +pscanrules.stricttransportsecurity.compliance.max.age.malformed.soln = Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate format. +pscanrules.stricttransportsecurity.compliance.max.age.missing.desc = A HTTP Strict Transport Security (HSTS) header was found, but it is missing the max-age directive (or the directive is missing a value). See RFC 6797 for further details.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). +pscanrules.stricttransportsecurity.compliance.max.age.missing.name = Strict-Transport-Security Missing Max-Age (Non-compliant with Spec) +pscanrules.stricttransportsecurity.compliance.max.age.missing.refs = http://tools.ietf.org/html/rfc6797#section-6.2 +pscanrules.stricttransportsecurity.compliance.max.age.missing.soln = Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value. +pscanrules.stricttransportsecurity.compliance.meta.desc = A HTTP Strict Transport Security (HSTS) META tag was found, defining HTTP Strict Transport Security (HSTS) via a META tag is explicitly not supported by the spec (RFC 6797). +pscanrules.stricttransportsecurity.compliance.meta.name = Strict-Transport-Security Defined via META (Non-compliant with Spec) +pscanrules.stricttransportsecurity.compliance.meta.refs = http://tools.ietf.org/html/rfc6797#section-8.5 +pscanrules.stricttransportsecurity.compliance.meta.soln = Do not attempt to set HTTP Strict Transport Security (HSTS) via a META tag. +pscanrules.stricttransportsecurity.compliance.multiple.header.desc = HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). +pscanrules.stricttransportsecurity.compliance.multiple.header.name = Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec) +pscanrules.stricttransportsecurity.compliance.multiple.header.refs = http://tools.ietf.org/html/rfc6797#section-8.1 +pscanrules.stricttransportsecurity.compliance.multiple.header.soln = Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header. +pscanrules.stricttransportsecurity.desc = HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797. +pscanrules.stricttransportsecurity.max.age.desc = A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). +pscanrules.stricttransportsecurity.max.age.name = Strict-Transport-Security Disabled +pscanrules.stricttransportsecurity.max.age.refs = http://tools.ietf.org/html/rfc6797#section-6.2 +pscanrules.stricttransportsecurity.max.age.soln = Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value. +pscanrules.stricttransportsecurity.name = Strict-Transport-Security Header Not Set +pscanrules.stricttransportsecurity.plain.resp.desc = A HTTP Strict Transport Security (HSTS) header was found, but HSTS headers are ignored on plain (non-HTTPS) responses.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). +pscanrules.stricttransportsecurity.plain.resp.name = Strict-Transport-Security Header on Plain HTTP Response +pscanrules.stricttransportsecurity.plain.resp.refs = http://tools.ietf.org/html/rfc6797#section-8.1 +pscanrules.stricttransportsecurity.plain.resp.soln = Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security for HTTPS responses. +pscanrules.stricttransportsecurity.refs = https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttp://caniuse.com/stricttransportsecurity\nhttp://tools.ietf.org/html/rfc6797 +pscanrules.stricttransportsecurity.rule.name = Strict-Transport-Security Header +pscanrules.stricttransportsecurity.soln = Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security. + +pscanrules.timestampdisclosure.desc = A timestamp was disclosed by the application/web server +pscanrules.timestampdisclosure.extrainfo = {0}, which evaluates to: {1} +pscanrules.timestampdisclosure.name = Timestamp Disclosure +pscanrules.timestampdisclosure.refs = http://projects.webappsec.org/w/page/13246936/Information%20Leakage +pscanrules.timestampdisclosure.soln = Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns. + +pscanrules.usercontrolledcharset.desc = This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page. +pscanrules.usercontrolledcharset.extrainfo = A(n) [{0}] tag [{1}] attribute\r\n\r\nThe user input found was:\r\n{2}={3}\r\n\r\nThe charset value it controlled was:\r\n{4} +pscanrules.usercontrolledcharset.name = User Controllable Charset +pscanrules.usercontrolledcharset.refs = +pscanrules.usercontrolledcharset.soln = Force UTF-8 in all charset declarations. If user-input is required to decide a charset declaration, ensure that only an allowed list is used. + +pscanrules.usercontrolledcookie.desc = This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug. +pscanrules.usercontrolledcookie.extrainfo = {0}This was identified at:\r\n\r\n{1}\r\n\r\nUser-input was found in the following cookie:\r\n{2}\r\n\r\nThe user input was:\r\n{3}={4} +pscanrules.usercontrolledcookie.extrainfo.get = An attacker may be able to poison cookie values through URL parameters. Try injecting a semicolon to see if you can add cookie values (e.g. name=controlledValue;name=anotherValue;).\n\n +pscanrules.usercontrolledcookie.extrainfo.post = An attacker may be able to poison cookie values through POST parameters. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: http://nottrusted.com/page?value=maliciousInput.\r\n\r\n +pscanrules.usercontrolledcookie.name = Cookie Poisoning +pscanrules.usercontrolledcookie.refs = http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-cookie +pscanrules.usercontrolledcookie.soln = Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters. + +pscanrules.usercontrolledhtmlattributes.desc = This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability. +pscanrules.usercontrolledhtmlattributes.extrainfo = User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\r\n\r\n{0}\r\n\r\nappears to include user input in: \r\n\r\na(n) [{1}] tag [{2}] attribute \r\n\r\nThe user input found was:\r\n{3}={4}\r\n\r\nThe user-controlled value was:\r\n{5} +pscanrules.usercontrolledhtmlattributes.name = User Controllable HTML Element Attribute (Potential XSS) +pscanrules.usercontrolledhtmlattributes.refs = http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute +pscanrules.usercontrolledhtmlattributes.soln = Validate all input and sanitize output it before writing to any HTML attributes. + +pscanrules.usercontrolledjavascriptevent.desc = This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability. +pscanrules.usercontrolledjavascriptevent.extrainfo = User-controlled javascript event(s) was found. Exploitability will need to be manually determined. The page at the following URL:\r\n\r\n{0}"\r\n\r\nincludes the following Javascript event which may be attacker-controllable: \r\n\r\nUser-input was found in the following data of an [{1}] event:\r\n{2}\r\n\r\nThe user input was:\r\n{3} +pscanrules.usercontrolledjavascriptevent.name = User Controllable JavaScript Event (XSS) +pscanrules.usercontrolledjavascriptevent.refs = http://websecuritytool.codeplex.com/wikipage?title=Checks#user-javascript-event +pscanrules.usercontrolledjavascriptevent.soln = Validate all input and sanitize output it before writing to any Javascript on* events. + +pscanrules.usercontrolledopenredirect.desc = Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. http://nottrusted.com) to control an offsite redirect. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.\n\nFor example an attacker could supply a user with the following link: http://example.com/example.php?url=http://malicious.example.com. +pscanrules.usercontrolledopenredirect.extrainfo.common = {0}\r\n\r\nThe user input found was:\r\n\r\n{1}={2}\r\n\r\nThe context was:\r\n\r\n{3} +pscanrules.usercontrolledopenredirect.extrainfo.get = The 301 or 302 response to a request for the following URL appeared to contain user input in the location header:\r\n\r\n +pscanrules.usercontrolledopenredirect.extrainfo.post = An open redirect controlled by POST parameters was detected. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: http://nottrusted.com/page?url=http://lookout.net.\r\n\r\nThe 301 or 302 response to a request for the following URL appeared to contain user input in the location header:\r\n\r\n +pscanrules.usercontrolledopenredirect.name = Open Redirect +pscanrules.usercontrolledopenredirect.refs = https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/601.html +pscanrules.usercontrolledopenredirect.soln = To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. Implement safe redirect functionality that only redirects to relative URI's, or a list of trusted domains + +pscanrules.usernameidor.desc = A hash of a username ({0}) was found in the response. This may indicate that the application is subject to an Insecure Direct Object Reference (IDOR) vulnerability. Manual testing will be required to see if this discovery can be abused. +pscanrules.usernameidor.name = Username Hash Found +pscanrules.usernameidor.otherinfo = The hash was an {0}, with value: {1} +pscanrules.usernameidor.refs = https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References.html +pscanrules.usernameidor.soln = Use per user or session indirect object references (create a temporary mapping at time of use). Or, ensure that each use of a direct object reference is tied to an authorization check to ensure the user is authorized for the requested object. + +pscanrules.viewstate.content.email.desc = The following emails were found being serialized in the viewstate field: +pscanrules.viewstate.content.email.name = Emails Found in the Viewstate +pscanrules.viewstate.content.email.pattern.source = Email pattern - http://www.regular-expressions.info/regexbuddy/email.html +pscanrules.viewstate.content.ip.desc = The following potential IP addresses were found being serialized in the viewstate field: +pscanrules.viewstate.content.ip.name = Potential IP Addresses Found in the Viewstate +pscanrules.viewstate.content.ip.pattern.source = IP pattern - http://www.regular-expressions.info/examples.html +pscanrules.viewstate.name = Viewstate +pscanrules.viewstate.nomac.sure.desc = This website uses ASP.NET's Viewstate but without any MAC.\n\n +pscanrules.viewstate.nomac.sure.name = Viewstate without MAC Signature (Sure) +pscanrules.viewstate.nomac.sure.refs = http://msdn.microsoft.com/en-us/library/ff649308.aspx +pscanrules.viewstate.nomac.sure.soln = Ensure the MAC is set for all pages on this website. +pscanrules.viewstate.nomac.unsure.desc = This website uses ASP.NET's Viewstate but maybe without any MAC.\n\n +pscanrules.viewstate.nomac.unsure.name = Viewstate without MAC Signature (Unsure) +pscanrules.viewstate.nomac.unsure.refs = http://msdn.microsoft.com/en-us/library/ff649308.aspx +pscanrules.viewstate.nomac.unsure.soln = Ensure the MAC is set for all pages on this website. +pscanrules.viewstate.oldver.desc = This website uses ASP.NET version 1.0 or 1.1.\n\n +pscanrules.viewstate.oldver.name = Old Asp.Net Version in Use +pscanrules.viewstate.oldver.soln = Ensure the engaged framework is still supported by Microsoft. +pscanrules.viewstate.soln = Verify the provided information isn't confidential. +pscanrules.viewstate.split.desc = This website uses ASP.NET's Viewstate and its value is split into several chunks.\n +pscanrules.viewstate.split.name = Split Viewstate in Use +pscanrules.viewstate.split.soln = None - the guys running the server may have tuned the configuration as this isn't the default setting. + +pscanrules.xaspnetversion.desc = Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s). +pscanrules.xaspnetversion.extrainfo = An attacker can use this information to exploit known vulnerabilities. +pscanrules.xaspnetversion.name = X-AspNet-Version Response Header +pscanrules.xaspnetversion.refs = https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/ +pscanrules.xaspnetversion.soln = Configure the server so it will not return those headers. + +pscanrules.xbackendserver.desc = The server is leaking information pertaining to backend systems (such as hostnames or IP addresses). Armed with this information an attacker may be able to attack other systems or more directly/efficiently attack those systems. +pscanrules.xbackendserver.extrainfo = +pscanrules.xbackendserver.name = X-Backend-Server Header Information Leak +pscanrules.xbackendserver.refs = +pscanrules.xbackendserver.soln = Ensure that your web server, application server, load balancer, etc. is configured to suppress X-Backend-Server headers. + +pscanrules.xchromeloggerdata.desc = The server is leaking information through the X-ChromeLogger-Data (or X-ChromePhp-Data) response header. The content of such headers can be customized by the developer, however it is not uncommon to find: server file system locations, vhost declarations, etc. +pscanrules.xchromeloggerdata.name = X-ChromeLogger-Data (XCOLD) Header Information Leak +pscanrules.xchromeloggerdata.otherinfo.error = Header value could not be base64 decoded: +pscanrules.xchromeloggerdata.otherinfo.msg = The following represents an attempt to base64 decode the value: +pscanrules.xchromeloggerdata.refs = https://craig.is/writing/chrome-logger +pscanrules.xchromeloggerdata.soln = Disable this functionality in Production when it might leak information that could be leveraged by an attacker. Alternatively ensure that use of the functionality is tied to a strong authorization check and only available to administrators or support personnel for troubleshooting purposes not general users. + +pscanrules.xcontenttypeoptions.desc = The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing. +pscanrules.xcontenttypeoptions.name = X-Content-Type-Options Header Missing +pscanrules.xcontenttypeoptions.otherinfo = This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt "High" threshold this scan rule will not alert on client or server error responses. +pscanrules.xcontenttypeoptions.refs = http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx\nhttps://owasp.org/www-community/Security_Headers +pscanrules.xcontenttypeoptions.soln = Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing. + +pscanrules.xdebugtoken.desc = The response contained an X-Debug-Token or X-Debug-Token-Link header. This indicates that Symfony's Profiler may be in use and exposing sensitive data. +pscanrules.xdebugtoken.name = X-Debug-Token Information Leak +pscanrules.xdebugtoken.otherinfo = By accessing a URL in the form http://target_host/_profiler/token_value (i.e.: http://example.com/_profiler_/123ab4), you may gain access to the profiler and further leaked information. +pscanrules.xdebugtoken.refs = https://symfony.com/doc/current/cookbook/profiler/profiling_data.html\nhttps://symfony.com/blog/new-in-symfony-2-4-quicker-access-to-the-profiler-when-working-on-an-api +pscanrules.xdebugtoken.soln = Limit access to Symfony's Profiler, either via authentication/authorization or limiting inclusion of the header to specific clients (by IP, etc.). + +pscanrules.xpoweredbyheaderinfoleak.desc = The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to. +pscanrules.xpoweredbyheaderinfoleak.extrainfo = +pscanrules.xpoweredbyheaderinfoleak.name = Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) +pscanrules.xpoweredbyheaderinfoleak.otherinfo.msg = The following X-Powered-By headers were also found:\r\n +pscanrules.xpoweredbyheaderinfoleak.refs = http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx\nhttp://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html +pscanrules.xpoweredbyheaderinfoleak.soln = Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers. diff --git a/addOns/pscanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/pscanrulesAlpha/resources/Messages_kaa.properties b/addOns/pscanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/pscanrulesAlpha/resources/Messages_kaa.properties new file mode 100644 index 00000000000..4569223baf4 --- /dev/null +++ b/addOns/pscanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/pscanrulesAlpha/resources/Messages_kaa.properties @@ -0,0 +1,68 @@ +pscanalpha.base64disclosure.desc = Base64 encoded data was disclosed by the application/web server. Note: in the interests of performance not all base64 strings in the response were analyzed individually, the entire response should be looked at by the analyst/security team/developer(s). +pscanalpha.base64disclosure.extrainfo = {1} +pscanalpha.base64disclosure.name = Base64 Disclosure +pscanalpha.base64disclosure.refs = http://projects.webappsec.org/w/page/13246936/Information%20Leakage +pscanalpha.base64disclosure.soln = Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities. +pscanalpha.base64disclosure.viewstate.desc = An ASP.NET ViewState was disclosed by the application/web server +pscanalpha.base64disclosure.viewstate.extrainfo = {0} +pscanalpha.base64disclosure.viewstate.name = ASP.NET ViewState Disclosure +pscanalpha.base64disclosure.viewstate.refs = http://msdn.microsoft.com/en-us/library/bb386448.aspx\nhttp://projects.webappsec.org/w/page/13246936/Information%20Leakage +pscanalpha.base64disclosure.viewstate.soln = Manually confirm that the ASP.NET ViewState does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities. +pscanalpha.base64disclosure.viewstatewithoutmac.desc = The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client +pscanalpha.base64disclosure.viewstatewithoutmac.extrainfo = {0} +pscanalpha.base64disclosure.viewstatewithoutmac.name = ASP.NET ViewState Integrity +pscanalpha.base64disclosure.viewstatewithoutmac.refs = http://msdn.microsoft.com/en-us/library/bb386448.aspx\nhttps://www.jardinesoftware.net/2012/02/06/asp-net-tampering-with-event-validation-part-1/ +pscanalpha.base64disclosure.viewstatewithoutmac.soln = Ensure that all ASP.NET ViewStates are protected from tampering, by using a MAC, generated using a secure algorithm, and a secret key on the server side. This is the default configuration on modern ASP.NET installation, by may be over-ridden programmatically, or via the ASP.NET configuration. + +pscanalpha.desc = Alpha status passive scan rules + +pscanalpha.examplefile.desc = Add more information about the vulnerability here. +pscanalpha.examplefile.name = An example passive scan rule which loads data from a file. +pscanalpha.examplefile.other = This is for information that doesn't fit in any of the other sections. +pscanalpha.examplefile.refs = https://www.zaproxy.org/blog/2014-04-03-hacking-zap-3-passive-scan-rules/ +pscanalpha.examplefile.soln = A general description of how to solve the problem. + +pscanalpha.metadata-request-headers.name = Fetch Metadata Request Headers +pscanalpha.metadata-request-headers.sfd.invalid-values.desc = Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource. + +pscanalpha.metadata-request-headers.sfd.invalid-values.name = Sec-Fetch-Dest Header Has an Invalid Value +pscanalpha.metadata-request-headers.sfd.invalid-values.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest +pscanalpha.metadata-request-headers.sfd.invalid-values.soln = Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt. +pscanalpha.metadata-request-headers.sfd.missing.desc = Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource. + +pscanalpha.metadata-request-headers.sfd.missing.name = Sec-Fetch-Dest Header is Missing +pscanalpha.metadata-request-headers.sfd.missing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest +pscanalpha.metadata-request-headers.sfd.missing.soln = Ensure that Sec-Fetch-Dest header is included in request headers. +pscanalpha.metadata-request-headers.sfm.invalid-values.desc = Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc. + +pscanalpha.metadata-request-headers.sfm.invalid-values.name = Sec-Fetch-Mode Header Has an Invalid Value +pscanalpha.metadata-request-headers.sfm.invalid-values.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode +pscanalpha.metadata-request-headers.sfm.invalid-values.soln = Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket. +pscanalpha.metadata-request-headers.sfm.missing.desc = Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc. + +pscanalpha.metadata-request-headers.sfm.missing.name = Sec-Fetch-Mode Header is Missing +pscanalpha.metadata-request-headers.sfm.missing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode +pscanalpha.metadata-request-headers.sfm.missing.soln = Ensure that Sec-Fetch-Mode header is included in request headers. +pscanalpha.metadata-request-headers.sfs.invalid-values.desc = Specifies the relationship between request initiator's origin and target's origin. + +pscanalpha.metadata-request-headers.sfs.invalid-values.name = Sec-Fetch-Site Header Has an Invalid Value +pscanalpha.metadata-request-headers.sfs.invalid-values.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site +pscanalpha.metadata-request-headers.sfs.invalid-values.soln = Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none. +pscanalpha.metadata-request-headers.sfs.missing.desc = Specifies the relationship between request initiator's origin and target's origin. + +pscanalpha.metadata-request-headers.sfs.missing.name = Sec-Fetch-Site Header is Missing +pscanalpha.metadata-request-headers.sfs.missing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site +pscanalpha.metadata-request-headers.sfs.missing.soln = Ensure that Sec-Fetch-Site header is included in request headers. +pscanalpha.metadata-request-headers.sfu.invalid-values.desc = Specifies if a navigation request was initiated by a user. + +pscanalpha.metadata-request-headers.sfu.invalid-values.name = Sec-Fetch-User Header Has an Invalid Value +pscanalpha.metadata-request-headers.sfu.invalid-values.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User +pscanalpha.metadata-request-headers.sfu.invalid-values.soln = Sec-Fetch-User header must have the value set to ?1. +pscanalpha.metadata-request-headers.sfu.missing.desc = Specifies if a navigation request was initiated by a user. + +pscanalpha.metadata-request-headers.sfu.missing.name = Sec-Fetch-User Header is Missing +pscanalpha.metadata-request-headers.sfu.missing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User +pscanalpha.metadata-request-headers.sfu.missing.soln = Ensure that Sec-Fetch-User header is included in user initiated requests. + +pscanalpha.name = Passive Scan Rules - alpha + diff --git a/addOns/pscanrulesBeta/src/main/resources/org/zaproxy/zap/extension/pscanrulesBeta/resources/Messages_kaa.properties b/addOns/pscanrulesBeta/src/main/resources/org/zaproxy/zap/extension/pscanrulesBeta/resources/Messages_kaa.properties new file mode 100644 index 00000000000..5b830b479ba --- /dev/null +++ b/addOns/pscanrulesBeta/src/main/resources/org/zaproxy/zap/extension/pscanrulesBeta/resources/Messages_kaa.properties @@ -0,0 +1,84 @@ +pscanbeta.desc = Beta status passive scan rules + +pscanbeta.inpagebanner.desc = The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use. +pscanbeta.inpagebanner.name = In Page Banner Information Leak +pscanbeta.inpagebanner.other = There is a chance that the highlight in the finding is on a value in the headers, versus the actual matched string in the response body. +pscanbeta.inpagebanner.refs = https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/ +pscanbeta.inpagebanner.soln = Configure the server to prevent such information leaks. For example:\nUnder Tomcat this is done via the "server" directive and implementation of custom error pages.\nUnder Apache this is done via the "ServerSignature" and "ServerTokens" directives. + +pscanbeta.jsfunction.desc = A dangerous JS function seems to be in use that would leave the site vulnerable. +pscanbeta.jsfunction.name = Dangerous JS Functions +pscanbeta.jsfunction.refs = https://angular.io/guide/security +pscanbeta.jsfunction.soln = See the references for security advice on the use of these functions. + +pscanbeta.jso.desc = Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous "Remote Code Execution". A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05). +pscanbeta.jso.name = Java Serialization Object +pscanbeta.jso.refs = https://www.oracle.com/technetwork/java/seccodeguide-139067.html#8 +pscanbeta.jso.soln = Deserialization of untrusted data is inherently dangerous and should be avoided. + +pscanbeta.name = Passive Scan Rules - beta + +pscanbeta.nonstorable.desc = The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance. +pscanbeta.nonstorable.extrainfo = {0} +pscanbeta.nonstorable.name = Non-Storable Content +pscanbeta.nonstorable.refs = https://tools.ietf.org/html/rfc7234\nhttps://tools.ietf.org/html/rfc7231\nhttp://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) +pscanbeta.nonstorable.soln = The content may be marked as storable by ensuring that the following conditions are satisfied:\nThe request method must be understood by the cache and defined as being cacheable ("GET", "HEAD", and "POST" are currently defined as cacheable)\nThe response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)\nThe "no-store" cache directive must not appear in the request or response header fields\nFor caching by "shared" caches such as "proxy" caches, the "private" response directive must not appear in the response\nFor caching by "shared" caches such as "proxy" caches, the "Authorization" header field must not appear in the request, unless the response explicitly allows it (using one of the "must-revalidate", "public", or "s-maxage" Cache-Control response directives)\nIn addition to the conditions above, at least one of the following conditions must also be satisfied by the response:\nIt must contain an "Expires" header field\nIt must contain a "max-age" response directive\nFor "shared" caches such as "proxy" caches, it must contain a "s-maxage" response directive\nIt must contain a "Cache Control Extension" that allows it to be cached\nIt must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501). + +pscanbeta.payloader.desc = Provides support for custom payloads in scan rules. +pscanbeta.payloader.name = Passive Scan Rules Beta Custom Payloads + +pscanbeta.permissionspolicymissing.deprecated.desc = The header has now been renamed to Permissions-Policy. +pscanbeta.permissionspolicymissing.deprecated.name = Deprecated Feature Policy Header Set +pscanbeta.permissionspolicymissing.deprecated.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy\nhttps://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/ +pscanbeta.permissionspolicymissing.deprecated.soln = Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header. +pscanbeta.permissionspolicymissing.desc = Permissions Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Permissions Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc. +pscanbeta.permissionspolicymissing.name = Permissions Policy Header Not Set +pscanbeta.permissionspolicymissing.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy\nhttps://developers.google.com/web/updates/2018/06/feature-policy\nhttps://scotthelme.co.uk/a-new-security-header-feature-policy/\nhttps://w3c.github.io/webappsec-feature-policy/\nhttps://www.smashingmagazine.com/2018/12/feature-policy/ +pscanbeta.permissionspolicymissing.soln = Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header. + +pscanbeta.servletparameterpollution.desc = Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable. +pscanbeta.servletparameterpollution.name = HTTP Parameter Override +pscanbeta.servletparameterpollution.refs = http://download.oracle.com/javaee-archive/servlet-spec.java.net/jsr340-experts/att-0317/OnParameterPollutionAttacks.pdf +pscanbeta.servletparameterpollution.soln = All forms must specify the action URL. + +pscanbeta.site-isolation.coep.desc = Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS). +pscanbeta.site-isolation.coep.name = Cross-Origin-Embedder-Policy Header Missing or Invalid +pscanbeta.site-isolation.coep.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy +pscanbeta.site-isolation.coep.soln = Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy). +pscanbeta.site-isolation.coop.desc = Cross-Origin-Opener-Policy header is a response header that allows a site to control if others included documents share the same browsing context. Sharing the same browsing context with untrusted documents might lead to data leak. +pscanbeta.site-isolation.coop.name = Cross-Origin-Opener-Policy Header Missing or Invalid +pscanbeta.site-isolation.coop.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy +pscanbeta.site-isolation.coop.soln = Ensure that the application/web server sets the Cross-Origin-Opener-Policy header appropriately, and that it sets the Cross-Origin-Opener-Policy header to 'same-origin' for documents.\n'same-origin-allow-popups' is considered as less secured and should be avoided.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Opener-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-opener-policy). +pscanbeta.site-isolation.corp.desc = Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins. +pscanbeta.site-isolation.corp.name = Cross-Origin-Resource-Policy Header Missing or Invalid +pscanbeta.site-isolation.corp.refs = https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP) +pscanbeta.site-isolation.corp.soln = Ensure that the application/web server sets the Cross-Origin-Resource-Policy header appropriately, and that it sets the Cross-Origin-Resource-Policy header to 'same-origin' for all web pages.\n'same-site' is considered as less secured and should be avoided.\nIf resources must be shared, set the header to 'cross-origin'.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Resource-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-resource-policy). +pscanbeta.site-isolation.name = Insufficient Site Isolation Against Spectre Vulnerability + +pscanbeta.sourcecodedisclosure.desc = Application Source Code was disclosed by the web server +pscanbeta.sourcecodedisclosure.extrainfo = {0} +pscanbeta.sourcecodedisclosure.name = Source Code Disclosure +pscanbeta.sourcecodedisclosure.refs = http://blogs.wsj.com/cio/2013/10/08/adobe-source-code-leak-is-bad-news-for-u-s-government/ +pscanbeta.sourcecodedisclosure.soln = Ensure that application Source Code is not available with alternative extensions, and ensure that source code is not present within other files or data deployed to the web server, or served by the web server. + +pscanbeta.sri-integrity.desc = The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content. +pscanbeta.sri-integrity.name = Sub Resource Integrity Attribute Missing +pscanbeta.sri-integrity.otherinfo = The following hash was calculated (using base64 encoding of the output of the hash algorithm: SHA-384) for the script in question {0} +pscanbeta.sri-integrity.refs = https://developer.mozilla.org/en/docs/Web/Security/Subresource_Integrity +pscanbeta.sri-integrity.soln = Provide a valid integrity attribute to the tag. + +pscanbeta.storabilitycacheability.name = Content Cacheability + +pscanbeta.storablecacheable.desc = The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where "shared" caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance. +pscanbeta.storablecacheable.extrainfo = {0} +pscanbeta.storablecacheable.name = Storable and Cacheable Content +pscanbeta.storablecacheable.otherinfo.liberallifetimeheuristic = In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234. +pscanbeta.storablecacheable.otherinfo.staleretrievenotblocked = The response is stale, and stale responses are not configured to be re-validated or blocked, using the 'must-revalidate', 'proxy-revalidate', 's-maxage', or 'max-age' response 'Cache-Control' directives. +pscanbeta.storablecacheable.refs = https://tools.ietf.org/html/rfc7234\nhttps://tools.ietf.org/html/rfc7231\nhttp://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) +pscanbeta.storablecacheable.soln = Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request. + +pscanbeta.storablenoncacheable.desc = The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users. +pscanbeta.storablenoncacheable.extrainfo = {0}} +pscanbeta.storablenoncacheable.name = Storable but Non-Cacheable Content +pscanbeta.storablenoncacheable.refs = https://tools.ietf.org/html/rfc7234\nhttps://tools.ietf.org/html/rfc7231\nhttp://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234) +pscanbeta.storablenoncacheable.soln = diff --git a/addOns/quickstart/src/main/resources/org/zaproxy/zap/extension/quickstart/resources/Messages_kaa.properties b/addOns/quickstart/src/main/resources/org/zaproxy/zap/extension/quickstart/resources/Messages_kaa.properties new file mode 100644 index 00000000000..7a2e56ba7c6 --- /dev/null +++ b/addOns/quickstart/src/main/resources/org/zaproxy/zap/extension/quickstart/resources/Messages_kaa.properties @@ -0,0 +1,139 @@ +quickstart.ajaxspider.desc = Add the option to use the Ajax Spider in the Quick Start scan +quickstart.ajaxspider.name = Quick Start Ajax Spider integration + +quickstart.attack.panel.message1 = This screen allows you to launch an automated scan against an application - just enter its URL below and press 'Attack'. +quickstart.attack.panel.message2 = Please be aware that you should only attack applications that you have been specifically been given permission to test. +quickstart.attack.panel.title = Automated Scan + +quickstart.button.label.attack = Attack +quickstart.button.label.back = < +quickstart.button.label.launch = Launch Browser +quickstart.button.label.stop = Stop +quickstart.button.news = Learn More +quickstart.button.tooltip.attack = Perform a quick penetration test on the URL +quickstart.button.tooltip.back = Back to the main screen +quickstart.button.tooltip.launch = Open the browser you've chosen pre-configured to proxy through ZAP +quickstart.button.tooltip.news.close = Hide this news item +quickstart.button.tooltip.stop = Stop the attack + +quickstart.cmdline.out.help = The file to write the HTML/JSON/MD/XML results to (based on the file extension) +quickstart.cmdline.outputto = Writing results to {0} +quickstart.cmdline.progress.ajaxspider = Using ajax spider +quickstart.cmdline.progress.ascan = Active scanning +quickstart.cmdline.progress.complete = Attack complete +quickstart.cmdline.progress.failed = Failed to attack the URL +quickstart.cmdline.progress.help = Display progress bars while scanning +quickstart.cmdline.progress.notstarted = Not started +quickstart.cmdline.progress.spider = Using traditional spider +quickstart.cmdline.progress.started = Accessing URL +quickstart.cmdline.progress.stopped = Manually stopped +quickstart.cmdline.quickout.error.dirNotWritable = The directory of given ''-quickout'' file is not writable:\n{0} +quickstart.cmdline.quickout.error.fileNotWritable = The given ''-quickout'' file is not writable:\n{0} +quickstart.cmdline.quickout.error.notAFile = The ''-quickout'' value is not a file:\n{0} +quickstart.cmdline.quickout.error.save.report = An error occurred while saving the '-quickout' report. +quickstart.cmdline.quickout.save.report.successful = The report was successfully saved to:\n{0} +quickstart.cmdline.quickurl.error.invalidUrl = The provided URL is not valid: +quickstart.cmdline.url.help = The URL to attack, e.g. http://www.example.com + +quickstart.desc = Adds the Quick Start panel for scanning and exploring applications + +quickstart.explore.1.end = the ZAP certificate locally +quickstart.explore.1.start = 1. +quickstart.explore.2 = 2. Import that certificate into your browser as a trusted CA certificate +quickstart.explore.3 = 3. Configure your browser to proxy via: +quickstart.explore.button.clipboard = Copy to Clipboard +quickstart.explore.panel.footer = If you install the 'selenium' add-on from the ZAP Marketplace then you will also be able to launch browsers that are automatically configured in this way. +quickstart.explore.panel.title = Manual Explore +quickstart.explore.warning.savefail = Failed to save certificate:\n{0} + +quickstart.field.url.disabled.mode = Attacking arbitrary URLs is not permitted in Protected or Safe mode. + +quickstart.hud.desc = HUD integration for the quick start panel +quickstart.hud.name = Quick Start HUD Integration + +quickstart.label.ajaxspider = Use ajax spider: +quickstart.label.attackurl = URL to attack: +quickstart.label.explore = Explore your application: +quickstart.label.exploreurl = URL to explore: +quickstart.label.hud = Enable HUD: +quickstart.label.hud.warn.scope = Warning: the HUD is only enabled for URLs in scope +quickstart.label.news = News +quickstart.label.progress = Progress: +quickstart.label.show = Show this tab on start up: +quickstart.label.tradspider = Use traditional spider: +quickstart.label.withbrowser = with + +quickstart.launch.browser.html =

Explore your application with ZAP

\n\nThis browser is automatically configured to proxy via ZAP and to ignore certificate warnings.
\nThe more effectively you explore your application the better ZAP will understand and be able to attack it.

\n +quickstart.launch.desc = Launch browsers preset proxying through ZAP +quickstart.launch.html =

Explore your application with ZAP

This browser is automatically configured to proxy via ZAP and to ignore certificate warnings.
The more effectively you explore your application the better ZAP will understand and be able to attack it.

+quickstart.launch.name = Quick Start Browser Launcher +quickstart.launch.optionspanel.name = Quick Start Launch +quickstart.launch.panel.default.message1 = Manually exploring an application is usually more effective that just using automation. +quickstart.launch.panel.default.message2 = To do this you will need to: +quickstart.launch.panel.message1 = This screen allows you to launch the browser of your choice so that you can explore your application while proxying through ZAP. +quickstart.launch.panel.message2 = The ZAP Heads Up Display (HUD) brings all of the essential ZAP functionality into your browser. +quickstart.launch.panel.title = Manual Explore +quickstart.launch.start.option.label = Start Page: +quickstart.launch.start.pulldown.blank = Blank Page +quickstart.launch.start.pulldown.url = URL (specify below) +quickstart.launch.start.pulldown.zap = Default ZAP Page +quickstart.launch.start.url.access.error = Failed to access: {0}\nTry specifying the URL directly in the browser. +quickstart.launch.start.url.label = URL: +quickstart.launch.start.url.warn = You must specify a valid URL, including the initial 'http(s):' + +quickstart.learn.panel.message1 = This screen links to local and remote resources that will help you learn more about ZAP. +quickstart.learn.panel.title = Learn More + +quickstart.link.automate = ZAP Automation +quickstart.link.faq = Frequently Asked Questions +quickstart.link.startguide = Getting Started Guide +quickstart.link.usergroup = User Group +quickstart.link.userguide = Desktop User Guide +quickstart.link.videos = ZAP Official Videos +quickstart.link.warning.nostartguide = Failed to locate or open Getting Started Guide:\n{0} +quickstart.link.website = ZAP Website + +quickstart.links.local = Local Resources: +quickstart.links.online = Online Resources: + +quickstart.name = Quick Start panel + +quickstart.panel.launch.container = You appear to be running ZAP in a container, so launching browsers has been disabled as this is unlikely to work. +quickstart.panel.launch.container.additional = You will need to use a browser that you don't launch from ZAP, configure it to proxy through ZAP and to import the ZAP root CA certificate.\nIf you think ZAP will be able to launch browsers in your environment then you can enable this feature via the Option: Display / Enable app integration in containers. +quickstart.panel.launch.manual = You can also use browsers that you don't launch from ZAP, but will need to configure them to proxy through ZAP and to import the ZAP root CA certificate. +quickstart.panel.mnemonic = q +quickstart.panel.title = Quick Start + +quickstart.progress.ajaxspider = Using ajax spider to discover the content +quickstart.progress.ascan = Actively scanning (attacking) the URLs discovered by the spider(s) +quickstart.progress.complete = Attack complete - see the Alerts tab for details of any issues found +quickstart.progress.failed = Failed to attack the URL, please check that the URL you specify is valid +quickstart.progress.failed.badhost = Failed to attack the URL: host "{0}" not found, please check that the URL you specify is correct +quickstart.progress.failed.badhost.proxychain = Failed to resolve proxy host "{0}": Your "Options / Network / Connection" proxy settings might be incorrect +quickstart.progress.failed.code = Failed to attack the URL: received a {0} response code, expected 2xx. +quickstart.progress.failed.reason = Failed to attack the URL: {0} +quickstart.progress.notstarted = Not started +quickstart.progress.spider = Using traditional spider to discover the content +quickstart.progress.started = Accessing URL +quickstart.progress.stopped = Manually stopped + +quickstart.spider.desc = Adds the option to use the traditional Spider in the Quick Start scan. +quickstart.spider.name = Quick Start Spider Integration + +quickstart.start.remove = Remove the Quick Start tab?\nYou can add it back by enabling the\nextension: ExtensionQuickStart + +quickstart.toolbar.button.tooltip.launch = Open the browser you've chosen in the Quick Start tab pre-configured to proxy through ZAP + +quickstart.top.button.label.attack = Automated Scan + +quickstart.top.button.label.explore = Manual Explore +quickstart.top.button.label.moreinfo = Learn More +quickstart.top.button.tooltip.attack = Run an automated scan against your application +quickstart.top.button.tooltip.explore = Manually explore your application +quickstart.top.button.tooltip.moreinfo = Learn more about how you can use ZAP +quickstart.top.panel.message1 = ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. +quickstart.top.panel.message2 = If you are new to ZAP then it is best to start with one of the options below. +quickstart.top.panel.title = Welcome to OWASP ZAP + +quickstart.url.warning.invalid = You need to enter a valid URL. +quickstart.url.warning.nospider = You need to select one of the spiders. diff --git a/addOns/regextester/src/main/resources/org/zaproxy/zap/extension/regextester/resources/Messages_kaa.properties b/addOns/regextester/src/main/resources/org/zaproxy/zap/extension/regextester/resources/Messages_kaa.properties new file mode 100644 index 00000000000..857dfa18eb1 --- /dev/null +++ b/addOns/regextester/src/main/resources/org/zaproxy/zap/extension/regextester/resources/Messages_kaa.properties @@ -0,0 +1,22 @@ +regextester.desc = Allows to test Regular Expressions +regextester.dialog.findcaptureheader = Find Captures +regextester.dialog.findresultheader = Find Result +regextester.dialog.lookingat = LookingAt: %s +regextester.dialog.matches = Matches: %s +regextester.dialog.matchresultheader = Match Result +regextester.dialog.regexheader = Regular Expression +regextester.dialog.testvalueheader = Test String + +regextester.dialog.title = Regular Expression Tester + +regextester.menu.tools.name = Regular Expression Tester +regextester.name = Regular Expression Tester + +regextester.popup.option = Regular Expression Tester +regextester.popup.option.all = All +regextester.popup.option.body = Body +regextester.popup.option.header = Header +regextester.popup.option.request = Soraw +regextester.popup.option.response = Response + +regextester.result.none = No Findings. diff --git a/addOns/replacer/src/main/resources/org/zaproxy/zap/extension/replacer/resources/Messages_kaa.properties b/addOns/replacer/src/main/resources/org/zaproxy/zap/extension/replacer/resources/Messages_kaa.properties new file mode 100644 index 00000000000..cb4c97dd087 --- /dev/null +++ b/addOns/replacer/src/main/resources/org/zaproxy/zap/extension/replacer/resources/Messages_kaa.properties @@ -0,0 +1,66 @@ +replacer.add.title = Add Replacement Rule +replacer.add.warning.badregex = The Match String is not a valid regex pattern +replacer.add.warning.badregexurl = The URL is not a valid regex pattern. +replacer.add.warning.existdesc = A rule with this description already exists +replacer.add.warning.nodesc = You must supply a description +replacer.add.warning.nomatch = You must supply a Match String +replacer.add.warning.tokmissing = Token processing is enabled but no valid token replacements were found in the replacement string + +replacer.api.action.addRule = Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in HttpSender +replacer.api.action.addRule.param.url = A regular expression to match the URL of the message, if empty the rule applies to all messages. +replacer.api.action.removeRule = Removes the rule with the given description +replacer.api.action.setEnabled = Enables or disables the rule with the given description based on the bool parameter +replacer.api.view.rules = Returns full details of all of the rules + +replacer.desc = Easy way to replace strings in requests and responses + +replacer.label.desc = Description: +replacer.label.enable = Enable: +replacer.label.init.ac = Access controller messages: +replacer.label.init.all = Apply to all HTTP(S) messages: +replacer.label.init.auth = Authentication messages: +replacer.label.init.brute = Brute force messages: +replacer.label.init.fuzzer = Fuzzer messages: +replacer.label.init.proxy = Proxy messages: +replacer.label.init.scanner = Active Scanner messages: +replacer.label.init.spider = Spider messages: +replacer.label.init.spiderajax = Ajax spider messages: +replacer.label.init.tokengen = Token Generator messages: +replacer.label.init.user = Manual Request messages: +replacer.label.initsummary = Initiators: +replacer.label.initsummary.all = Applies to all initiators +replacer.label.initsummary.tab = See Initiators tab +replacer.label.matchstr = Match String: +replacer.label.matchtype = Match Type: +replacer.label.regex = Match Regex: +replacer.label.replace = Replacement String: +replacer.label.tokenprocessing = Token Processing: +replacer.label.url = URL: + +replacer.matchtype.req_body_str = Request Body String +replacer.matchtype.req_header = Request Header (will add if not present) +replacer.matchtype.req_header_str = Request Header String +replacer.matchtype.resp_body_str = Response Body String +replacer.matchtype.resp_header = Response Header (will add if not present) +replacer.matchtype.resp_header_str = Response Header String + +replacer.modify.title = Modify Replacement Rule + +replacer.name = Match and Replace + +replacer.options.dialog.token.remove.button.cancel = Biykarlaw +replacer.options.dialog.token.remove.button.confirm = Alıp taslaw +replacer.options.dialog.token.remove.checkbox.label = Do not show this message again +replacer.options.dialog.token.remove.text = Are you sure you want to remove this rule? +replacer.options.dialog.token.remove.title = Remove Rule +replacer.options.label.tokens = Rule: +replacer.options.table.header.description = Description +replacer.options.table.header.enabled = Qosılǵan +replacer.options.table.header.match = Match String +replacer.options.table.header.replacement = Replacement +replacer.options.title = Replacer + +replacer.tab.init = Initiators +replacer.tab.rule = Rule + +replacer.topmenu.tools.shortcut = Replacer Options diff --git a/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages_kaa.properties b/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages_kaa.properties new file mode 100644 index 00000000000..929ab433dbd --- /dev/null +++ b/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages_kaa.properties @@ -0,0 +1,154 @@ +reports.api.action.generate = Generate a report with the supplied parameters. +reports.api.action.generate.param.contexts = The name of the contexts to be included in the report, separated by '|'. +reports.api.action.generate.param.description = Report Description +reports.api.action.generate.param.display = Display the generated report. Either "true" or "false". +reports.api.action.generate.param.includedConfidences = Confidences that should be included in the report, separated by '|'. Accepted values are "False Positive", "Low", "Medium", "High", and "Confirmed". +reports.api.action.generate.param.includedRisks = Risks that should be included in the report, separated by '|'. Accepted values are "Informational", "Low", "Medium", and "High". +reports.api.action.generate.param.reportDir = Path to directory in which the generated report should be placed. +reports.api.action.generate.param.reportFileName = The file name of the generated report. This value overrides the reportFileNamePattern parameter. +reports.api.action.generate.param.reportFileNamePattern = Report File Name Pattern. +reports.api.action.generate.param.sections = The report sections that should be included, separated by '|'. +reports.api.action.generate.param.sites = The site URLs that should be included in the report, separated by '|'. +reports.api.action.generate.param.template = Report Template +reports.api.action.generate.param.theme = Report Theme +reports.api.action.generate.param.title = Report Title + +reports.api.error.badSections = Invalid sections {0} for template {1} +reports.api.error.badTheme = Invalid theme {0} for template {1} +reports.api.error.templateDoesNotExist = Invalid template: {0} + +reports.api.view.templateDetails = View details of the specified template. +reports.api.view.templateDetails.param.template = Template Label +reports.api.view.templates = View available templates. + +reports.automation.desc = Report Generation Automation Integration +reports.automation.dialog.field.name = Job Name: +reports.automation.dialog.summary = Template: {0} +reports.automation.dialog.title = Report Job +reports.automation.error.badconf = Job {0} invalid confidence: {1} +reports.automation.error.badformat = Job {0} invalid format ''{1}'' : should be one of {2} +reports.automation.error.badlist = Job {0} invalid list for ''{1}'' : {2} +reports.automation.error.badrisk = Job {0} invalid risk: {1} +reports.automation.error.badsection = Job {0} invalid section {1} for template {2}, valid sections: {3} +reports.automation.error.badsite = Job {0} invalid site {1}, valid sites: {2} +reports.automation.error.badsummaryfile = Job {0} failed to create summary file: {1} +reports.automation.error.badtemplate = Job {0} invalid template: {1}, valid templates: {2} +reports.automation.error.generate = Job {0} failed to generate report: {1} +reports.automation.error.noparent = Job {0} parent directory of summaryFile does not exist {1} +reports.automation.error.roparent = Job {0} no write access to parent directory of summaryFile {1} +reports.automation.info.reportgen = Job {0} generated report {1} +reports.automation.name = Report Generation Automation Integration + +reports.desc = Templated and themed report generation functionality + +reports.dialog.button.generate = Generate Report +reports.dialog.button.reset = Reset + +reports.dialog.error.badtemplates = Current template directory invalid, resetting to {0} +reports.dialog.error.dirperms = Cannot write to directory: {0} +reports.dialog.error.fileperms = Cannot write to file: {0} +reports.dialog.error.generate = Failed to generate report: {0} +reports.dialog.error.noalerts = Report would not contain any alerts and "Generate If No Alerts" not selected +reports.dialog.error.nosections = You must select at least one section +reports.dialog.error.notemplate = No template selected, choose a valid template directory +reports.dialog.error.notemplates = No templates found, directory left unchanged + +reports.dialog.field.confidence = Include Confidences +reports.dialog.field.confidence.0 = \t\t\t\tFalse Positive: +reports.dialog.field.confidence.1 = \t\t\t\tLow: +reports.dialog.field.confidence.2 = \t\t\t\tMedium: +reports.dialog.field.confidence.3 = \t\t\t\tHigh: +reports.dialog.field.confidence.4 = \t\t\t\tConfirmed: +reports.dialog.field.contexts = Contexts: +reports.dialog.field.description = Description: +reports.dialog.field.display = Display Report: +reports.dialog.field.generateanyway = Generate If No Alerts: +reports.dialog.field.namepattern = Report Name Pattern: +reports.dialog.field.reportdir = Report Directory: +reports.dialog.field.reportname = Report Name: +reports.dialog.field.risk = Include Risks +reports.dialog.field.risk.0 = \t\t\t\tInformational: +reports.dialog.field.risk.1 = \t\t\t\tLow: +reports.dialog.field.risk.2 = \t\t\t\tMedium: +reports.dialog.field.risk.3 = \t\t\t\tHigh: +reports.dialog.field.sections = Sections: +reports.dialog.field.sections.none = No sections defined. +reports.dialog.field.sites = Sites: +reports.dialog.field.template = Template: +reports.dialog.field.templatedir = Template Directory: +reports.dialog.field.theme = Theme: +reports.dialog.field.title = Report Title: + +reports.dialog.info.reloadtemplates = Loaded {0} templates from {1} + +reports.dialog.tab.filter = Filter +reports.dialog.tab.options = Options +reports.dialog.tab.scope = Scope +reports.dialog.tab.template = Template +reports.dialog.title = Generate Report + +reports.name = Report Generator + +reports.report.alerts.detail = Alert Detail +reports.report.alerts.detail.attack = Attack +reports.report.alerts.detail.cweid = CWE Id +reports.report.alerts.detail.description = Description +reports.report.alerts.detail.evidence = Evidence +reports.report.alerts.detail.instances = Instances +reports.report.alerts.detail.method = Method +reports.report.alerts.detail.otherinfo = Other Info +reports.report.alerts.detail.param = Parameter +reports.report.alerts.detail.pluginid = Plugin Id +reports.report.alerts.detail.reference = Reference +reports.report.alerts.detail.request.body = Request Body +reports.report.alerts.detail.request.header = Request Header +reports.report.alerts.detail.response.body = Response Body +reports.report.alerts.detail.response.header = Response Header +reports.report.alerts.detail.showhide = Show / hide Request and Response +reports.report.alerts.detail.solution = Solution +reports.report.alerts.detail.sourceid = Source ID +reports.report.alerts.detail.tags = Tags +reports.report.alerts.detail.url = URL +reports.report.alerts.detail.wascid = WASC Id +reports.report.alerts.list = Alerts +reports.report.alerts.list.name = Ataması +reports.report.alerts.list.numinstances = Number of Instances +reports.report.alerts.list.risklevel = Risk Level +reports.report.alerts.summary = Summary of Alerts +reports.report.alerts.summary.numalerts = Number of Alerts +reports.report.alerts.summary.risklevel = Risk Level + +reports.report.confidence.0 = False Positive +reports.report.confidence.1 = Tómen +reports.report.confidence.2 = Ortasha +reports.report.confidence.3 = Joqarı +reports.report.confidence.4 = User Confirmed + +reports.report.generated = Generated on {0} + +reports.report.risk.-1 = \t\t\t\tFalse Positives: +reports.report.risk.0 = Informational +reports.report.risk.1 = Tómen +reports.report.risk.2 = Ortasha +reports.report.risk.3 = Joqarı + +reports.report.site = Site: {0} +reports.report.sites = Sites: {0} +reports.report.sites.title = Sites +reports.report.size = - size: {0} bytes. + +reports.report.stats.auth.failure = Authentication : Failure +reports.report.stats.auth.state.assumedin = State : Assumed In +reports.report.stats.auth.state.loggedin = State : Logged In +reports.report.stats.auth.state.loggedout = State : Logged Out +reports.report.stats.auth.state.noindicator = State : No Indicator +reports.report.stats.auth.state.unknown = State : Unknown +reports.report.stats.auth.success = Authentication : Success + +reports.report.title = ZAP Scanning Report + +reports.report.zapVersion = ZAP Version: {0} + +reports.toolbar.button.genreport = Generate Report ... + +reports.topmenu.reports.title = Generate Report ... diff --git a/addOns/requester/src/main/resources/org/zaproxy/addon/requester/Messages_kaa.properties b/addOns/requester/src/main/resources/org/zaproxy/addon/requester/Messages_kaa.properties new file mode 100644 index 00000000000..13b4b606405 --- /dev/null +++ b/addOns/requester/src/main/resources/org/zaproxy/addon/requester/Messages_kaa.properties @@ -0,0 +1,55 @@ +requester.button.send = Send +requester.button.send.tooltip = Alt+Enter +requester.button.send.tooltip.mac = Control+Option+Return + +requester.desc = Allows to manually edit and send messages. + +requester.href.type.name.manual = Qolda + +requester.httppanel.display.above = Request shown above Response +requester.httppanel.display.sidebyside = Request and Response side by side +requester.httppanel.display.tabs = Separate tabs for Request and Response +requester.httppanel.find.find = Find: +requester.httppanel.find.find.match.0 = No matches +requester.httppanel.find.find.match.1 = 1 of 1 match +requester.httppanel.find.find.match.x = {0} of {1} matches +requester.httppanel.find.next = Next match +requester.httppanel.find.prev = Previous match +requester.httppanel.label.contentlength = Body Length: {0} +requester.httppanel.label.timelapse = Time: {0} ms +requester.httppanel.label.totallength = Total Length: {0} bytes +requester.httppanel.methodchange = Method +requester.httppanel.methodchange.warn = Unable to change the method, failed to set the data to the message. +requester.httppanel.tab.request = Soraw +requester.httppanel.tab.response = Response + +requester.httpsender.checkbox.fixlength = Update Content Length +requester.httpsender.checkbox.followredirect = Follow redirect +requester.httpsender.checkbox.usecookies = Accept cookies +requester.httpsender.checkbox.usecsrf = Regenerate Anti-CSRF Token +requester.httpsender.checkbox.usesession = Use current tracking session +requester.httpsender.outofscope.redirection.warning = A redirection was not followed because it was out of scope:\n{0} + +requester.name = Requester + +requester.optionspanel.name = Requester +requester.optionspanel.option.autoFocus.label = Set focus on Requester after adding a new tab. + +requester.panel.mnemonic = w +requester.panel.title = Requester + +requester.resend.dialog.title = Manual Request Editor +requester.resend.popup = Open/Resend with Request Editor... + +requester.rightclickmenu.label = Open in Requester Tab... + +requester.send.dialog.title = Manual Request Editor +requester.send.toolsmenuitem = Manual Request Editor... + +requester.tab.rename = Enter new tab name: + +requester.toolsmenu.label = Open Message in Requester Tab... + +requester.warn.datainvalid = Unable to set the data to the message. +requester.warn.outofscope = The target URL is not in scope.\nEither include it in scope or change the mode to Standard. +requester.warn.safemode = Manual messages are not allowed in Safe mode. diff --git a/addOns/retest/src/main/resources/org/zaproxy/addon/retest/resources/Messages_kaa.properties b/addOns/retest/src/main/resources/org/zaproxy/addon/retest/resources/Messages_kaa.properties new file mode 100644 index 00000000000..1d14bbd21a7 --- /dev/null +++ b/addOns/retest/src/main/resources/org/zaproxy/addon/retest/resources/Messages_kaa.properties @@ -0,0 +1,43 @@ +retest.desc = Facilitates the verification of presence/absence of certain alerts. + +retest.dialog.add.tooltip = Add Alert(s) +retest.dialog.button.cancel = Biykarlaw +retest.dialog.button.create = Create +retest.dialog.button.verify = Verify +retest.dialog.edit.tooltip = Edit Alert +retest.dialog.remove.tooltip = Remove Alert(s) +retest.dialog.table.header.alertname = Alert Name +retest.dialog.table.header.attack = Attack +retest.dialog.table.header.confidence = Confidence +retest.dialog.table.header.evidence = Evidence +retest.dialog.table.header.method = Method +retest.dialog.table.header.otherinfo = Other Info +retest.dialog.table.header.param = Param +retest.dialog.table.header.risk = Risk +retest.dialog.table.header.scanruleid = Scan Rule ID +retest.dialog.table.header.status = Status +retest.dialog.table.header.url = Url +retest.dialog.table.status.absent = Absent +retest.dialog.table.status.notverified = Not Verified +retest.dialog.table.status.present = Present +retest.dialog.title = Retest + +retest.edit.dialog.attack = Attack: +retest.edit.dialog.cancel = Biykarlaw +retest.edit.dialog.confidence = Confidence: +retest.edit.dialog.evidence = Evidence: +retest.edit.dialog.method = Method: +retest.edit.dialog.name = Name: +retest.edit.dialog.other = Qosımsha maǵlıwmat: +retest.edit.dialog.parameter = Parameter: +retest.edit.dialog.risk = Risk: +retest.edit.dialog.save = Saqlaw +retest.edit.dialog.scanruleid = Scan Rule ID: +retest.edit.dialog.title = Edit Alert +retest.edit.dialog.url = URL: + +retest.menu.title = Retest... + +retest.name = Retest + +retest.plan.name = Retest Plan diff --git a/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/Messages_kaa.properties b/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/Messages_kaa.properties new file mode 100644 index 00000000000..2b03952c83b --- /dev/null +++ b/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/Messages_kaa.properties @@ -0,0 +1,8 @@ +retire.alert.name = Vulnerable JS Library + +retire.desc = Retire.js + +retire.rule.desc = The identified library {0}, version {1} is vulnerable. +retire.rule.name = Vulnerable JS Library (Powered by Retire.js) +retire.rule.otherinfo = The library matched the known vulnerable hash {0}. +retire.rule.soln = Please upgrade to the latest version of {0}. diff --git a/addOns/reveal/src/main/resources/org/zaproxy/zap/extension/reveal/resources/Messages_kaa.properties b/addOns/reveal/src/main/resources/org/zaproxy/zap/extension/reveal/resources/Messages_kaa.properties new file mode 100644 index 00000000000..737f7e4276f --- /dev/null +++ b/addOns/reveal/src/main/resources/org/zaproxy/zap/extension/reveal/resources/Messages_kaa.properties @@ -0,0 +1,7 @@ +reveal.api.action.setReveal = Sets if shows hidden fields and enables disabled fields +reveal.api.view.reveal = Tells if shows hidden fields and enables disabled fields + +reveal.button.disable = Unset show / enable fields +reveal.button.enable = Show / enable fields + +reveal.desc = Show hidden fields and enable disabled fields diff --git a/addOns/revisit/src/main/resources/org/zaproxy/zap/extension/revisit/resources/Messages_kaa.properties b/addOns/revisit/src/main/resources/org/zaproxy/zap/extension/revisit/resources/Messages_kaa.properties new file mode 100644 index 00000000000..26631424fbb --- /dev/null +++ b/addOns/revisit/src/main/resources/org/zaproxy/zap/extension/revisit/resources/Messages_kaa.properties @@ -0,0 +1,19 @@ + +revisit.404.history = ZAP revisit 404\n\n

ZAP Revisit 404

You visited these similar URL(s) in the session:

{0} +revisit.404.nohistory = ZAP revisit 404\n\n

ZAP Revisit 404

You did not visit this URL in the session +revisit.desc = Revisit a site at any time in the past using the session history +revisit.diags.after = After specified date/time +revisit.diags.before = Before specified date/time +revisit.diags.params = Method or parameters differed +revisit.dialog.button.reset = Reset +revisit.dialog.end.label = End Date/Time: +revisit.dialog.header.day = DD +revisit.dialog.header.hour = HH +revisit.dialog.header.minute = MM +revisit.dialog.header.month = MM +revisit.dialog.header.second = SS +revisit.dialog.header.site = Revisit site: {0} between: +revisit.dialog.header.year = YYYY +revisit.dialog.start.label = Start Date/Time: +revisit.popup.disable.title = Disable Revisit +revisit.popup.enable.title = Enable Revisit diff --git a/addOns/saml/src/main/resources/org/zaproxy/zap/extension/saml/resources/Messages_kaa.properties b/addOns/saml/src/main/resources/org/zaproxy/zap/extension/saml/resources/Messages_kaa.properties new file mode 100644 index 00000000000..4c0943facd4 --- /dev/null +++ b/addOns/saml/src/main/resources/org/zaproxy/zap/extension/saml/resources/Messages_kaa.properties @@ -0,0 +1,64 @@ +saml.addattrib.attribname = Attribute Name +saml.addattrib.attribvaluetype = Value Type +saml.addattrib.attribviewname = View Name (Max 30 Char.) +saml.addattrib.attribxpath = XPath + +#editor +saml.addattrib.button.cancel = Biykarlaw +saml.addattrib.button.saveexit = Save and Exit +saml.addattrib.error.error = Error with input values +saml.addattrib.error.invalidxpath = Invalid XPath +saml.addattrib.error.longviewname = Attribute View Name should be less than 30 Characters +saml.addattrib.error.noname = Attribute Name is empty +saml.addattrib.error.noviewname = Attribute View Name is empty +saml.addattrib.error.noxpath = XPath is empty +saml.addattrib.header = Add New Attribute +saml.addattrib.msg.confirm = Are you sure? +saml.addattrib.msg.confirmexit = Confirm exit +saml.addchangeattrib.attribname = Attribute Name +saml.addchangeattrib.attribvalue = Attribute Value +saml.addchangeattrib.btn.cancel = Biykarlaw +saml.addchangeattrib.btn.ok = OK +saml.addchangeattrib.header = Add New Auto Change Attribute +saml.addchangeattrib.msg.attribnotselected = No Attribute selected, please select one from combo box +saml.addchangeattrib.msg.novalue = No values given, Please provide a non-empty value +saml.addchangeattrib.msg.valueerror = Error in value +saml.editor.btn.resend = Resend +saml.editor.btn.reset = Reset +saml.editor.headerwarn = Note: This add-on would only run very basic test cases for SAML implementations.\nSigned SAML assertions cannot be tampered with at this time because the signings have not been made available to ZAP. +saml.editor.msg.cantresend = Cannot resend request +saml.editor.msg.confirmreset = Are you sure to reset settings? +saml.editor.msg.resetfailed = Resetting failed +saml.editor.relaystate = Relay State +saml.editor.tab.request = Soraw +saml.editor.tab.response = Response +saml.editor.title = SAML Request Viewer +saml.passivescanner.desc = The application uses SAML + +saml.passivescanner.name = Use of SAML +saml.passivescanner.otherinfo = Manually confirm that SAML is used, and then configure attacks in the SAML Extension (Tools > SAML Settings) to check if it's correctly implemented +saml.passivescanner.refs = https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html +saml.popup.mainmenu = SAML Actions +saml.popup.view_resend = View/Resend... +saml.settings.border.attributes = Configured Attributes +saml.settings.border.autochange = Auto Change Attributes and Values +saml.settings.border.global = Global Settings +saml.settings.button.addattrib = Add attributes +saml.settings.button.addautochangeattrib = Add Auto Change attributes +saml.settings.button.exit = Exit +saml.settings.button.removeattrib = Remove Attribute +saml.settings.button.reset = Reset changes +saml.settings.button.save = Save Changes +saml.settings.chkbox.deflateonsend = Compress the changed message +saml.settings.chkbox.passivechanger = Enable Passive changer +saml.settings.chkbox.removesign = Remove message signatures +saml.settings.chkbox.typevalidate = Validate attribute value types + +saml.settings.header = SAML Settings +saml.settings.messages.confirm = Confirm +saml.settings.messages.confirmremove = Are you sure to remove the attribute +saml.settings.messages.failed = Failed +saml.settings.messages.notsaved = Could not save changes. Please retry +saml.settings.messages.saved = Changes saved +saml.settings.messages.success = Success +saml.toolmenu.settings = SAML Settings diff --git a/addOns/scripts/src/main/resources/org/zaproxy/zap/extension/scripts/resources/Messages_kaa.properties b/addOns/scripts/src/main/resources/org/zaproxy/zap/extension/scripts/resources/Messages_kaa.properties new file mode 100644 index 00000000000..135f6a62c4e --- /dev/null +++ b/addOns/scripts/src/main/resources/org/zaproxy/zap/extension/scripts/resources/Messages_kaa.properties @@ -0,0 +1,148 @@ +scripts.automation.desc = Scripts Automation +scripts.automation.dialog.action = Action: +scripts.automation.dialog.inline = Inline: +scripts.automation.dialog.isinline = Is Inline: +scripts.automation.dialog.name = Name: +scripts.automation.dialog.scriptEngine = Script Engine: +scripts.automation.dialog.scriptFile = Script File: +scripts.automation.dialog.scriptName = Script Name: +scripts.automation.dialog.scriptType = Script Type: +scripts.automation.dialog.summary.add = Add Script: {0} +scripts.automation.dialog.summary.disable = Disable Script: {0} +scripts.automation.dialog.summary.enable = Enable Script: {0} +scripts.automation.dialog.summary.noAction = No Action specified for script job +scripts.automation.dialog.summary.remove = Remove Script: {0} +scripts.automation.dialog.summary.run = Run Script: {0} +scripts.automation.dialog.tab.inline = Inline +scripts.automation.dialog.tab.script = Script +scripts.automation.dialog.target = Target: +scripts.automation.dialog.title = Script Job +scripts.automation.error.actionNotDefined = Specified action ''{0}'' not defined. Only following actions are valid: {1} +scripts.automation.error.actionNull = Action is required, but not specified. Following actions are valid: {0} +scripts.automation.error.add.failed = Job {0} Failed to add script: {1} +scripts.automation.error.file.cannotRead = Job {0} Cannot access Script file: {1} +scripts.automation.error.file.missing = Job {0} Neither Script file nor Inline specified - one of them must be supplied +scripts.automation.error.file.notFile = Job {0} Script file: {1} is not a file +scripts.automation.error.inline.file = Job {0} Only one of File or Inline should be specified, not both +scripts.automation.error.name.missing = Job {0} Script Name not specified +scripts.automation.error.nofile = Cannot access file: {0} +scripts.automation.error.scriptEngineNotFound = Job {0} Script Engine: {1} not found +scripts.automation.error.scriptError = Job {0} Error occurred during executing Script {1}: {2} +scripts.automation.error.scriptNameIsNull = Job: {0} Script name is required, but not specified +scripts.automation.error.scriptNameNotFound = Job: {0} Script with name: {1} not found +scripts.automation.error.scriptTargetIsNull = Job: {0} Script target is required, but not specified +scripts.automation.error.scriptTargetNotFound = Job: {0} Script target: {1} not found +scripts.automation.error.scriptTypeIsNull = Job: {0} Script type is required, but not specified +scripts.automation.error.scriptTypeNotEnableable = Job: {0} Script with name: {1} is not enableable +scripts.automation.error.scriptTypeNotSupported = Job: {0} Script type: {1} can not be used with action: {2}. Following script types are valid: {3} +scripts.automation.info.add.replace = Job: {0} Replaced existing script: {1} +scripts.automation.info.startAction = Job: {0} Start action: {1} +scripts.automation.name = Scripts Automation Framework Integration +scripts.automation.warn.fileNotNeeded = Job: {0} File specified but not needed so will be ignored + +scripts.changed.keep = Keep script +scripts.changed.replace = Replace Script + +scripts.close.confirm = Changes to this script have not been saved.\nRemove the script and lose the changes? +scripts.close.popup = Remove Script + +scripts.console.changedOnDisk = The script has been changed by another program.\nKeep the version in the Script Console or replace\nit with the one changed by the other program?\nThis script has not been changed in the console.\n +scripts.console.changedOnDiskAndConsole = The script has been changed by another program.\nKeep the version in the Script Console or replace\nit with the one changed by the other program?\nThis script has been changed in the console so if\nyou replace the script you will lose your changes.\n + +scripts.desc = Scripting console, supports all JSR 223 scripting languages + +scripts.dialog.script.copy.name = Copy of {0} +scripts.dialog.script.copy.title = Copy Script +scripts.dialog.script.edit.title = Edit Script +scripts.dialog.script.error.duplicate = A script with this name already exists +scripts.dialog.script.error.name = You must supply a script name +scripts.dialog.script.error.notemplate = The selected script engine does not support script types without a template +scripts.dialog.script.error.template = You must specify a template or type and script engine +scripts.dialog.script.label.desc = Description: +scripts.dialog.script.label.enabled = Enabled: +scripts.dialog.script.label.engine = Script Engine: +scripts.dialog.script.label.file = File: +scripts.dialog.script.label.load = Load on Start: +scripts.dialog.script.label.name = Script Name: +scripts.dialog.script.label.template = Template: +scripts.dialog.script.label.type = Type: +scripts.dialog.script.large.warning = Very large script ({0} bytes). For performance reason, editor is disabled. Use an external editor. +scripts.dialog.script.load.title = Load Script +scripts.dialog.script.new.title = New Script + +# In Line - these run on every request/response and can be individually enabled +# Targeted - scripts that can be run against a request/response via a right click menu +# Library - scripts that contain functionality that can be used by any other scripts of the same type + +scripts.disable.popup = Disable Script(s) +scripts.duplicate.popup = Duplicate Script ... +scripts.enable.popup = Enable Script(s) +scripts.instantiate.popup = New Script ... + +scripts.list.panel.mnemonic = s +scripts.list.panel.title = Scripts +scripts.list.toolbar.button.load = Load Script ... +scripts.list.toolbar.button.new = New Script ... +scripts.list.toolbar.button.options = Script Options +scripts.list.toolbar.button.pause = Pause Script +scripts.list.toolbar.button.run = Run Script +scripts.list.toolbar.button.save = Save Script ... +scripts.list.toolbar.button.stop = Stop Script + +scripts.menu.tools.enable = Enable / Disable Scripts + +scripts.options.title = Scripts + +scripts.output.clear.button.toolTip = Clear script output panel +scripts.output.clearOnRun.button.disabled.toolTip = Enable clear script output panel on run +scripts.output.clearOnRun.button.enabled.toolTip = Disable clear script output panel on run +scripts.output.scriptLock.button.disabled.toolTip = Enable script lock - only output from the selected script will then be displayed +scripts.output.scriptLock.button.enabled.toolTip = Disable script lock - output from all scripts will then be displayed +scripts.output.scrolllock.button.disabled.toolTip = Enable scroll lock +scripts.output.scrolllock.button.enabled.toolTip = Disable scroll lock + +scripts.panel.mnemonic = c +scripts.panel.title = Script Console + +scripts.popup.scriptBasedAuth = {0} : Script-Based Authentication Script +scripts.popup.useForContextAs = Use for Context as... + +scripts.runscript.popup = Invoke with Script... + +scripts.script.load.charset.confirmbutton = Load Script +scripts.script.load.charset.label = Character Encoding: +scripts.script.load.charset.message = Unable to read the script with default character encoding(s):\n{0}\nIt contains invalid character sequence(s).\nYou can select other character encoding. +scripts.script.load.charset.selected.error = Unable to properly read the script with the selected character encoding. +scripts.script.load.charset.title = Load Script With Character Encoding + +scripts.syntaxtext.syntax.clojure = Clojure +scripts.syntaxtext.syntax.css = CSS +scripts.syntaxtext.syntax.groovy = Groovy +scripts.syntaxtext.syntax.html = HTML +scripts.syntaxtext.syntax.javascript = JavaScript +scripts.syntaxtext.syntax.kotlin = Kotlin +scripts.syntaxtext.syntax.plain = Plain +scripts.syntaxtext.syntax.python = Python +scripts.syntaxtext.syntax.ruby = Ruby +scripts.syntaxtext.syntax.scala = Scala + +scripts.template.desc = To create a script from a template, right click it and choose "New Script...", and then "Save".\n\n + +scripts.toolbar.label.run = Run +scripts.toolbar.tooltip.autocomplete.disabled = Enable auto-complete +scripts.toolbar.tooltip.autocomplete.enabled = Disable auto-complete +scripts.toolbar.tooltip.load = Load Script +scripts.toolbar.tooltip.run = Run Script +scripts.toolbar.tooltip.save = Save Script +scripts.toolbar.tooltip.stop = Stop Script + +scripts.topmenu.tools.consoleLink = Script Console Wiki Page + +scripts.type.extender = Extender +scripts.type.extender.desc = Extender scripts add new functionality, including graphical elements and new API end points.\n\nEnabling a script installs it and disabling a script uninstalls it.\nNote that if an extender script errors when uninstalling then it might fail to uninstall some of the functionality it installs. If this happens you may need to restart ZAP in order to undo any changes that it has made.\nAlso when extender scripts actually do things they will not run in the script console, so any errors will be logged to the zap.log file - so check this if an extender script is not acting in the way you expect.\n + +scripts.warn.missing.engine = Script Engine "{0}" not available, the script will not run until the engine is installed. + +scripts.welcome.cmd = To get started click the Scroll with a plus icon (New Script...) in the Scripts tab on the left hand side.\nOr you can right click on a script template and choose New Script...\n +scripts.welcome.nontest = This is a graphical script that can only be edited via the Scripts tab on the left hand side.\n\n +scripts.welcome.results = Welcome to the ZAP Scripting Console\n\nFor more details see the Help pages.\n\nWARNING - scripts run with the same permissions as ZAP, so do not run any scripts that you do not trust!\n\n diff --git a/addOns/selenium/src/main/resources/org/zaproxy/zap/extension/selenium/resources/Messages_kaa.properties b/addOns/selenium/src/main/resources/org/zaproxy/zap/extension/selenium/resources/Messages_kaa.properties new file mode 100644 index 00000000000..36593284e92 --- /dev/null +++ b/addOns/selenium/src/main/resources/org/zaproxy/zap/extension/selenium/resources/Messages_kaa.properties @@ -0,0 +1,54 @@ +selenium.api.action.setOptionChromeBinaryPath = Sets the current path to Chrome binary +selenium.api.action.setOptionChromeDriverPath = Sets the current path to ChromeDriver +selenium.api.action.setOptionFirefoxBinaryPath = Sets the current path to Firefox binary +selenium.api.action.setOptionFirefoxDriverPath = Sets the current path to Firefox driver (geckodriver) +selenium.api.view.optionChromeBinaryPath = Returns the current path to Chrome binary +selenium.api.view.optionChromeDriverPath = Returns the current path to ChromeDriver +selenium.api.view.optionFirefoxBinaryPath = Returns the current path to Firefox binary +selenium.api.view.optionFirefoxDriverPath = Returns the current path to Firefox driver (geckodriver) + +selenium.browser.extentions.filefilter = Browser extensions (xpi, crx) +selenium.browser.name.chrome = Chrome +selenium.browser.name.chrome-headless = Chrome Headless +selenium.browser.name.firefox = Firefox +selenium.browser.name.firefox-headless = Firefox Headless +selenium.browser.name.htmlunit = HtmlUnit +selenium.browser.name.ie = Internet Explorer +selenium.browser.name.opera = Opera +selenium.browser.name.phantomjs = PhantomJS +selenium.browser.name.safari = Safari + +selenium.extension.desc = Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. +selenium.extension.ui.name = WebDriver Provider + +selenium.menu.openinbrowser = Open URL in Browser + +selenium.options.binaries.title = Binaries +selenium.options.dialog.remove.button.cancel = Biykarlaw +selenium.options.dialog.remove.button.remove = Alıp taslaw +selenium.options.dialog.remove.label.checkbox = Do not show this message again +selenium.options.dialog.remove.text = Are you sure you want to remove the selected extension? +selenium.options.dialog.remove.title = Remove Browser Extension +selenium.options.extensions.table.header.browser = Browser +selenium.options.extensions.table.header.enabled = Qosılǵan +selenium.options.extensions.table.header.extension = Extension +selenium.options.extensions.title = Browser Extensions +selenium.options.label.button.bundleddriver = Bundled +selenium.options.label.button.select.file = Tańlaw... +selenium.options.label.chrome.binary = Chrome: +selenium.options.label.driver.chrome = ChromeDriver: +selenium.options.label.firefox.binary = Firefox: +selenium.options.label.firefox.driver = geckodriver: +selenium.options.label.nobundleddriver = No bundled WebDriver available. +selenium.options.title = Selenium +selenium.options.tooltip.button.bundleddriver = Sets the path to the bundled WebDriver.
Refer to the help page for more details. +selenium.options.tooltip.nobundleddriver = No bundled WebDriver available.
Refer to the help page for more details. +selenium.options.webdrivers.title = WebDrivers + +selenium.scripts.interface.error = The provided Selenium script ({0}) does not implement the required interface.\nPlease refer to the provided templates for examples. +selenium.scripts.type.selenium = Selenium + +selenium.warn.message.browser.not.found = {0} not found. Are you sure it''s in your PATH? +selenium.warn.message.failed.start.browser = Failed to start/connect to ''{0}'', is the browser available/supported? +selenium.warn.message.failed.start.browser.chrome = Failed to start Chrome browser.\nMake sure that Chrome and ChromeDriver are available.\nFor more details refer to "Options Selenium screen" help page. +selenium.warn.message.failed.start.browser.notfound = The provided browser was not found. diff --git a/addOns/sequence/src/main/resources/org/zaproxy/zap/extension/sequence/resources/Messages_kaa.properties b/addOns/sequence/src/main/resources/org/zaproxy/zap/extension/sequence/resources/Messages_kaa.properties new file mode 100644 index 00000000000..2dabe6bc7b9 --- /dev/null +++ b/addOns/sequence/src/main/resources/org/zaproxy/zap/extension/sequence/resources/Messages_kaa.properties @@ -0,0 +1,8 @@ +sequence.custom.tab.description = Sequences are defined as scripts. +sequence.custom.tab.deselectall.label = Deselect All Sequence Scripts +sequence.custom.tab.inc.header = Include in Scan +sequence.custom.tab.name.header = Script Name +sequence.custom.tab.selectall.label = Select All Sequence Scripts +sequence.custom.tab.title = Sequence +sequence.popupmenuitem.activeScanSequence = Active Scan Sequence +sequence.popupmenuitem.script.error.interface = The selected Sequence script ({0}) does not implement the required interface.\nPlease take a look at the provided templates for examples. diff --git a/addOns/simpleexample/src/main/resources/org/zaproxy/addon/simpleexample/resources/Messages_kaa.properties b/addOns/simpleexample/src/main/resources/org/zaproxy/addon/simpleexample/resources/Messages_kaa.properties new file mode 100644 index 00000000000..cb414bb7cc8 --- /dev/null +++ b/addOns/simpleexample/src/main/resources/org/zaproxy/addon/simpleexample/resources/Messages_kaa.properties @@ -0,0 +1,9 @@ +simpleExample.api.action.helloWorld = Logs "hello world called" with debug level. +simpleExample.desc = A Simple Example Add-on +simpleExample.error.nofile = File not found : {0} +simpleExample.panel.msg = This is a simple example of a status panel +simpleExample.panel.title = Simple Example +simpleExample.popup.msg = Example right click menu invoked for:\n {0} +simpleExample.popup.title = Simple Example: Example right click menu +simpleExample.topmenu.tools.msg = Simple Example: Example message +simpleExample.topmenu.tools.title = Simple Example: Example top menu diff --git a/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages_kaa.properties b/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages_kaa.properties new file mode 100644 index 00000000000..b6c68115aac --- /dev/null +++ b/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages_kaa.properties @@ -0,0 +1,63 @@ +soap.api.action.importFile = Import a WSDL definition from local file. +soap.api.action.importUrl = Import a WSDL definition from a URL. + +soap.automation.desc = SOAP Automation Framework Integration +soap.automation.dialog.name = Job Name: +soap.automation.dialog.summary = URL: {0}, File: {1} +soap.automation.dialog.title = SOAP Job +soap.automation.dialog.wsdlfile = WSDL File: +soap.automation.dialog.wsdlurl = WSDL URL: +soap.automation.error.file = Job soap cannot read file: {0} +soap.automation.error.url = Job soap invalid URL: {0} +soap.automation.name = SOAP Automation + +soap.desc = Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree. + +soap.formhandler.desc = SOAP Form Handler Integration +soap.formhandler.name = SOAP Form Handler + +soap.importfromurldialog.actionName = Import WSDL file from URL +soap.importfromurldialog.importButton = Importlaw +soap.importfromurldialog.labelURL = URL pointing to .wsdl file: +soap.importfromurldialog.pasteaction = Paste + +soap.name = SOAP/WSDL Support + +soap.script.description = Script for representing each SOAP operation uniquely in the Sites Tree. + +soap.soapactionspoofing.alertInfo = \ SOAP version 1.{0}\nOriginal SOAP Action: {1}\nSpoofed SOAP Action: {2} +soap.soapactionspoofing.desc = An unintended SOAP operation was executed by the server. +soap.soapactionspoofing.empty_response = Response is empty. +soap.soapactionspoofing.fault_code = Server returned a fault code. +soap.soapactionspoofing.invalid_format = Response has an invalid format. +soap.soapactionspoofing.name = SOAP Action Spoofing +soap.soapactionspoofing.other = An unintended SOAP operation was executed by the server. +soap.soapactionspoofing.refs = http://www.ws-attacks.org/index.php/SOAPAction_Spoofing +soap.soapactionspoofing.soapaction_executed = The SOAPAction operation has been executed. +soap.soapactionspoofing.soapaction_ignored = The SOAPAction header has been ignored. +soap.soapactionspoofing.soln = If not required, the SOAPAction attribute should be disabled. If needed, the operation within the SOAPAction and the SOAP body should always be compared before executing any operation. Any mismatch should be regarded as an attack. + +soap.soapxmlinjection.desc = Some XML injected code has been interpreted by the server. +soap.soapxmlinjection.name = SOAP XML Injection +soap.soapxmlinjection.other = Some XML injected code has been interpreted by the server. +soap.soapxmlinjection.refs = http://www.ws-attacks.org/index.php/XML_Injection +soap.soapxmlinjection.soln = Use a detailed description of SOAP attributes in the WSDL file. +soap.soapxmlinjection.warn1 = Response does not have SOAP format after XML Injection attack. +soap.soapxmlinjection.warn2 = Response content has been altered after XML Injection attack. + +soap.spider.desc = SOAP Spider Integration +soap.spider.name = SOAP Spider + +soap.topmenu.import.importRemoteWSDL = Import a WSDL file from a URL +soap.topmenu.import.importRemoteWSDL.tooltip = The file must be a formal described WSDL file. +soap.topmenu.import.importWSDL = Import a WSDL file from local file system +soap.topmenu.import.importWSDL.fail = Unable to access endpoint defined in {0} +soap.topmenu.import.importWSDL.filter.description = WSDL File +soap.topmenu.import.importWSDL.tooltip = The file must be a formal described WSDL file. +soap.topmenu.import.importWSDL.url.fail = Invalid URL: {0}.\n {1} + +soap.wsdlfilepscan.desc = A WSDL File has been detected. +soap.wsdlfilepscan.name = WSDL File Detection +soap.wsdlfilepscan.other = A WSDL File has been detected. +soap.wsdlfilepscan.refs = No references. +soap.wsdlfilepscan.soln = Make your WSDL files visible only for technical issues (ex: testing purposes). diff --git a/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages_kaa.properties b/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages_kaa.properties new file mode 100644 index 00000000000..5b9f7bb39e7 --- /dev/null +++ b/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages_kaa.properties @@ -0,0 +1,314 @@ +spider.activeActionPrefix = Spidering: {0} + +spider.addon.desc = Spider used for automatically finding URIs on a site. +spider.addon.name = Spider Extension + +spider.api.action.addDomainAlwaysInScope = Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false). +spider.api.action.addDomainAlwaysInScope.param.isEnabled = +spider.api.action.addDomainAlwaysInScope.param.isRegex = +spider.api.action.addDomainAlwaysInScope.param.value = +spider.api.action.clearExcludedFromScan = Clears the regexes of URLs excluded from the spider scans. +spider.api.action.disableAllDomainsAlwaysInScope = Disables all domains that are always in scope. +spider.api.action.enableAllDomainsAlwaysInScope = Enables all domains that are always in scope. +spider.api.action.excludeFromScan = Adds a regex of URLs that should be excluded from the spider scans. +spider.api.action.excludeFromScan.param.regex = +spider.api.action.modifyDomainAlwaysInScope = Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope. +spider.api.action.modifyDomainAlwaysInScope.param.idx = +spider.api.action.modifyDomainAlwaysInScope.param.isEnabled = +spider.api.action.modifyDomainAlwaysInScope.param.isRegex = +spider.api.action.modifyDomainAlwaysInScope.param.value = +spider.api.action.pause = +spider.api.action.pause.param.scanId = +spider.api.action.pauseAllScans = +spider.api.action.removeAllScans = +spider.api.action.removeDomainAlwaysInScope = Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope. +spider.api.action.removeDomainAlwaysInScope.param.idx = +spider.api.action.removeScan = +spider.api.action.removeScan.param.scanId = +spider.api.action.resume = +spider.api.action.resume.param.scanId = +spider.api.action.resumeAllScans = +spider.api.action.scan = Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url'). +spider.api.action.scan.param.contextName = +spider.api.action.scan.param.maxChildren = +spider.api.action.scan.param.recurse = +spider.api.action.scan.param.subtreeOnly = +spider.api.action.scan.param.url = +spider.api.action.scanAsUser = Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. +spider.api.action.scanAsUser.param.contextId = +spider.api.action.scanAsUser.param.maxChildren = +spider.api.action.scanAsUser.param.recurse = +spider.api.action.scanAsUser.param.subtreeOnly = +spider.api.action.scanAsUser.param.url = +spider.api.action.scanAsUser.param.userId = +spider.api.action.setOptionAcceptCookies = Sets whether or not a spider process should accept cookies while spidering. +spider.api.action.setOptionAcceptCookies.param.Boolean = +spider.api.action.setOptionHandleODataParametersVisited = +spider.api.action.setOptionHandleODataParametersVisited.param.Boolean = +spider.api.action.setOptionHandleParameters = +spider.api.action.setOptionHandleParameters.param.String = +spider.api.action.setOptionMaxChildren = Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit. +spider.api.action.setOptionMaxChildren.param.Integer = +spider.api.action.setOptionMaxDepth = Sets the maximum depth the spider can crawl, 0 for unlimited depth. +spider.api.action.setOptionMaxDepth.param.Integer = +spider.api.action.setOptionMaxDuration = +spider.api.action.setOptionMaxDuration.param.Integer = +spider.api.action.setOptionMaxParseSizeBytes = Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files. +spider.api.action.setOptionMaxParseSizeBytes.param.Integer = +spider.api.action.setOptionMaxScansInUI = +spider.api.action.setOptionMaxScansInUI.param.Integer = +spider.api.action.setOptionParseComments = +spider.api.action.setOptionParseComments.param.Boolean = +spider.api.action.setOptionParseGit = +spider.api.action.setOptionParseGit.param.Boolean = +spider.api.action.setOptionParseRobotsTxt = +spider.api.action.setOptionParseRobotsTxt.param.Boolean = +spider.api.action.setOptionParseSVNEntries = +spider.api.action.setOptionParseSVNEntries.param.Boolean = +spider.api.action.setOptionParseSitemapXml = +spider.api.action.setOptionParseSitemapXml.param.Boolean = +spider.api.action.setOptionPostForm = +spider.api.action.setOptionPostForm.param.Boolean = +spider.api.action.setOptionProcessForm = +spider.api.action.setOptionProcessForm.param.Boolean = +spider.api.action.setOptionRequestWaitTime = +spider.api.action.setOptionRequestWaitTime.param.Integer = +spider.api.action.setOptionScopeString = Use actions [add|modify|remove]DomainAlwaysInScope instead. +spider.api.action.setOptionScopeString.param.String = +spider.api.action.setOptionSendRefererHeader = Sets whether or not the 'Referer' header should be sent while spidering. +spider.api.action.setOptionSendRefererHeader.param.Boolean = +spider.api.action.setOptionShowAdvancedDialog = +spider.api.action.setOptionShowAdvancedDialog.param.Boolean = +spider.api.action.setOptionSkipURLString = +spider.api.action.setOptionSkipURLString.param.String = +spider.api.action.setOptionThreadCount = +spider.api.action.setOptionThreadCount.param.Integer = +spider.api.action.setOptionUserAgent = +spider.api.action.setOptionUserAgent.param.String = +spider.api.action.stop = +spider.api.action.stop.param.scanId = +spider.api.action.stopAllScans = +spider.api.desc = +spider.api.view.addedNodes = Returns a list of the names of the nodes added to the Sites tree by the specified scan. +spider.api.view.addedNodes.param.scanId = +spider.api.view.allUrls = Returns a list of unique URLs from the history table based on HTTP messages added by the Spider. +spider.api.view.domainsAlwaysInScope = Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex. +spider.api.view.excludedFromScan = Gets the regexes of URLs excluded from the spider scans. +spider.api.view.fullResults = +spider.api.view.fullResults.param.scanId = +spider.api.view.optionAcceptCookies = Gets whether or not a spider process should accept cookies while spidering. +spider.api.view.optionDomainsAlwaysInScope = Use view domainsAlwaysInScope instead. +spider.api.view.optionDomainsAlwaysInScopeEnabled = Use view domainsAlwaysInScope instead. +spider.api.view.optionHandleODataParametersVisited = +spider.api.view.optionHandleParameters = +spider.api.view.optionMaxChildren = Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit. +spider.api.view.optionMaxDepth = Gets the maximum depth the spider can crawl, 0 if unlimited. +spider.api.view.optionMaxDuration = +spider.api.view.optionMaxParseSizeBytes = Gets the maximum size, in bytes, that a response might have to be parsed. +spider.api.view.optionMaxScansInUI = +spider.api.view.optionParseComments = +spider.api.view.optionParseGit = +spider.api.view.optionParseRobotsTxt = +spider.api.view.optionParseSVNEntries = +spider.api.view.optionParseSitemapXml = +spider.api.view.optionPostForm = +spider.api.view.optionProcessForm = +spider.api.view.optionRequestWaitTime = +spider.api.view.optionScope = +spider.api.view.optionScopeText = +spider.api.view.optionSendRefererHeader = Gets whether or not the 'Referer' header should be sent while spidering. +spider.api.view.optionShowAdvancedDialog = +spider.api.view.optionSkipURLString = +spider.api.view.optionThreadCount = +spider.api.view.optionUserAgent = +spider.api.view.results = +spider.api.view.results.param.scanId = +spider.api.view.scans = +spider.api.view.status = +spider.api.view.status.param.scanId = + +spider.automation.desc = Spider Automation Integration +spider.automation.dialog.acceptcookies = Accept Cookies: +spider.automation.dialog.advanced = Show Advanced Options: +spider.automation.dialog.context = Context: +spider.automation.dialog.handleodata = Handle OData: +spider.automation.dialog.handleparams = Handle Parameters: +spider.automation.dialog.maxchildren = Max Children: +spider.automation.dialog.maxdepth = Max Depth: +spider.automation.dialog.maxduration = Max Duration: +spider.automation.dialog.maxparse = Max Size to Parse in Bytes: +spider.automation.dialog.parsecomments = Parse Comments: +spider.automation.dialog.parsedsstore = Parse .DS_Store: +spider.automation.dialog.parsegit = Parse GIT: +spider.automation.dialog.parserobots = Parse Robots.txt: +spider.automation.dialog.parsesitemap = Parse Sitemap: +spider.automation.dialog.parsessvn = Parse SVN: +spider.automation.dialog.postform = Post Forms: +spider.automation.dialog.processform = Process Forms: +spider.automation.dialog.reqwaittime = Request Wait Time +spider.automation.dialog.sendreferer = Send "Referer" Header: +spider.automation.dialog.summary = Context: {0}, URL: {1} +spider.automation.dialog.tab.adv = Advanced +spider.automation.dialog.tab.parse = Parsing +spider.automation.dialog.tests.stats.defaultname = At least {0} URLs found +spider.automation.dialog.threadcount = Number of Threads: +spider.automation.dialog.title = Spider Job +spider.automation.dialog.url = URL: +spider.automation.dialog.useragent = User Agent: +spider.automation.error.failIfUrlsLessThan.deprecated = Job {0} the fields ''failIfFoundUrlsLessThan'' and ''warnIfFoundUrlsLessThan'' have been replaced with the {1} stats test. +spider.automation.error.nofile = Cannot access file: {0} +spider.automation.error.url.badhost = Job {0} failed to access URL {1} check that it is valid : {2} +spider.automation.error.url.badhost.proxychain = Job {0} failed to access URL {1} your proxy chain may be wrong : {2} +spider.automation.error.url.failed = Job {0} failed to access URL {1} : {2} +spider.automation.error.url.notok = Job {0} error accessing URL {1} status code returned : {2} expected 200 +spider.automation.name = Spider Automation + +spider.context.popup = Spider Context... +spider.context.user.popup = Spider Context as User... + +spider.custom.button.reset = Reset +spider.custom.button.scan = Start Scan +spider.custom.label.acceptcookies = Accept Cookies: +spider.custom.label.adv = Show Advanced Options +spider.custom.label.context = Context: +spider.custom.label.handleOdata = Handle OData Parameters: +spider.custom.label.maxChildren = Maximum Children to Crawl (0 is unlimited): +spider.custom.label.maxDepth = Maximum Depth to Crawl (0 is unlimited): +spider.custom.label.maxDuration = Maximum Duration (minutes; 0 is unlimited): +spider.custom.label.maxParseSizeBytes = Maximum Parse Size (bytes): +spider.custom.label.parseComments = Parse HTML Comments: +spider.custom.label.parseDsStore = Parse .DS_Store Files: +spider.custom.label.parseGit = Parse Git Metadata: +spider.custom.label.parseRobots = Parse 'robots.txt': +spider.custom.label.parseSvn = Parse SVN Metadata: +spider.custom.label.postForms = POST Forms: +spider.custom.label.processForms = Process Forms: +spider.custom.label.recurse = Recurse: +spider.custom.label.sendReferer = Send 'Referer' Header: +spider.custom.label.sitemap = Parse 'sitemap.xml': +spider.custom.label.spiderSubtreeOnly = Spider Subtree Only +spider.custom.label.start = Starting Point: +spider.custom.label.user = Paydalanıwshı: +spider.custom.noStartSubtreeOnly.error = A site node must be selected or a URL manually introduced, to spider a site's subtree. +spider.custom.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https://www.example.com +spider.custom.notSafe.error = Spider scans are not allowed in 'Safe' mode. +spider.custom.popup = Spider... +spider.custom.tab.adv = Advanced +spider.custom.tab.scope = Scope +spider.custom.targetNotInScope.error = The following target is not allowed in ''Protected'' mode:\n{0} +spider.custom.title = Spider + +spider.formhandler.desc = Spider Form Handler Integration +spider.formhandler.name = Spider Form Handler + +spider.label.inScope = URI found during crawl: +spider.label.outOfScope = URI found but out of crawl scope: + +spider.name = Spider Extension + +spider.options.domains.in.scope.add.button.confirm = Qosıw +spider.options.domains.in.scope.add.title = Add Domain Always In Scope +spider.options.domains.in.scope.dialog.remove.button.cancel = Biykarlaw +spider.options.domains.in.scope.dialog.remove.button.confirm = Alıp taslaw +spider.options.domains.in.scope.dialog.remove.checkbox.label = Do not show this message again +spider.options.domains.in.scope.dialog.remove.text = Are you sure you want to remove the selected domain? +spider.options.domains.in.scope.dialog.remove.title = Remove Domain Always In Scope +spider.options.domains.in.scope.field.label.domain = Domen: +spider.options.domains.in.scope.field.label.enabled = Enabled: +spider.options.domains.in.scope.field.label.regex = Regex: +spider.options.domains.in.scope.modify.button.confirm = Modify +spider.options.domains.in.scope.modify.title = Modify Domain Always In Scope +spider.options.domains.in.scope.table.header.enabled = Qosılǵan +spider.options.domains.in.scope.table.header.regex = Regex +spider.options.domains.in.scope.table.header.value = Domain +spider.options.domains.in.scope.warning.invalid.regex.text = The regular expression is invalid. +spider.options.domains.in.scope.warning.invalid.regex.title = Domain Always In Scope Regex Invalid +spider.options.irrelevantparameter.add.button.confirm = Qosıw +spider.options.irrelevantparameter.add.title = Add Irrelevant Parameter +spider.options.irrelevantparameter.dialog.remove.button.cancel = Biykarlaw +spider.options.irrelevantparameter.dialog.remove.button.confirm = Alıp taslaw +spider.options.irrelevantparameter.dialog.remove.checkbox.label = Do not show this message again +spider.options.irrelevantparameter.dialog.remove.text = Are you sure you want to remove the selected parameter? +spider.options.irrelevantparameter.dialog.remove.title = Remove Irrelevant Parameter +spider.options.irrelevantparameter.field.label.enabled = Enabled: +spider.options.irrelevantparameter.field.label.name = Name: +spider.options.irrelevantparameter.field.label.regex = Regex: +spider.options.irrelevantparameter.modify.button.confirm = Modify +spider.options.irrelevantparameter.modify.title = Modify Irrelevant Parameter +spider.options.irrelevantparameter.table.header.enabled = Qosılǵan +spider.options.irrelevantparameter.table.header.regex = Regex +spider.options.irrelevantparameter.table.header.value = Domain +spider.options.irrelevantparameter.warning.invalid.regex.text = The regular expression is invalid. +spider.options.irrelevantparameter.warning.invalid.regex.title = Irrelevant Parameter Regex Invalid +spider.options.label.acceptcookies = Accept Cookies +spider.options.label.comments = Parse HTML Comments +spider.options.label.depth = Maximum Depth to Crawl (0 is unlimited): +spider.options.label.domains = Domains that are always 'in scope' +spider.options.label.dsStore = Parse .DS_Store files for new URIs +spider.options.label.duration = Maximum Duration (minutes; 0 is unlimited): +spider.options.label.git = Parse Git metadata files for new URIs +spider.options.label.handlehodataparameters = Handle OData-specific parameters +spider.options.label.handleparameters = Query parameters handling for checking visited URIs: +spider.options.label.irrelevantparameters = Irrelevant parameters: +spider.options.label.maxChildren = Maximum Children to Crawl (0 is unlimited): +spider.options.label.maxParseSizeBytes = Maximum Parse Size (bytes): +spider.options.label.post = POST forms (recommended but may generate unwanted requests) +spider.options.label.processform = Process forms (forms are processed and GET queries submitted) +spider.options.label.robotstxt = Parse 'robots.txt' files for new URIs +spider.options.label.sendRefererHeader = Send "Referer" header +spider.options.label.sitemapxml = Parse 'sitemap.xml' files for new URIs +spider.options.label.svnentries = Parse SVN metadata files for new URIs +spider.options.label.threads = Number of Threads Used: +spider.options.title = Spider +spider.options.value.handleparameters.ignoreAll = Ignore parameters completely +spider.options.value.handleparameters.ignoreValue = Consider only parameter's name +spider.options.value.handleparameters.useAll = Consider both parameter's name and value + +spider.panel.emptyView = You need to visit the website via a browser first and select a URL/folder/node in the 'Sites' panel displayed. +spider.panel.mnemonic = d +spider.panel.tab.addednodes = Added Nodes +spider.panel.tab.messages = Messages +spider.panel.tab.urls = URLs +spider.panel.title = Spider + +spider.parsefilter.reason.empty = Empty Message +spider.parsefilter.reason.maxchildren = Max Children +spider.parsefilter.reason.maxsize = Max Size +spider.parsefilter.reason.nottext = Not Text + +spider.scope.popup = Spider all in Scope + +spider.site.popup = Spider Site + +spider.subtree.popup = Spider Subtree + +spider.table.flags.illegalprotocol = Illegal Protocol +spider.table.flags.outofcontext = Out of Context +spider.table.flags.outofscope = Out of Scope +spider.table.flags.seed = Seed +spider.table.flags.userrules = User Rules +spider.table.header.flags = Flags +spider.table.header.inScope = Processed +spider.table.header.method = Method +spider.table.header.uri = URI +spider.table.messages.column.processed.successfully = Successfully +spider.table.messages.header.processed = Processed + +spider.task.message.skipped.ioerror = I/O Error +spider.task.message.skipped.maxdepth = Max Depth +spider.task.message.skipped.stopped = Spider Stopped + +spider.toolbar.added.label = Nodes Added: +spider.toolbar.ascans.label = Current Scans: +spider.toolbar.button.clear = Clean completed scans +spider.toolbar.button.new = New Scan +spider.toolbar.button.options = Spider Options +spider.toolbar.button.pause = Pause Spider +spider.toolbar.button.stop = Stop Spider +spider.toolbar.button.unpause = Resume Spider +spider.toolbar.found.label = URLs Found: +spider.toolbar.progress.label = Progress: +spider.toolbar.progress.select = --Select Scan-- + +spider.url.popup = Spider URL +spider.url.user.popup = Spider URL as User... diff --git a/addOns/spiderAjax/src/main/resources/org/zaproxy/zap/extension/spiderAjax/resources/Messages_kaa.properties b/addOns/spiderAjax/src/main/resources/org/zaproxy/zap/extension/spiderAjax/resources/Messages_kaa.properties new file mode 100644 index 00000000000..fba3622d240 --- /dev/null +++ b/addOns/spiderAjax/src/main/resources/org/zaproxy/zap/extension/spiderAjax/resources/Messages_kaa.properties @@ -0,0 +1,244 @@ + +spiderajax.active.action = AJAX Spider scan + +spiderajax.api.action.addAllowedResource = Adds an allowed resource. +spiderajax.api.action.addAllowedResource.param.enabled = If the allowed resource should be enabled or not. +spiderajax.api.action.addAllowedResource.param.regex = The regular expression of the allowed resource. +spiderajax.api.action.addExcludedElement = Adds an excluded element to a context. +spiderajax.api.action.addExcludedElement.param.attributeName = The attribute name of the element. +spiderajax.api.action.addExcludedElement.param.attributeValue = The attribute value of the element. +spiderajax.api.action.addExcludedElement.param.contextName = The name of the context. +spiderajax.api.action.addExcludedElement.param.description = The description of the excluded element. +spiderajax.api.action.addExcludedElement.param.element = The element to exclude. +spiderajax.api.action.addExcludedElement.param.enabled = The enabled state, true or false. +spiderajax.api.action.addExcludedElement.param.text = The text of the element. +spiderajax.api.action.addExcludedElement.param.xpath = The XPath of the element. +spiderajax.api.action.modifyExcludedElement = Modifies an excluded element of a context. +spiderajax.api.action.modifyExcludedElement.param.attributeName = The attribute name of the element. +spiderajax.api.action.modifyExcludedElement.param.attributeValue = The attribute value of the element. +spiderajax.api.action.modifyExcludedElement.param.contextName = The name of the context. +spiderajax.api.action.modifyExcludedElement.param.description = The description of the excluded element. +spiderajax.api.action.modifyExcludedElement.param.descriptionNew = The new description. +spiderajax.api.action.modifyExcludedElement.param.element = The element to exclude. +spiderajax.api.action.modifyExcludedElement.param.enabled = The enabled state, true or false. +spiderajax.api.action.modifyExcludedElement.param.text = The text of the element. +spiderajax.api.action.modifyExcludedElement.param.xpath = The XPath of the element. +spiderajax.api.action.removeAllowedResource = Removes an allowed resource. +spiderajax.api.action.removeAllowedResource.param.regex = The regular expression of the allowed resource. +spiderajax.api.action.removeExcludedElement = Removes an excluded element from a context. +spiderajax.api.action.removeExcludedElement.param.contextName = The name of the context. +spiderajax.api.action.removeExcludedElement.param.description = The description of the excluded element. +spiderajax.api.action.scan = Runs the AJAX Spider against a given target. +spiderajax.api.action.scan.param.contextName = The name for any defined context. If the value does not match a defined context then an error will occur. +spiderajax.api.action.scan.param.inScope = A boolean (true/false) indicating whether or not the scan should be restricted to 'inScope' only resources (default value is false). +spiderajax.api.action.scan.param.subtreeOnly = A boolean (true/false) indicating whether or not the crawl should be constrained to a specific path (default value is false). +spiderajax.api.action.scan.param.url = The starting URL (needs to include the 'scheme'). +spiderajax.api.action.scanAsUser = Runs the AJAX Spider from the perspective of a User of the web application. +spiderajax.api.action.scanAsUser.param.contextName = The name for any defined context. If the value does not match a defined context then an error will occur. +spiderajax.api.action.scanAsUser.param.subtreeOnly = A boolean (true/false) indicating whether or not the crawl should be constrained to a specific path (default value is false). +spiderajax.api.action.scanAsUser.param.url = The starting URL (needs to include the 'scheme'). +spiderajax.api.action.scanAsUser.param.userName = The name of the user to be used when crawling. The "userName" should be previously defined on the context configuration. +spiderajax.api.action.setEnabledAllowedResource = Sets whether or not an allowed resource is enabled. +spiderajax.api.action.setEnabledAllowedResource.param.enabled = If the allowed resource should be enabled or not. +spiderajax.api.action.setEnabledAllowedResource.param.regex = The regular expression of the allowed resource. +spiderajax.api.action.setOptionBrowserId = Sets the configuration of the AJAX Spider to use one of the supported browsers. +spiderajax.api.action.setOptionBrowserId.param.String = The name of the browser to be used by the AJAX Spider. (See the Selenium add-on help for a list of supported browsers.) +spiderajax.api.action.setOptionClickDefaultElems = Sets whether or not the the AJAX Spider will only click on the default HTML elements. +spiderajax.api.action.setOptionClickDefaultElems.param.Boolean = A boolean (true/false) indicating if only default elements such as 'a' 'button' 'input' should be clicked (default is true). +spiderajax.api.action.setOptionClickElemsOnce = When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. +spiderajax.api.action.setOptionClickElemsOnce.param.Boolean = A boolean (true/false) indicating whether or not the AJAX Spider should only click on elements once. If this is set to false, the crawler will attempt to click multiple times; which is more rigorous but may take considerably more time (default is true). +spiderajax.api.action.setOptionEventWait = Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc. +spiderajax.api.action.setOptionEventWait.param.Integer = The time that the AJAX Spider should wait for each event (default is 1000 milliseconds). +spiderajax.api.action.setOptionMaxCrawlDepth = Sets the maximum depth that the crawler can reach. +spiderajax.api.action.setOptionMaxCrawlDepth.param.Integer = The maximum depth that the crawler should explore (zero means unlimited depth, default is 10). +spiderajax.api.action.setOptionMaxCrawlStates = Sets the maximum number of states that the crawler should crawl. +spiderajax.api.action.setOptionMaxCrawlStates.param.Integer = The maximum number of states that the AJAX Spider should explore (zero means unlimited crawl states, default is 0) +spiderajax.api.action.setOptionMaxDuration = The maximum time that the crawler is allowed to run. +spiderajax.api.action.setOptionMaxDuration.param.Integer = The maximum amount of time that the AJAX Spider is allowed to run (zero means unlimited running time, default is 60 minutes). +spiderajax.api.action.setOptionNumberOfBrowsers = Sets the number of windows to be used by AJAX Spider. +spiderajax.api.action.setOptionNumberOfBrowsers.param.Integer = The number of windows that the AJAX Spider can use. The more windows, the faster the process will be. However, more windows also means greater resource usage (CPU, Memory, etc), and could lead to concurrency issues depending on the app being explored (default is 1). +spiderajax.api.action.setOptionRandomInputs = When enabled, inserts random values into form fields. +spiderajax.api.action.setOptionRandomInputs.param.Boolean = A boolean (true/false) indicating whether or not random values should be use in form fields. Otherwise, empty values are submitted (default is true). +spiderajax.api.action.setOptionReloadWait = Sets the time to wait after the page is loaded before interacting with it. +spiderajax.api.action.setOptionReloadWait.param.Integer = The number of milliseconds the AJAX Spider should wait after a page is loaded (default is 1000). +spiderajax.api.action.stop = Stops the AJAX Spider. +spiderajax.api.desc = Allows to configure and run the AJAX Spider. +spiderajax.api.view.allowedResources = Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. +spiderajax.api.view.excludedElements = Gets the excluded elements. The excluded elements are not clicked during crawling, for example, to prevent logging out. +spiderajax.api.view.excludedElements.param.contextName = The name of the context. +spiderajax.api.view.fullResults = Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope' URLs, and 'errors' encountered during the last/current run of the AJAX Spider. +spiderajax.api.view.numberOfResults = Gets the number of resources found. +spiderajax.api.view.optionBrowserId = Gets the configured browser to use for crawling. +spiderajax.api.view.optionClickDefaultElems = Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated with some action or links on the page. +spiderajax.api.view.optionClickElemsOnce = Gets the value configured for the AJAX Spider to know if it should click on the elements only once. +spiderajax.api.view.optionEventWait = Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc. +spiderajax.api.view.optionMaxCrawlDepth = Gets the configured value for the max crawl depth. +spiderajax.api.view.optionMaxCrawlStates = Gets the configured value for the maximum crawl states allowed. +spiderajax.api.view.optionMaxDuration = Gets the configured max duration of the crawl, the value is in minutes. +spiderajax.api.view.optionNumberOfBrowsers = Gets the configured number of browsers to be used. +spiderajax.api.view.optionRandomInputs = Gets if the AJAX Spider will use random values in form fields when crawling, if set to true. +spiderajax.api.view.optionReloadWait = Gets the configured time to wait after reloading the page, this value is in milliseconds. +spiderajax.api.view.results = Gets the current results of the crawler. +spiderajax.api.view.results.param.count = The number of results to return. +spiderajax.api.view.results.param.start = The position (or offset) within the results to use as a starting position for the information returned. +spiderajax.api.view.status = Gets the current status of the crawler. Actual values are Stopped and Running. + +spiderajax.automation.default = Default +spiderajax.automation.desc = Ajax Spider Automation Framework Integration +spiderajax.automation.dialog.ajaxspider.advanced = Show Advanced Options: +spiderajax.automation.dialog.ajaxspider.browserid = Browser Id: +spiderajax.automation.dialog.ajaxspider.clickdefaultelems = Click Default Elements: +spiderajax.automation.dialog.ajaxspider.clickelems = Select elements to click during crawl (if not clicking on only default elements): +spiderajax.automation.dialog.ajaxspider.clickelemsonce = Click Elements Once: +spiderajax.automation.dialog.ajaxspider.context = Context: +spiderajax.automation.dialog.ajaxspider.eventwait = Event Wait (in msec): +spiderajax.automation.dialog.ajaxspider.inScopeOnly = Just In Scope: +spiderajax.automation.dialog.ajaxspider.maxcrawldepth = Max Crawl Depth: +spiderajax.automation.dialog.ajaxspider.maxcrawlstates = Max Crawl States: +spiderajax.automation.dialog.ajaxspider.maxduration = Max Duration (in mins): +spiderajax.automation.dialog.ajaxspider.name = Job Name +spiderajax.automation.dialog.ajaxspider.numbrowsers = Number Of Browsers: +spiderajax.automation.dialog.ajaxspider.randominputs = Use Random Inputs: +spiderajax.automation.dialog.ajaxspider.reloadwait = Reload Wait (in msec): +spiderajax.automation.dialog.ajaxspider.runOnlyIfModern = Run Only If Modern: +spiderajax.automation.dialog.ajaxspider.tab.adv = Advanced +spiderajax.automation.dialog.ajaxspider.title = Ajax Spider Job +spiderajax.automation.dialog.ajaxspider.url = URL: +spiderajax.automation.dialog.summary = Context: {0}, URL : {1} +spiderajax.automation.dialog.tab.params = Parameters +spiderajax.automation.error.badresultdata = PassiveScan resultData unexpected class: {0} +spiderajax.automation.error.excludedelements.attribute = Job {0}, the excluded element {1} is missing either the name or value attribute. +spiderajax.automation.error.excludedelements.data = Job {0}, the excluded element {1} has no other properties. +spiderajax.automation.error.excludedelements.description = Job {0} has excluded element without description. +spiderajax.automation.error.excludedelements.duplicated = Job {0} has duplicated excluded element: {1} +spiderajax.automation.error.excludedelements.element = Job {0}, the excluded element {1} has no element. +spiderajax.automation.error.excludedelements.format = Job {0} unsupported format in excluded elements: {1} +spiderajax.automation.error.nofile = Cannot access file: {0} +spiderajax.automation.error.nomodernrule = Cannot tell if modern app - Modern Web App rule not present / enabled +spiderajax.automation.error.nopscanresults = Cannot tell if modern app - passiveScan-wait job has not run +spiderajax.automation.info.modern = Target is modern, running the AJAX Spider +spiderajax.automation.info.notmodern = Target is not modern, skipping the AJAX Spider +spiderajax.automation.name = Ajax Spider Automation +spiderajax.automation.tests.stats.defaultname = At least {0} URLs found + +spiderajax.context.panel.name = AJAX Spider + +spiderajax.desc = AJAX Spider, uses Crawljax +spiderajax.excludedelements.ui.add.button = Qosıw +spiderajax.excludedelements.ui.add.title = Add Excluded Element +spiderajax.excludedelements.ui.field.attributeName = Attribute Name: +spiderajax.excludedelements.ui.field.attributeValue = Attribute Value: +spiderajax.excludedelements.ui.field.description = Description: +spiderajax.excludedelements.ui.field.element = Element: +spiderajax.excludedelements.ui.field.enabled = Enabled: +spiderajax.excludedelements.ui.field.text = Text: +spiderajax.excludedelements.ui.field.xpath = XPath: +spiderajax.excludedelements.ui.modify.button = Modify +spiderajax.excludedelements.ui.modify.title = Modify Excluded Element +spiderajax.excludedelements.ui.panel.label = Excluded Elements: +spiderajax.excludedelements.ui.remove.button.cancel = Biykarlaw +spiderajax.excludedelements.ui.remove.button.confirm = Alıp taslaw +spiderajax.excludedelements.ui.remove.checkbox.label = Do not show this message again. +spiderajax.excludedelements.ui.remove.text = Are you sure you want to remove the selected excluded element? +spiderajax.excludedelements.ui.remove.title = Remove Excluded Element +spiderajax.excludedelements.ui.table.header.description = Description +spiderajax.excludedelements.ui.table.header.enabled = Qosılǵan +spiderajax.excludedelements.ui.warn.duplicated.text = An element with the provided description already exists. +spiderajax.excludedelements.ui.warn.duplicated.title = Duplicated Excluded Element +spiderajax.excludedelements.ui.warn.invalid.description = The description must not be empty. +spiderajax.excludedelements.ui.warn.invalid.element = The element must not be empty. +spiderajax.excludedelements.ui.warn.invalid.incompleteattribute = Both the name and value of the attribute must be provided. +spiderajax.excludedelements.ui.warn.invalid.missingdata = At least one other property must be provided. +spiderajax.excludedelements.ui.warn.invalid.title = Invalid Excluded Element + +spiderajax.menu.tools.label = AJAX Spider... +spiderajax.menu.tools.label.mnemonic = X + +spiderajax.name = AJAX Spider + +spiderajax.options.dialog.allowedResources.add.button.confirm = Qosıw +spiderajax.options.dialog.allowedResources.add.title = Add Allowed Resource +spiderajax.options.dialog.allowedResources.field.label.enabled = Qosılǵan +spiderajax.options.dialog.allowedResources.field.label.regex = Regex +spiderajax.options.dialog.allowedResources.label = Allowed Resources: +spiderajax.options.dialog.allowedResources.modify.button.confirm = Modify +spiderajax.options.dialog.allowedResources.modify.title = Modify Allowed Resource +spiderajax.options.dialog.allowedResources.remove.button.cancel = Biykarlaw +spiderajax.options.dialog.allowedResources.remove.button.confirm = Alıp taslaw +spiderajax.options.dialog.allowedResources.remove.checkbox.label = Do not show this message again +spiderajax.options.dialog.allowedResources.remove.text = Are you sure you want to remove the selected allowed resource? +spiderajax.options.dialog.allowedResources.remove.title = Remove Allowed Resource +spiderajax.options.dialog.allowedResources.table.header.enabled = Qosılǵan +spiderajax.options.dialog.allowedResources.table.header.regex = Regex +spiderajax.options.dialog.allowedResources.warning.invalid.regex.text = The provided regular expression is not valid:\n{0} +spiderajax.options.dialog.allowedResources.warning.invalid.regex.title = Invalid Regular Expression +spiderajax.options.dialog.allowedResources.warning.name.repeated.text = Allowed resource with provided regular expression already exists. +spiderajax.options.dialog.allowedResources.warning.name.repeated.title = Duplicated Allowed Resource +spiderajax.options.dialog.elem.add.button.confirm = Qosıw +spiderajax.options.dialog.elem.add.title = Add Element +spiderajax.options.dialog.elem.field.label.enabled = Qosılǵan +spiderajax.options.dialog.elem.field.label.name = Element +spiderajax.options.dialog.elem.modify.button.confirm = Modify +spiderajax.options.dialog.elem.modify.title = Modify Element +spiderajax.options.dialog.elem.remove.button.cancel = Biykarlaw +spiderajax.options.dialog.elem.remove.button.confirm = Alıp taslaw +spiderajax.options.dialog.elem.remove.checkbox.label = Do not show this message again +spiderajax.options.dialog.elem.remove.text = Are you sure you want to remove the selected element? +spiderajax.options.dialog.elem.remove.title = Remove Element +spiderajax.options.dialog.elem.warning.name.repeated.text = Element with provided name already exists +spiderajax.options.dialog.elem.warning.name.repeated.title = Duplicated Element +spiderajax.options.label.browsers = Number of Browser Windows to Open: +spiderajax.options.label.clickelems = Select elements to click during crawl (if not clicking on only default elements): +spiderajax.options.label.clickonce = Click Elements Once +spiderajax.options.label.crawlstates = Maximum Crawl States (0 is unlimited): +spiderajax.options.label.depth = Maximum Crawl Depth (0 is unlimited): +spiderajax.options.label.eventwait = Event Wait Time (milliseconds): +spiderajax.options.label.maxduration = Maximum Duration (minutes; 0 is unlimited): +spiderajax.options.label.randominputs = Use Random Values in Form Fields +spiderajax.options.label.reloadwait = Reload Wait Time (milliseconds): +spiderajax.options.table.header.element = Element +spiderajax.options.table.header.enabled = Qosılǵan +spiderajax.options.title = AJAX Spider + +spiderajax.outofscope.response = (403 Forbidden) Out of AJAX Spider scope + +spiderajax.panel.mnemonic = j +spiderajax.panel.subtitle = Crawled URLs: +spiderajax.panel.table.cell.excluded = Excluded +spiderajax.panel.table.cell.ioerror = I/O Error +spiderajax.panel.table.cell.outofcontext = Out of Context +spiderajax.panel.table.cell.outofscope = Out of Scope +spiderajax.panel.table.cell.processed = Processed +spiderajax.panel.table.header.processed = Processed +spiderajax.panel.title = AJAX Spider + +spiderajax.proxy.local.label.browsers = Browser: +spiderajax.proxy.local.label.defaultElems = Click Default Elements Only (a, button, input) + +spiderajax.scandialog.alreadyrunning.error = A spider scan is already running. +spiderajax.scandialog.button.reset = Reset +spiderajax.scandialog.button.scan = Start Scan +spiderajax.scandialog.label.adv = Show Advanced Options +spiderajax.scandialog.label.browser = Browser: +spiderajax.scandialog.label.context = Context: +spiderajax.scandialog.label.inscope = Just In Scope: +spiderajax.scandialog.label.spiderSubtreeOnly = Spider Subtree Only +spiderajax.scandialog.label.start = Starting Point: +spiderajax.scandialog.label.user = Paydalanıwshı: +spiderajax.scandialog.nobrowser.error = No browser was selected. +spiderajax.scandialog.nostart.context.error = The selected context does not have a starting point. +spiderajax.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https://www.example.com +spiderajax.scandialog.nostart.subtreeOnly.error = A site node must be selected or a URL manually introduced, to spider a site's subtree. +spiderajax.scandialog.notSafe.error = AJAX Spider scans are not allowed in 'Safe' mode. +spiderajax.scandialog.startNotInContext.error = The starting point does not belong to selected context. +spiderajax.scandialog.startNotInScope.error = The starting point is not in scope. +spiderajax.scandialog.startProtectedMode.error = The starting point is not allowed in 'Protected' mode. +spiderajax.scandialog.tab.elements = Elements +spiderajax.scandialog.tab.options = Options +spiderajax.scandialog.tab.scope = Scope +spiderajax.scandialog.title = AJAX Spider + +spiderajax.site.popup = AJAX Spider... + +spiderajax.toolbar.button.start = New Scan +spiderajax.toolbar.button.stop = Stop AJAX Spider diff --git a/addOns/sqliplugin/src/main/resources/org/zaproxy/zap/extension/sqliplugin/resources/Messages_kaa.properties b/addOns/sqliplugin/src/main/resources/org/zaproxy/zap/extension/sqliplugin/resources/Messages_kaa.properties new file mode 100644 index 00000000000..3b49e0e6176 --- /dev/null +++ b/addOns/sqliplugin/src/main/resources/org/zaproxy/zap/extension/sqliplugin/resources/Messages_kaa.properties @@ -0,0 +1,13 @@ +sqliplugin.alert.desc = A SQL injection may be possible using the attached payload +sqliplugin.alert.info.booleanbased = The page results were successfully manipulated using the boolean conditions [{0}] and [{1}]\n\nThe parameter value being modified was stripped from the HTML output for the purposes of the comparison.\n\nData was returned for the original parameter.\n\nThe vulnerability was detected by successfully restricting the data originally returned, by manipulating the parameter. +sqliplugin.alert.info.errorbased = RDBMS [{0}] likely, given error message fragment [{1}] in HTML results.\n\nThe vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised. +sqliplugin.alert.info.timebased = The query time is controllable using parameter value [{0}], which caused the request to take [{1}] milliseconds, when the original unmodified query with value [{2}] took on average [{3}] milliseconds. +sqliplugin.alert.info.unionbased = RDBMS [{0}] likely, given UNION-specific error message fragment for [{1}] columns\n\nThe vulnerability was detected by manipulating the parameter with an SQL ''UNION'' clause to cause a database error message to be returned and recognised. +sqliplugin.alert.name = Advanced SQL Injection - {0} +sqliplugin.alert.refs = https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +sqliplugin.alert.soln = Do not trust client side input, even if there is client side validation in place.\n\nIn general, type check all data on the server side.\n\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\n\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\n\nIf database Stored Procedures can be used, use them.\n\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\n\nDo not create dynamic SQL queries using simple string concatenation.\n\nEscape all data received from the client.\n\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\n\nApply the privilege of least privilege by using the least privileged database user possible.\n\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\n\nGrant the minimum database access that is necessary for the application. +sqliplugin.ext.desc = Helper extension for Advanced SQL Injection add-on. + +sqliplugin.ext.name = Advanced SQL Injection + +sqliplugin.name = Advanced SQL Injection diff --git a/addOns/sse/src/main/resources/org/zaproxy/zap/extension/sse/resources/Messages_kaa.properties b/addOns/sse/src/main/resources/org/zaproxy/zap/extension/sse/resources/Messages_kaa.properties new file mode 100644 index 00000000000..1dc5733b447 --- /dev/null +++ b/addOns/sse/src/main/resources/org/zaproxy/zap/extension/sse/resources/Messages_kaa.properties @@ -0,0 +1,18 @@ +sse.desc = Capture communication from Server-Sent Event streams. +sse.filter.button.break_add = Add custom breakpoint +sse.filter.button.filter = Filter +sse.filter.button.handshake = Show opening handshake in Request/Response tab +sse.filter.label.desc = Select the required filters below. You can select multiple rows in each element. An element is not used for filtering if none of the rows in it are selected. +sse.filter.label.filter = Filter: +sse.filter.label.off = OFF +sse.filter.label.on = ON, +sse.filter.title = Filter Server-Sent Events +sse.panel.component.all.tooltip = Display for Server-Sent Events +sse.panel.title = Server-Sent Events +sse.table.header.data = Data +sse.table.header.event_type = Event Type +sse.table.header.id = ID +sse.table.header.last_event_id = Last Event ID +sse.table.header.timestamp = Timestamp +sse.toolbar.button.options = Options +sse.toolbar.stream.label = Stream diff --git a/addOns/tips/src/main/resources/org/zaproxy/zap/extension/tips/resources/Messages_kaa.properties b/addOns/tips/src/main/resources/org/zaproxy/zap/extension/tips/resources/Messages_kaa.properties new file mode 100644 index 00000000000..b5abbe197a8 --- /dev/null +++ b/addOns/tips/src/main/resources/org/zaproxy/zap/extension/tips/resources/Messages_kaa.properties @@ -0,0 +1,65 @@ +# Strings used by the add-on +tips.button.allTips = All tips +tips.button.nextTip = Next tip +tips.desc = Tips and Tricks +tips.dialog.title = Tips and Tricks + +# The actual tips and tricks - anything with a key stating 'tips.tip.' will be treated as a tip + +# Optional add-ons +tips.tip.add.001 = Install the beta active and passive scan rules to find more potential issues.\nThere are also alpha active and passive scan rules but obviously they may be less stable. +tips.tip.add.002 = Want to script ZAP in a scripting language other than Java Script and Zest?\nCheck the ZAP Marketplace for other languages like python and ruby.\nIf your preferred scripting language isnt yet available then get in touch - its fairly easy to add support for other languages. +tips.tip.add.003 = Install the SAML Add-on from the ZAP Marketplace to detect, show, edit and fuzz SAML requests. +tips.tip.add.004 = There are a large number of fuzzing files available in the ZAP Marketplace in the 'Directory List *', 'Fuzzdb files' and 'SVN Digger files' add-ons. +tips.tip.add.005 = There is a repository of ZAP scripts at https://github.com/zaproxy/community-scripts\nIf you clone a local copy then you can add all of them to ZAP via the Scripts Option pane.\nYou can also upload your own scripts via pull requests - the more the better! +tips.tip.add.007 = Install the sequence add-on from the ZAP Marketplace to scan pages that must be visited in a specific order for the full functionality to be accessible. +tips.tip.add.008 = Install the accessControl add-on from the ZAP Marketplace to automate testing of your application's access control. +tips.tip.add.009 = You can import URLs contained in a text file using the importurls add-on available on the ZAP Marketplace + + +# Automation tips +tips.tip.aut.001 = ZAP is great for automation, but its easier to test features in the desktop UI first and then convert them to a script. +tips.tip.aut.002 = ZAP has a powerful API that covers nearly all of the features available in the desktop UI. +tips.tip.aut.003 = By default you cannot connect to ZAP on another machine, you will need to change the configs to allow remote connections. + +# General tips +tips.tip.gen.001 = Save your ZAP session at the start of a test rather than at the end - the session is stored in a db which will be updated all of the time so you wont have to save it again. +tips.tip.gen.002 = Try different UI layouts via the buttons on the main toolbar. +tips.tip.gen.003 = Right click everywhere.\nHighlight text and right click it.\nA lot of ZAP functionality is context sensitive as best accessed this way. +tips.tip.gen.004 = Use keyboard shortcuts to speed up your testing - you can define your own combinations via 'Options / Keyboard' which also generates printable shortcut cheatsheets. +tips.tip.gen.005 = If you are getting too many false positives try changing the threshold for that scan rule to High.\nBut also report the problem to us via the ZAP Users Group or Issues so we can investigate it - both of which are linked off the 'Online' menu +tips.tip.gen.007 = Add your target application to a Context using the 'right click' menu: 'Include in Context'.\nThis allows you tell ZAP more about the target, such as the authentication, the users and the technology it uses. +tips.tip.gen.008 = ZAP can display, intercept and even fuzz client side messages including postMessages - 'right click' a subtree in the Sites tree and select a suitable submenu under 'Monitor clients'.\nForce a browser refresh and your open pages will be displayed in the 'Clients' tab along with all of the client side messages they generate. +tips.tip.gen.009 = Zest scripts are a great way to automate tasks.\nZest is ZAP's graphical macro language, but provides programming features like conditionals and loops.\nUse the 'Record a new Zest script...' button on the main toolbar to quickly record a new Zest script.\nYou can also 'right click' requests to add them to Zest scripts. +tips.tip.gen.010 = ZAP can automatically check for updates - turn it on via the 'Options / Check for Updates' screen.\nIf you dont want it to happen automatically then make sure you manually check for updates frequently via the 'Manage Add-ons' main toolbar button as we continually add new features and fix issues. +tips.tip.gen.011 = Click on the 'gear' icon on the right hand side of many tabs to quickly access the setting for that feature. +tips.tip.gen.012 = There are lots of resources linked off the 'Online' menu, including the ZAP Homepage, User and Developer groups +tips.tip.gen.013 = Want to chat to someone about ZAP?\nMany of the ZAP core developers hang out on the Libera Chat #zaproxy irc channel: https://web.libera.chat/#zaproxy +tips.tip.gen.014 = ZAP has comprehensive help pages accessible via the 'Help / ZAP User Guide' menu.\nThe F1 key will also bring up the help pages and take you straight to the relevant section for the selected tab. +tips.tip.gen.015 = New to ZAP?\nRead the 'Getting Started with ZAP' guide accessible via the 'Help' menu. +tips.tip.gen.016 = The majority of ZAP's tabs are now hidden by default so that the UI is less cluttered.\nYou can show and hide all of the tabs via buttons on the main toolbar.\nYou can also 'pin' any tab you like so that it stays visible even after a restart. +tips.tip.gen.017 = You can reorder table columns by dragging and dropping them.\nYou can also select which columns are show via the icon just above the scroll bar on the right hand side of each table. +tips.tip.gen.018 = Manual browse indicator - Pages found by the spiders and forced browser are flagged in the Sites tree with the relevant icon. This icon disappears when you visit that page manually. +tips.tip.gen.019 = You can launch browsers that automatically proxy through ZAP and do not need to have the ZAP certificate added via the 'Manual Explore' button. +tips.tip.gen.020 = The Replacer options page allows you to quickly and easily replace text anywhere in an HTTP(S) message. + +# HUD tips +tips.tip.hud.001 = The Heads Up Display brings all of the key ZAP functionality into your browser. +tips.tip.hud.002 = Complete the Heads Up Display tutorial - it covers all of the HUD's features. +tips.tip.hud.003 = The HUD is constantly being updated - share feedback, feature requests and raise issues via https://github.com/zaproxy/zap-hud + +# Obscure features +tips.tip.obs.001 = POST requests have a 'right click' menu for generating an anti CSRF test form. +tips.tip.obs.002 = The 'Show / enable' fields 'lightbulb' button on the main toolbar will make hidden fields visible and allow you to edit disabled fields. +tips.tip.obs.003 = Does your application use anti CSRF tokens?\nMake sure you have configured ZAP to handle them via the 'Options / Active Scan' screen. +tips.tip.obs.004 = You can compare 2 requests or responses by selecting them both, 'right clicking' and selecting one of the 'Compare 2..' menu items. +tips.tip.obs.005 = You can tell ZAP to access an app using a specified user.\nTo do that you need to add your app to a Context and then define the authentication and user details. +tips.tip.obs.006 = The Search tab allows you to find string in Fuzz results - it supports regex expressions and inverse matching. +tips.tip.obs.007 = You can search for text in any text area, including the Request and Response tabs, using the 'right click' 'Find...' menu. +tips.tip.obs.008 = You can change the syntax highlighting used for the Request, Response and Script Console tabs via the 'right click' 'Syntax' menus. +tips.tip.obs.009 = You can tell ZAP to load all of the scripts in a set of directories via the Scripts Option page.\nSee the help for details of the directory structure. +tips.tip.obs.010 = You can export all of the URLs recorded by ZAP using the top level menu: "Report / Export All URLs to a File..." +tips.tip.obs.011 = You can invoke 3rd party tools like sqlmap and nmap from within ZAP, passing across a wide range of contextual information.\nJust configure the applications you want to invoke in the "Options / Applications" screen. +tips.tip.obs.012 = Docker Support - https://www.zaproxy.org/docs/docker/ + +tips.topmenu.help.tips = Tips and Tricks diff --git a/addOns/todo/src/main/resources/org/zaproxy/zap/extension/todo/resources/Messages_kaa.properties b/addOns/todo/src/main/resources/org/zaproxy/zap/extension/todo/resources/Messages_kaa.properties new file mode 100644 index 00000000000..abd19d4fbb3 --- /dev/null +++ b/addOns/todo/src/main/resources/org/zaproxy/zap/extension/todo/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +todo.remove.btn.label = Alıp taslaw +todo.set.sheet.label = From Owasp Testing guide : diff --git a/addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_kaa.properties b/addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_kaa.properties new file mode 100644 index 00000000000..7fd96ff2589 --- /dev/null +++ b/addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_kaa.properties @@ -0,0 +1,66 @@ +tokengen.activeAction = Token Generator +tokengen.analyse.button.save = Save Analysis +tokengen.analyse.detail.maxentropy = Maximum theoretical entropy: +tokengen.analyse.save.error = Failed to write to file, see log for detail. +tokengen.analyse.summary.deterministic = Deterministic? +tokengen.analyse.summary.excellent = Excellent +tokengen.analyse.summary.fail = Failed +tokengen.analyse.summary.good = Very Good +tokengen.analyse.summary.high = Joqarı +tokengen.analyse.summary.low = Tómen +tokengen.analyse.summary.pass = Passed +tokengen.analyse.summary.robust = Fairly Robust +tokengen.analyse.summary.vulnerable = Vulnerable +tokengen.analyse.tab.details = Details +tokengen.analyse.tab.errors = Errors +tokengen.analyse.tab.summary = Summary +tokengen.analyse.table.desc = Summary +tokengen.analyse.table.result = Result +tokengen.analyse.table.test = Test +tokengen.analyse.test.chr_transitions = Character Transitions +tokengen.analyse.test.chr_uniformity = Character Uniformity +tokengen.analyse.test.count_16_bits = Count 16 bits +tokengen.analyse.test.count_1_bit = Count 1 bit +tokengen.analyse.test.count_2_bits = Count 2 bits +tokengen.analyse.test.count_3_bits = Count 3 bits +tokengen.analyse.test.count_4_bits = Count 4 bits +tokengen.analyse.test.count_8_bits = Count 8 bits +tokengen.analyse.test.max_entropy = Maximum Entropy +tokengen.analyse.title = Analyse Tokens +tokengen.button.cancel = Biykarlaw +tokengen.desc = Token generation and analysis +tokengen.generate.button.cancel = Biykarlaw +tokengen.generate.button.generate = Generate +tokengen.generate.error.mode.protected = The following URL is not allowed in ''Protected'' mode:\n{0} +tokengen.generate.error.mode.safe = Token generation is not allowed in 'Safe' mode. +tokengen.generate.label.name = Name +tokengen.generate.label.numTokens = Number of Tokens +tokengen.generate.label.remove.cookies = Remove (Only) Cookie Under Test? +tokengen.generate.label.type = Type +tokengen.generate.load.error = Failed to read from file, see log for detail. +tokengen.generate.num.error = The 'Number of tokens' must be an integer. +tokengen.generate.popup.generate = Generate Tokens... +tokengen.generate.save.error = Failed to write to file, see log for detail. +tokengen.generate.title = Generate Tokens +tokengen.label.initialMessage = To generate and analyse tokens:\n\n
  • Find a request that contains the token you want to generate
  • Right click in the Sites tab or one of the bottom tabs and select 'Generate Tokens...'
  • Choose the token you want to generate
  • Press the Generate button
  • The responses and tokens will then be listed in this tab
  • When all of the tokens have been generated the Analyse Tokens dialog will be displayed.
+tokengen.label.maxEntropy = Maximum Entropy +tokengen.optionspanel.name = Token Generator +tokengen.optionspanel.option.requestdelay = Request Delay (in milliseconds): +tokengen.optionspanel.option.threadsperscan = Number of Threads: +tokengen.panel.mnemonic = t +tokengen.panel.title = Token Gen +tokengen.results.table.header.code = Code +tokengen.results.table.header.method = Method +tokengen.results.table.header.reason = Reason +tokengen.results.table.header.rtt = RTT +tokengen.results.table.header.size.responsebody = Size Resp. Body +tokengen.results.table.header.timestamp.request = Req. Timestamp +tokengen.results.table.header.token = Token +tokengen.results.table.header.url = URL +tokengen.toolbar.button.load = Load Tokens +tokengen.toolbar.button.options = Token Generator Options +tokengen.toolbar.button.pause = Pause Token Generation +tokengen.toolbar.button.save = Save Tokens +tokengen.toolbar.button.stop = Stop Token Generation +tokengen.toolbar.button.unpause = Resume Token Generation +tokengen.unanalysed.label = Unanalysed... diff --git a/addOns/treetools/src/main/resources/org/zaproxy/zap/extension/treetools/resources/Messages_kaa.properties b/addOns/treetools/src/main/resources/org/zaproxy/zap/extension/treetools/resources/Messages_kaa.properties new file mode 100644 index 00000000000..b038d76b54b --- /dev/null +++ b/addOns/treetools/src/main/resources/org/zaproxy/zap/extension/treetools/resources/Messages_kaa.properties @@ -0,0 +1,2 @@ +treetools.desc = Adds menu item to recursively expand/collapse a tree node +treetools.popop = Expand/collapse the node and all children diff --git a/addOns/viewstate/src/main/resources/org/zaproxy/zap/extension/viewstate/resources/Messages_kaa.properties b/addOns/viewstate/src/main/resources/org/zaproxy/zap/extension/viewstate/resources/Messages_kaa.properties new file mode 100644 index 00000000000..621ca653eba --- /dev/null +++ b/addOns/viewstate/src/main/resources/org/zaproxy/zap/extension/viewstate/resources/Messages_kaa.properties @@ -0,0 +1,8 @@ +viewstate.desc = ASP/JSF ViewState Decoder and Editor +viewstate.en.mac = MAC enabled +viewstate.en.nomac = No MAC detected! +viewstate.en.noparse = [can't parse, unknown/unexpected format] +viewstate.en.novstate = No ViewState detected +viewstate.en.stateless = v2.2+ [stateless] +viewstate.en.type = Type +viewstate.panel.caption = ViewState diff --git a/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/Messages_kaa.properties b/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/Messages_kaa.properties new file mode 100644 index 00000000000..4eb65fcc449 --- /dev/null +++ b/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/Messages_kaa.properties @@ -0,0 +1,76 @@ +wappalyzer.api.view.listAll = Lists all sites and their associated applications (technologies). +wappalyzer.api.view.listSite = Lists all the applications (technologies) associated with a specific site. +wappalyzer.api.view.listSite.site = The site for which the applications (technologies) should be returned. (See listSites). +wappalyzer.api.view.listSites = Lists all the sites recognized by the wappalyzer addon. + +wappalyzer.automation.desc = Wappalyzer Automation +wappalyzer.automation.name = Wappalyzer Automation Framework Integration + +wappalyzer.category.advertising-networks = Advertising-networks +wappalyzer.category.analytics = Analytics +wappalyzer.category.blogs = Blogs +wappalyzer.category.cache-tools = Cache-tools +wappalyzer.category.captchas = Captchas +wappalyzer.category.cdn = CDN +wappalyzer.category.cms = CMS +wappalyzer.category.comment-systems = Comment-systems +wappalyzer.category.database-managers = Database-managers +wappalyzer.category.databases = Databases +wappalyzer.category.documentation-tools = Documentation-tools +wappalyzer.category.editors = Editors +wappalyzer.category.font-scripts = Font-scripts +wappalyzer.category.hosting-panels = Hosting-panels +wappalyzer.category.issue-trackers = Issue-trackers +wappalyzer.category.javascript-frameworks = Javascript-frameworks +wappalyzer.category.javascript-graphics = Javascript-graphics +wappalyzer.category.lms = LMS +wappalyzer.category.maps = Maps +wappalyzer.category.marketing-automation = Marketing-automation +wappalyzer.category.media-servers = Media-servers +wappalyzer.category.message-boards = Message-boards +wappalyzer.category.miscellaneous = Miscellaneous +wappalyzer.category.mobile-frameworks = Mobile-frameworks +wappalyzer.category.network-devices = Network-devices +wappalyzer.category.operating-systems = Operating-systems +wappalyzer.category.photo-galleries = Photo-galleries +wappalyzer.category.printers = Printers +wappalyzer.category.programming-languages = Programming-languages +wappalyzer.category.rich-text-editors = Rich-text-editors +wappalyzer.category.search-engines = Search-engines +wappalyzer.category.video-players = Video-players +wappalyzer.category.web-frameworks = Web-frameworks +wappalyzer.category.web-mail = Web-mail +wappalyzer.category.web-server-extensions = Web-server-extensions +wappalyzer.category.web-servers = Web-servers +wappalyzer.category.web-shops = Web-shops +wappalyzer.category.webcams = Webcams +wappalyzer.category.widgets = Widgets +wappalyzer.category.wikis = Wikis + +wappalyzer.desc = Technology detection using Wappalyzer - http://wappalyzer.com/ + +wappalyzer.name = Wappalyzer - Technology Detection + +wappalyzer.panel.mnemonic = t +wappalyzer.panel.title = Technology + +wappalyzer.scanner = Wappalyzer Scanner (Tech Detection) + +wappalyzer.search.popup = Show Evidence + +wappalyzer.table.header.category = Categories +wappalyzer.table.header.confidence = Confidence +wappalyzer.table.header.cpe = CPE +wappalyzer.table.header.implies = Implies +wappalyzer.table.header.name = Technology +wappalyzer.table.header.version = Version +wappalyzer.table.header.website = Website + +wappalyzer.toolbar.site.label = Site: +wappalyzer.toolbar.site.select = -- Select Site -- +wappalyzer.toolbar.toggle.state.disabled = Óshirilgen +wappalyzer.toolbar.toggle.state.disabled.tooltip = Click to Enable Wappalyzer +wappalyzer.toolbar.toggle.state.enabled = Qosılǵan +wappalyzer.toolbar.toggle.state.enabled.tooltip = Click to Disable Wappalyzer + +wappalyzer.version.delimiter = \ or diff --git a/addOns/websocket/src/main/resources/org/zaproxy/zap/extension/websocket/resources/Messages_kaa.properties b/addOns/websocket/src/main/resources/org/zaproxy/zap/extension/websocket/resources/Messages_kaa.properties new file mode 100644 index 00000000000..c6b9b9fc0cf --- /dev/null +++ b/addOns/websocket/src/main/resources/org/zaproxy/zap/extension/websocket/resources/Messages_kaa.properties @@ -0,0 +1,140 @@ +#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net) +# Note that all of the labels should be in alphabetic order, with the exception of +# labels that are not really expected to be translated, such as the ports at the end of this file + +websocket.api.action.sendTextMessage = Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client +websocket.api.action.setBreakTextMessage = Sets the text message for an intercepted websockets message +websocket.api.view.breakTextMessage = Returns a text representation of an intercepted websockets message +websocket.api.view.channels = Returns all of the registered web socket channels +websocket.api.view.message = Returns full details of the message specified by the channelId and messageId +websocket.api.view.messages = Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents + +websocket.brk.add.break_on_all = Break on every message +websocket.brk.add.break_on_custom = Break on +websocket.brk.add.channel = Channel: +websocket.brk.add.desc = Add a custom breakpoint for WebSocket communication, by applying arbitrary restrictions. You can edit or view these breakpoints in the Break Points tab of the information window. +websocket.brk.add.direction = Direction: +websocket.brk.add.opcode = Opcode: +websocket.brk.add.pattern = Payload Pattern: + +websocket.context.exclude.popup = Exclude Channel URL from Context +websocket.context.include.popup = Include Channel URL in Context + +websocket.desc = Capture messages from WebSockets with the ability to set breakpoints. + +websocket.dialog.channel = Channel: +websocket.dialog.channel.select_all = -- All Channels -- +websocket.dialog.direction = Direction: +websocket.dialog.direction_incoming = Incoming Messages +websocket.dialog.direction_outgoing = Outgoing Messages +websocket.dialog.opcode = Opcode: +websocket.dialog.opcodes.select_all = -- All Opcodes -- +websocket.dialog.pattern = Payload Pattern: + +websocket.filter.button.break_add = Add Custom Breakpoint +websocket.filter.button.filter = Filter +websocket.filter.button.handshake = Show opening handshake in Request/Response tab +websocket.filter.label.desc = Select the required filters below. You can select multiple rows in each element. An element is not used for filtering if none of the rows in it are selected. +websocket.filter.label.direction = Direction +websocket.filter.label.direction_incoming = incoming +websocket.filter.label.direction_outgoing = outgoing +websocket.filter.label.filter = Filter: +websocket.filter.label.off = OFF +websocket.filter.label.on = ON, +websocket.filter.label.opcodes = Opcode +websocket.filter.label.pattern = Pattern +websocket.filter.label.regex = Filter by Search Term +websocket.filter.label.regex.ignore_case = Ignore Case +websocket.filter.label.regex.inverse = Inverse +websocket.filter.label.regex.regex = Regex +websocket.filter.title = Filter WebSocket Messages + +websocket.fuzz.fail = Error +websocket.fuzz.success = Successful + +websocket.fuzzer.description = Allows to fuzz WebSocket messages. +websocket.fuzzer.fuzzerNamePrefix = WS - {0} +websocket.fuzzer.messagetype = WebSocket +websocket.fuzzer.name = WebSocket Fuzzer +websocket.fuzzer.popup.menu.item.attack = Fuzz... +websocket.fuzzer.processor.scriptProcessor.name = Fuzzer WebSocket Processor (Script) +websocket.fuzzer.processor.scriptProcessor.panel.script.label = Script: +websocket.fuzzer.processor.scriptProcessor.panel.warnNoScript.message = No script selected, a script must be selected first. +websocket.fuzzer.processor.scriptProcessor.panel.warnNoScript.title = No Script Selected +websocket.fuzzer.results.toolbar.errors = Errors: +websocket.fuzzer.results.toolbar.messagesSent = Messages Sent: +websocket.fuzzer.script.type.fuzzerprocessor = Fuzzer WebSocket Processor +websocket.fuzzer.script.type.fuzzerprocessor.desc = Scripts that can control the WebSocket fuzzer and process the fuzzed WebSocket message.\n\nMust be enabled to be used, disabled scripts are not shown in the Fuzzer dialogue. +websocket.fuzzer.select.message.dialogue.warn = Selection of WebSocket messages through this panel is not yet supported. Use WebSockets tab instead. + +websocket.invalidpattern = Invalid regular expression. + +websocket.manual.ext.desc = Provides the WebSocket Message Editor dialogues. +websocket.manual.ext.name = WebSocket Message Editor + +websocket.manual_send.adv_dialog.always_gen = Always Generate New Key +websocket.manual_send.adv_dialog.connecting = Connecting... +websocket.manual_send.adv_dialog.generate_key = Generate +websocket.manual_send.adv_dialog.redirect = Follow Redirection +websocket.manual_send.adv_dialog.title = Reopen Advance Settings +websocket.manual_send.adv_dialog.tracking_session = State HTTP Request +websocket.manual_send.adv_dialog.websocket_key = Sec-WebSocket-Key: +websocket.manual_send.btn_reopen_edit_hint = Reopen Configuration +websocket.manual_send.btn_reopen_hint = Reopen the closed connection (in new channel) +websocket.manual_send.fail = Unable to send crafted message! +websocket.manual_send.fail.disconnected_channel = Selected WebSocket channel is not connected. +websocket.manual_send.fail.invalid_channel = Invalid WebSocket channel selected. +websocket.manual_send.fail.invalid_direction_client_mode = Selected WebSocket channel is not connected to the client. +websocket.manual_send.fail.invalid_opcode = Invalid WebSocket opcode selected. +websocket.manual_send.fail.out_of_scope = Request out of scope. +websocket.manual_send.fail.retrieve = An error occurred while trying to retrieve the HTTP handshake from history. Please reopen the connection from browser. +websocket.manual_send.fail.unable_reopen = It was not possible to reopen the connection. +websocket.manual_send.menu = WebSocket Message Editor +websocket.manual_send.menu.mnemonic = w +websocket.manual_send.popup = WebSocket Message Editor +websocket.manual_send.resend.menu = Open/Resend with Message Editor... +websocket.manual_send.use_reopen = Use the reopen button to establish a new connection. + +websocket.messagelocation.text.location = WS Payload + +websocket.name = WebSockets Support + +websocket.node.empty_payload = empty + +websocket.options.break_on_all = Break on enabled 'all request/response break buttons'. +websocket.options.break_on_ping_pong = Break on Ping & Pong messages on implicit breakpoints. +websocket.options.forward_all = Forward all WebSockets communication (no storage nor UI). +websocket.options.remove_extensions = Remove Sec-WebSocket-Extensions header. +websocket.options.remove_extensions.tooltip = Allows to remove the HTTP header Sec-WebSocket-Extensions from handshake messages,
so no transformations are done to the WebSocket messages sent/received.
This option should always be enabled unless the client or the server under test requires them.
The WebSocket messages might not be correctly processed by ZAP when extensions are used. + +websocket.panel.component.all.tooltip = Display for WebSocket message +websocket.panel.mnemonic = w +websocket.panel.title = WebSockets + +websocket.payload.invalid_utf8 = +websocket.payload.unreadable_binary = + +websocket.pscan.scripts.interface.passive.error = The provided WebSocket Passive Rules script ({0}) does not implement the required interface.\nPlease refer to the provided templates for examples. +websocket.pscan.scripts.type.passive = WebSocket Passive Rules + +websocket.script.error.websocketsender = Error in WebSocket Sender script +websocket.script.type.websocketsender = WebSocket Sender +websocket.script.type.websocketsender.desc = Scripts that are called before forwarding the WebSocket message frame to the server or client and can access and change any WebSocket message that is proxied via ZAP. + +websocket.session.exclude.title = Exclude from WebSockets +websocket.session.label.ignore = URLs where WebSocket traffic will be forwarded but not further processed. + +websocket.table.header.direction = ↔ +websocket.table.header.fuzz = Fuzz +websocket.table.header.id = Channel +websocket.table.header.opcode = Opcode +websocket.table.header.payload = Payload +websocket.table.header.payload_length = Bytes +websocket.table.header.state = State +websocket.table.header.timestamp = Timestamp + +websocket.toolbar.button.options = WebSocket Options +websocket.toolbar.channel.label = Channel: + +websocket.treemap.folder.root = WebSocket Connections +websocket.treemap.title = WebSocket Map diff --git a/addOns/zest/src/main/resources/org/zaproxy/zap/extension/zest/resources/Messages_kaa.properties b/addOns/zest/src/main/resources/org/zaproxy/zap/extension/zest/resources/Messages_kaa.properties new file mode 100644 index 00000000000..eb989ff2973 --- /dev/null +++ b/addOns/zest/src/main/resources/org/zaproxy/zap/extension/zest/resources/Messages_kaa.properties @@ -0,0 +1,609 @@ +zest.ClientSwitchToFrame.popup = Switch To Frame + +zest.action.add.popup = Add Zest Action + +zest.activescanner.title = Zest Active Scripts + +zest.addto.new.title = New Zest Script ... +zest.addto.popup = Add to Zest Script + +zest.alert2script.badevidence.comment = You will need to create a suitable test manually as the 'evidence' available in the alert was not found in the response. +zest.alert2script.noevidence.comment = You will need to create a suitable test manually as there is no 'evidence' available in the alert. +zest.alert2script.script.name = Vulnerability - {0} {1} +zest.alert2script.title = Generate Zest script for alert + +zest.assert.add.popup = Add Zest Assertion + +zest.assign.add.popup = Add Zest Assignment + +zest.client.add.popup = Add Zest Client + +zest.clientAssignCookie.popup = Cookie Assign + +zest.clientElementAssign.popup = Element Assign + +zest.clientElementClear.popup = Element Clear + +zest.clientElementClick.popup = Element Click + +zest.clientElementMouseOver.popup = Element MouseOver + +zest.clientElementScroll.popup = Element Scroll + +zest.clientElementScrollTo.popup = Element Scroll To + +zest.clientElementSendKeys.popup = Element Send Keys + +zest.clientElementSubmit.popup = Element Submit + +zest.clientLaunch.popup = Launch + +zest.clientScreenshot.popup = Screenshot + +zest.clientWindow.popup = Window Handle + +zest.clientWindowClose.popup = Window Close + +zest.clientWindowOpenUrl.popup = Window Open URL + +zest.clientWindowResize.popup = Window Resize + +zest.close.confirm = Changes to this script have not been saved.\nClose the script and lose the changes? +zest.close.popup = Close script + +zest.cnp.copy.popup = Kóshirip alıw +zest.cnp.cut.popup = Cut +zest.cnp.paste.popup = Paste + +zest.comment.off.popup = Uncomment Statement(s) +zest.comment.on.popup = Comment Statement(s) +zest.comment.popup = Add Comment + +zest.compare.req.popup = Zest: Compare with original request +zest.compare.resp.popup = Zest: Compare with original response + +zest.complex.condition.add.popup = Add Zest Complex Condition + +zest.condition.add.popup = Add Zest Condition +zest.condition.add.popup.empty.and = Empty AND +zest.condition.add.popup.empty.or = Empty OR +zest.condition.add.popup.expr.and = AND Expression +zest.condition.add.popup.expr.or = OR Expression + +zest.control.add.popup = Add Control + +zest.cookies.table.domain = Domain +zest.cookies.table.name = Ataması +zest.cookies.table.path = Path +zest.cookies.table.value = Value + +zest.delete.confirm = Are you sure you want to delete these components? +zest.delete.popup = Óshiriw + +zest.desc = Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools + +zest.details.panel.add.title = Add Zest Script +zest.details.panel.edit.title = Edit Zest Script +zest.details.panel.title = Zest Details + +zest.dialog.action.add.title = Add Zest Action +zest.dialog.action.edit.title = Edit Zest Action +zest.dialog.action.error.globalvar = You must supply the name of the Global Variable. +zest.dialog.action.label.globalvar = Global Variable: +zest.dialog.action.label.globalvar.value = Value: +zest.dialog.action.label.message = Message: +zest.dialog.action.label.millisecs = Milliseconds: +zest.dialog.action.label.params = Parameters +zest.dialog.action.label.priority = Priority: +zest.dialog.action.label.priority.info = Info +zest.dialog.action.label.script = Script +zest.dialog.action.label.targetparam = Target Parameter: +zest.dialog.action.label.token = Token Name: +zest.dialog.action.label.variable = Variable Name: +zest.dialog.action.priority.high = Joqarı +zest.dialog.action.priority.info = Info +zest.dialog.action.priority.low = Tómen +zest.dialog.action.priority.medium = Medium +zest.dialog.assert.add.title = Add Assertion +zest.dialog.assert.edit.title = Edit Assertion +zest.dialog.assert.error.regex = You must supply a valid Regular Expression +zest.dialog.assert.label.approx = Plus/minus %: +zest.dialog.assert.label.exact = Case Exact: +zest.dialog.assert.label.inverse = Inverse: +zest.dialog.assert.label.length = Length: +zest.dialog.assert.label.location = Location: +zest.dialog.assert.label.regex = Regex: +zest.dialog.assert.label.status = Status Code: +zest.dialog.assert.label.variable = Variable Name: +zest.dialog.assign.add.title = Add Assignment +zest.dialog.assign.edit.title = Edit Assignment +zest.dialog.assign.error.cookie = You must supply a Cookie Name +zest.dialog.assign.error.filterByAttributeEmpty = You must supply a string for the attribute name and value filter +zest.dialog.assign.error.filterByAttributeValueRegexInvalid = You must supply a valid Regular Expression for the attribute value filter +zest.dialog.assign.error.filterByElementEmpty = You must supply a string for the element name filter +zest.dialog.assign.error.filteredElementsIndexInvalid = You must supply a valid index +zest.dialog.assign.error.filteredElementsSelectorAttributeNameEmpty = You must supply a string for the attribute name selector +zest.dialog.assign.error.filteredElementsSelectorEmpty = You must choose a select method +zest.dialog.assign.error.globalvar = You must supply the name of the Global Variable. +zest.dialog.assign.error.minint = The Max value must be greater than the Min value +zest.dialog.assign.error.operand = You must supply both operandA and operandB +zest.dialog.assign.error.regexpostfix = You must supply a valid Regular Expression for the Postfix +zest.dialog.assign.error.regexprefix = You must supply a valid Regular Expression for the Prefix +zest.dialog.assign.error.regexreplace = The replacement string is not a valid Regular Expression +zest.dialog.assign.error.repfield = You must supply a valid Replacement Field +zest.dialog.assign.error.repform = You must supply a valid Replacement Form +zest.dialog.assign.error.reqstring = You must supply a string that is part of the request +zest.dialog.assign.error.strpostfix = You must supply a string for the Postfix +zest.dialog.assign.error.strprefix = You must supply a string for the Prefix +zest.dialog.assign.error.value = You must supply a Value to compare with +zest.dialog.assign.error.variable = You must supply a name which starts with a letter, the other characters may be alphanumeric as well as .-: +zest.dialog.assign.label.exact = Case exact: +zest.dialog.assign.label.filterByAttribute = Filter by Attribute Name: +zest.dialog.assign.label.filterByAttributeName = Attribute Name: +zest.dialog.assign.label.filterByAttributeValue = Attribute Value (RegExp): +zest.dialog.assign.label.filterByElement = Filter by Element Name: +zest.dialog.assign.label.filterByElementName = Element Name: +zest.dialog.assign.label.filteredElementsIndex = Index of the Element: +zest.dialog.assign.label.filteredElementsReversed = Reverse Filtered Elements: +zest.dialog.assign.label.filteredElementsSelector = Select Elements: +zest.dialog.assign.label.filteredElementsSelectorAttributeName = Select Value of Attribute: +zest.dialog.assign.label.globalvar = Global Variable: +zest.dialog.assign.label.location = Location: +zest.dialog.assign.label.maxint = Max Replacement Value: +zest.dialog.assign.label.minint = Min Replacement Value: +zest.dialog.assign.label.operanda = Operand A: +zest.dialog.assign.label.operandb = Operand B: +zest.dialog.assign.label.operation = Operation: +zest.dialog.assign.label.regex = Regex: +zest.dialog.assign.label.repfield = Replacement Field: +zest.dialog.assign.label.repform = Replacement Form: +zest.dialog.assign.label.repindex = Replacement Response: +zest.dialog.assign.label.replace = Replace: +zest.dialog.assign.label.replacement = With: +zest.dialog.assign.label.reqstring = Request String: +zest.dialog.assign.label.rgxpostfix = Postfix Regex: +zest.dialog.assign.label.rgxprefix = Prefix Regex: +zest.dialog.assign.label.string = String: +zest.dialog.assign.label.strpostfix = Postfix String: +zest.dialog.assign.label.strprefix = Prefix String: +zest.dialog.assign.label.variable = Variable Name: +zest.dialog.assign.oper.add = Plus +zest.dialog.assign.oper.divide = Divided by +zest.dialog.assign.oper.multiply = Times +zest.dialog.assign.oper.subtract = Minus +zest.dialog.client.browserType.label.chrome = Chrome +zest.dialog.client.browserType.label.firefox = Firefox +zest.dialog.client.browserType.label.htmlunit = Html Unit +zest.dialog.client.browserType.label.internetexplorer = Internet Explorer +zest.dialog.client.browserType.label.opera = Opera +zest.dialog.client.browserType.label.phantomjs = PhantomJS +zest.dialog.client.browserType.label.safari = Safari +zest.dialog.client.elementType.label.classname = Class Name +zest.dialog.client.elementType.label.cssselector = CSS Selector +zest.dialog.client.elementType.label.id = ID +zest.dialog.client.elementType.label.linktext = Link Text +zest.dialog.client.elementType.label.name = Ataması +zest.dialog.client.elementType.label.partiallinktext = Partial Link Text +zest.dialog.client.elementType.label.tagname = Tag Name +zest.dialog.client.elementType.label.xpath = XPath +zest.dialog.client.error.element = You must supply an Element +zest.dialog.client.error.screenshot = You must specify at least the file location or the variable name. +zest.dialog.client.error.switchToFrame = You must specify one of: frame name, frame index, frame parent +zest.dialog.client.error.windowHandle = You must supply a valid Window Handle +zest.dialog.client.label.attribute = Attribute: +zest.dialog.client.label.browserType = Browser Type: +zest.dialog.client.label.capabilities = Capabilities: +zest.dialog.client.label.cookie = Cookie Name: +zest.dialog.client.label.element = Element: +zest.dialog.client.label.elementType = Element Type: +zest.dialog.client.label.file = File Location: +zest.dialog.client.label.frameindex = Frame Index: +zest.dialog.client.label.framename = Frame Name: +zest.dialog.client.label.headless = Headless: +zest.dialog.client.label.height = Height: +zest.dialog.client.label.parentframe = Parent Frame: +zest.dialog.client.label.regex = Regex: +zest.dialog.client.label.sleepInSecs = Sleep In Seconds: +zest.dialog.client.label.url = URL: +zest.dialog.client.label.value = Value: +zest.dialog.client.label.variable = Variable Name: +zest.dialog.client.label.width = Width: +zest.dialog.client.label.windowHandle = Window Handle: +zest.dialog.client.label.x = X: +zest.dialog.client.label.y = Y: +zest.dialog.clientElementAssign.add.title = Add Zest Client Element Assign +zest.dialog.clientElementAssign.edit.title = Edit Zest Client Element Assign +zest.dialog.clientElementAssignCookie.add.title = Add Zest Client Assign Cookie +zest.dialog.clientElementAssignCookie.edit.title = Edit Zest Client Assign Cookie +zest.dialog.clientElementClear.add.title = Add Zest Client Element Clear +zest.dialog.clientElementClear.edit.title = Edit Zest Client Element Clear +zest.dialog.clientElementClick.add.title = Add Zest Client Element Click +zest.dialog.clientElementClick.edit.title = Edit Zest Client Element Click +zest.dialog.clientElementMouseOver.add.title = Add Zest Client Element MouseOver +zest.dialog.clientElementMouseOver.edit.title = Edit Zest Client Element MouseOver +zest.dialog.clientElementScroll.add.title = Add Zest Client Element Scroll +zest.dialog.clientElementScroll.edit.title = Edit Zest Client Element Scroll +zest.dialog.clientElementScrollTo.add.title = Add Zest Client Element Scroll To +zest.dialog.clientElementScrollTo.edit.title = Edit Zest Client Element Scroll To +zest.dialog.clientElementSendKeys.add.title = Add Zest Client Element Send Keys +zest.dialog.clientElementSendKeys.edit.title = Edit Zest Client Element Send Keys +zest.dialog.clientElementSubmit.add.title = Add Zest Client Element Submit +zest.dialog.clientElementSubmit.edit.title = Edit Zest Client Element Submit +zest.dialog.clientLaunch.add.title = Add Zest Client Launch +zest.dialog.clientLaunch.edit.title = Edit Zest Client Launch +zest.dialog.clientLaunch.tab.capabilities = Capabilities +zest.dialog.clientLaunch.tab.client = Client +zest.dialog.clientScreenshot.add.title = Add Zest Client Screenshot +zest.dialog.clientScreenshot.edit.title = Edit Zest Client Screenshot +zest.dialog.clientSwitchToFrame.add.title = Add Zest Client Switch To Frame +zest.dialog.clientSwitchToFrame.edit.title = Edit Zest Client Switch To Frame +zest.dialog.clientWindowClose.add.title = Add Zest Client Window Close +zest.dialog.clientWindowClose.edit.title = Edit Zest Client Window Close +zest.dialog.clientWindowHandle.add.title = Add Zest Client Window Handle +zest.dialog.clientWindowHandle.edit.title = Edit Zest Client Window Handle +zest.dialog.clientWindowOpenUrl.add.title = Add Zest Client Window Open URL +zest.dialog.clientWindowOpenUrl.edit.title = Edit Zest Client Window Open URL +zest.dialog.clientWindowResize.add.title = Add Zest Client Window Resize +zest.dialog.clientWindowResize.edit.title = Edit Zest Client Window Resize +zest.dialog.comment.add.title = Add Zest Comment +zest.dialog.comment.edit.title = Edit Zest Comment +zest.dialog.comment.label.comment = Comment: +zest.dialog.complex.condition.add.title = Add Zest Complex Condition\t +zest.dialog.complex.condition.addto.btn = Qosıw +zest.dialog.complex.condition.addto.complex.btn = Add to Complex Condition\t +zest.dialog.complex.condition.collection = Collect here the simple conditions using AND/OR/NOT criteria. +zest.dialog.complex.condition.description = Add simple conditions, then collect them with AND, OR criteria +zest.dialog.complex.condition.edit.btn = Edit +zest.dialog.complex.condition.suggest = A simple way to insert simple conditions is to use the ComboBox above. +zest.dialog.condition.add.title = Add Zest Condition +zest.dialog.condition.edit.title = Edit Zest Condition +zest.dialog.condition.error.regex = You must supply a valid Regular Expression +zest.dialog.condition.error.regexes = You must supply a list of valid Regular Expressions (one per line) +zest.dialog.condition.error.value = You must supply a Value to compare with +zest.dialog.condition.label.approx = Plus/minus %: +zest.dialog.condition.label.exact = Case exact: +zest.dialog.condition.label.excregexes = Exclude regexes: +zest.dialog.condition.label.greaterthan = Greater than: +zest.dialog.condition.label.incregexes = Include regexes: +zest.dialog.condition.label.inverse = Inverse: +zest.dialog.condition.label.length = Length: +zest.dialog.condition.label.location = Location: +zest.dialog.condition.label.regex = Regex: +zest.dialog.condition.label.resptime = Response Time (ms): +zest.dialog.condition.label.status = Status Code: +zest.dialog.condition.label.value = Value: +zest.dialog.condition.label.variable = Variable Name: +zest.dialog.cookies.add.title = Add Cookie +zest.dialog.cookies.edit.title = Edit Cookie +zest.dialog.cookies.error.cookie.name.empty = Cookie name must not be empty. +zest.dialog.cookies.label.domain = Domain: +zest.dialog.cookies.label.name = Name: +zest.dialog.cookies.label.path = Path: +zest.dialog.cookies.label.value = Value: +zest.dialog.expression.add.title = Add Zest Expression +zest.dialog.expression.edit.title = Edit Zest Expression +zest.dialog.fuzzfile.add.category = Set a category for this fuzzer +zest.dialog.loop.add.title = Add Zest Loop +zest.dialog.loop.edit.title = Edit Zest Loop +zest.dialog.loop.file.error.nonexisting = The specified file does not exist +zest.dialog.loop.file.fuzz.categories = Fuzz Category: +zest.dialog.loop.file.fuzz.files = Fuzz File: +zest.dialog.loop.file.fuzz.path = File Location: +zest.dialog.loop.integer.end = End: +zest.dialog.loop.integer.error.constraints = Invalid constraints: Start must be before End +zest.dialog.loop.integer.start = Start: +zest.dialog.loop.integer.step = Step: +zest.dialog.loop.regex.error.regex = You must supply a valid Regular Expression +zest.dialog.loop.regex.exact = Case Exact: +zest.dialog.loop.regex.group = Group index: +zest.dialog.loop.regex.input = Input variable: +zest.dialog.loop.regex.regex = Regex: +zest.dialog.loop.string.error.values = You must supply at least one value +zest.dialog.loop.string.error.variable = You must supply a name which starts with a letter, the other characters may be alphanumeric as well as .-: +zest.dialog.loop.string.values = Values (one/line): +zest.dialog.loop.variable.name = Variable Name: +zest.dialog.param.add.title = Add Parameter +zest.dialog.param.edit.title = Edit Parameter +zest.dialog.param.error.name = You must supply a name which starts with a letter, the other characters may be alphanumeric as well as .-: +zest.dialog.param.label.name = Name: +zest.dialog.param.label.value = Value: +zest.dialog.parameterize.error.repstring = You must supply a string that is part of the request +zest.dialog.parameterize.error.token = You must supply an alphanumeric variable name +zest.dialog.parameterize.label.added = Apply to all future requests: +zest.dialog.parameterize.label.current = Apply to all current requests: +zest.dialog.parameterize.label.repstring = String to replace: +zest.dialog.parameterize.label.token = Variable Name: +zest.dialog.parameterize.title = Parameterize Text +zest.dialog.redact.error.repchrs = You must supply a string to redact with +zest.dialog.redact.error.repstring = You must supply a string that is part of the request +zest.dialog.redact.label.added = Apply to all future requests: +zest.dialog.redact.label.current = Apply to all current requests: +zest.dialog.redact.label.repchrs = String to redact with: +zest.dialog.redact.label.repstring = String to replace: +zest.dialog.redact.title = Redact Text +zest.dialog.request.error.url = You must supply a valid URL +zest.dialog.request.label.body = Body: +zest.dialog.request.label.followredir = Follow Redirects: +zest.dialog.request.label.headers = Headers: +zest.dialog.request.label.method = Method: +zest.dialog.request.label.respbody = Body: +zest.dialog.request.label.respheaders = Headers: +zest.dialog.request.label.respstatus = Status Code: +zest.dialog.request.label.resptime = Time in ms: +zest.dialog.request.label.url = URL: +zest.dialog.request.tab.cookies = Cookies +zest.dialog.request.tab.main = Soraw +zest.dialog.request.tab.response = Response +zest.dialog.request.title = Zest Request +zest.dialog.return.add.title = Add Return call +zest.dialog.return.edit.title = Edit Return call +zest.dialog.return.label.value = Value: +zest.dialog.run.button.run = Run Script +zest.dialog.run.error.missingvals = You must supply values for all of the parameters +zest.dialog.run.label.params = Parameters: +zest.dialog.run.title = Run Zest Script +zest.dialog.script.add.title = Add Zest Script +zest.dialog.script.button.add = Qosıw +zest.dialog.script.button.modify = Modify +zest.dialog.script.button.remove = Alıp taslaw +zest.dialog.script.edit.title = Edit Zest Script +zest.dialog.script.error.clientnode = You must supply an Initial URL for client side scripts +zest.dialog.script.error.duplicate = A script with this name already exists +zest.dialog.script.error.prefix = If you supply a prefix then is must be a valid URL +zest.dialog.script.error.title = You must supply a title +zest.dialog.script.label.approx = Length +/-: +zest.dialog.script.label.authpwd = Password: +zest.dialog.script.label.authrealm = Realm: +zest.dialog.script.label.authsite = Site: +zest.dialog.script.label.authuser = Paydalanıwshı atı: +zest.dialog.script.label.clientnode = Initial URL: +zest.dialog.script.label.debug = Debug: +zest.dialog.script.label.desc = Description: +zest.dialog.script.label.file = File: +zest.dialog.script.label.length = Response Length Assertion: +zest.dialog.script.label.load = Load on start: +zest.dialog.script.label.prefix = Prefix: +zest.dialog.script.label.record = Record Type: +zest.dialog.script.label.statuscode = Status Code Assertion: +zest.dialog.script.label.title = Title: +zest.dialog.script.label.type = Type: +zest.dialog.script.label.type.active = Active +zest.dialog.script.label.type.passive = Passive +zest.dialog.script.label.type.targeted = Targeted +zest.dialog.script.record.save = Start Recording +zest.dialog.script.record.title = Record Zest script +zest.dialog.script.record.type.client = Client (browser) side script +zest.dialog.script.record.type.server = Server side script +zest.dialog.script.remove.confirm = Are you sure you want to remove this parameter? +zest.dialog.script.tab.auth = Authentication +zest.dialog.script.tab.defaults = Default Assertions +zest.dialog.script.tab.main = Summary +zest.dialog.script.tab.tokens = Parameters +zest.dialog.token.error.repstring = You must supply a string that is part of the request +zest.dialog.token.error.token = You must supply a token +zest.dialog.token.label.added = Apply to all future requests: +zest.dialog.token.label.current = Apply to all current requests: +zest.dialog.token.label.repstring = String to replace: +zest.dialog.token.label.token = Token: +zest.dialog.token.title = Tokenize Text + +zest.element.action.fail = Action - Fail ({0}) +zest.element.action.fail.title = Action - Fail +zest.element.action.globalvarremove = Action - Global Variable Remove ({0}) +zest.element.action.globalvarremove.title = Action - Global Variable - Remove +zest.element.action.globalvarset = Action - Global Variable Set ({0} = {1}) +zest.element.action.globalvarset.title = Action - Global Variable - Set +zest.element.action.intercept.title = Action - Break +zest.element.action.invoke = Action - Script {0} = {1} () +zest.element.action.invoke.title = Action - Script +zest.element.action.print = Action - Print ({0}) +zest.element.action.print.title = Action - Print +zest.element.action.scan = Action - Scan ({0}) +zest.element.action.scan.title = Action - Scan +zest.element.action.sleep = Action - Sleep ({0}) +zest.element.action.sleep.title = Action - Sleep +zest.element.assert = Assert - {0} +zest.element.assert.length = Assert - Length ({0}) = {1} +/- {2}% +zest.element.assert.length.title = Assert - Length +zest.element.assert.regex.exc = Assert - {0} Regex Not ({1}) +zest.element.assert.regex.inc = Assert - {0} Regex ({1}) +zest.element.assert.regex.title = Assert - Regex +zest.element.assert.statuscode = Assert - Status Code ({0}) +zest.element.assert.statuscode.title = Assert - Status Code +zest.element.assign.calc = Assign {0} = ({1} {2} {3}) +zest.element.assign.calc.title = Assign variable to a calculation +zest.element.assign.delstring = Assign {0} = string({1} <-> {2}) +zest.element.assign.delstring.title = Assign variable via string delimiters +zest.element.assign.field = Assign {0} = (Form {1} : Field {2}) +zest.element.assign.field.title = Assign variable to a form field +zest.element.assign.fromElement = Assign {0} = {1} +zest.element.assign.fromElement.attributes = Attributes +zest.element.assign.fromElement.element = Element +zest.element.assign.fromElement.elements = Elements +zest.element.assign.fromElement.match = match +zest.element.assign.fromElement.reverse = Reverse +zest.element.assign.fromElement.selectattribute = SelectAttribute +zest.element.assign.fromElement.selectcontent = SelectContent +zest.element.assign.fromElement.title = Assign variable to element content or attribute value +zest.element.assign.fromElement.where = where +zest.element.assign.globalvar = Assign {0} = Global Variable ({1}) +zest.element.assign.globalvar.title = Assign variable to Global Variable +zest.element.assign.regex = Assign {0} = regex({1} <-> {2}) +zest.element.assign.regex.title = Assign variable via regex delimiters +zest.element.assign.replace = Assign {0} replace {1} with {2} +zest.element.assign.replace.title = Assign replace in variable +zest.element.assign.rndint = Assign {0} = rnd ({1}, {2}) +zest.element.assign.rndint.title = Assign variable to random integer +zest.element.assign.string = Assign {0} = {1} +zest.element.assign.string.title = Assign variable to string +# TODO +zest.element.clientAssignCookie = Client Assign Cookie : [{0}] {1} = ({2}) +zest.element.clientAssignCookie.title = Client Assign Cookie +zest.element.clientElementAssign = Client Element Assign : [{0}] {1}:{2} +zest.element.clientElementAssign.title = Client Element Assign +zest.element.clientElementClear = Client Element Clear : [{0}] {1}:{2} +zest.element.clientElementClear.title = Client Element Clear +zest.element.clientElementClick = Client Element Click : [{0}] {1}:{2} +zest.element.clientElementClick.title = Client Element Click +zest.element.clientElementMouseOver = Client Element MouseOver : [{0}] {1}:{2} +zest.element.clientElementMouseOver.title = Client Element MouseOver +zest.element.clientElementScroll = Client Element Scroll : [{0}] {1}:{2} ({3},{4}) +zest.element.clientElementScroll.title = Client Element Scroll +zest.element.clientElementScrollTo = Client Element Scroll To : [{0}] {1}:{2} +zest.element.clientElementScrollTo.title = Client Element Scroll To +zest.element.clientElementSendKeys = Client Element Send Keys : [{0}] {1}:{2} = {3} +zest.element.clientElementSendKeys.title = Client Element Send Keys +zest.element.clientElementSubmit = Client Element Submit : [{0}] {1}:{2} +zest.element.clientElementSubmit.title = Client Element Submit +zest.element.clientLaunch = Client Launch : [{0}] {1} -> ({2}) +zest.element.clientLaunch.title = Client Launch +zest.element.clientScreenshot.file = Client Screenshot : [{0}] (File: {1}) +zest.element.clientScreenshot.filevar = Client Screenshot : [{0}] (File: {1}, Variable: {2}) +zest.element.clientScreenshot.title = Client Screenshot +zest.element.clientScreenshot.var = Client Screenshot : [{0}] (Variable: {1}) +zest.element.clientSwitchToFrame = Client Switch To Frame : [{0}] {1} +zest.element.clientSwitchToFrame.parent = [Parent] +zest.element.clientSwitchToFrame.title = Client Switch To Frame +zest.element.clientWindowClose = Client Window Close : [{0}] +zest.element.clientWindowClose.title = Client Window Close +zest.element.clientWindowHandle = Client Window Handle : [{0}] = {1} +zest.element.clientWindowHandle.title = Client Window Handle +zest.element.clientWindowOpenUrl = Client Window Open URL : [{0}] -> {1} +zest.element.clientWindowOpenUrl.title = Client Window Open URL +zest.element.clientWindowResize = Client Window Resize : [{0}] {1} * {2} +zest.element.clientWindowResize.title = Client Window Resize +zest.element.comment = Comment: {0} +zest.element.comment.title = Comment +zest.element.commontests = Common Tests +zest.element.conditional = Conditional +zest.element.conditional.else = ELSE +zest.element.conditional.if = IF : +zest.element.conditional.then = THEN +zest.element.control.loopbrk.title = Break +zest.element.control.loopnext.title = Next +zest.element.control.return = Return: {0} +zest.element.control.return.title = Return +zest.element.expression.and = AND +zest.element.expression.clientelement = Client Element Exists : [{0}] {1}:{2} +zest.element.expression.clientelement.title = Client Element Exists +zest.element.expression.equals = {0} Equals ({1}) +zest.element.expression.equals.inverse = {0} Not Equals ({1}) +zest.element.expression.equals.title = Equals +zest.element.expression.isint = Is Integer ({0}) +zest.element.expression.isint.inverse = Is Not Integer ({0}) +zest.element.expression.isint.title = Is Integer +zest.element.expression.length = Length ({0} = {1} +/- {2}%) +zest.element.expression.length.inverse = Length Not ({0} = {1} +/- {2}%) +zest.element.expression.length.title = Length +zest.element.expression.or = OR +zest.element.expression.regex.exc = {0} Regex Not ({1}) +zest.element.expression.regex.inc = {0} Regex ({1}) +zest.element.expression.regex.title = Regex +zest.element.expression.resptime.title = Response Time +zest.element.expression.resptimegt = Response Time ( > {0}) +zest.element.expression.resptimelt = Response Time ( < {0}) +zest.element.expression.statuscode = Status Code ({0}) +zest.element.expression.statuscode.title = Status Code +zest.element.expression.structured = Complex Condition +zest.element.expression.url = URL in ({0}) and not in ({1}) +zest.element.expression.url.title = URL +zest.element.loop = Generic Loop +zest.element.loop.clientElements = Loop For {0} in Client Element [{0}] {1}:{2} +zest.element.loop.clientElements.title = Loop Client Elements +zest.element.loop.file = Loop For {0} in {1} +zest.element.loop.file.title = Loop File +zest.element.loop.integer = Loop For {0} = {1} to {2} step {3} +zest.element.loop.integer.title = Loop Integer +zest.element.loop.regex = Loop Regex For {0} regex ({1}) in {2} +zest.element.loop.regex.title = Loop Regex +zest.element.loop.string = Loop For {0} in [{1}] +zest.element.loop.string.title = Loop String +zest.element.request = {0} : {1} +zest.element.response = {0} +zest.element.script = {0} +zest.element.unknown = Unknown Element: {0} + +zest.expression.add.popup = Add Zest Expression + +zest.fail.assert.bodyregex.exc = FAILED Assert - Body does include regex: {0} +zest.fail.assert.bodyregex.inc = FAILED Assert - Body doesnt include regex: {0} +zest.fail.assert.headregex.exc = FAILED Assert - Header does include regex: {0} +zest.fail.assert.headregex.inc = FAILED Assert - Header doesnt include regex: {0} +zest.fail.assert.length = FAILED Assert - {0} length: expected {1} got {2} ({3}% difference) +zest.fail.assert.statuscode = FAILED Assert - Status Code: expected {0} got {1} +zest.fail.assert.varregex.exc = FAILED Assert - {0} does include regex: {1} +zest.fail.assert.varregex.inc = FAILED Assert - {0} doesnt include regex: {1} +zest.fail.test.bodyregex.exc = FAILED Test - Body doesnt include regex: {0} +zest.fail.test.bodyregex.inc = FAILED Test - Body does include regex: {0} +zest.fail.test.headregex.exc = FAILED Test - Header doesnt include regex: {0} +zest.fail.test.headregex.inc = FAILED Test - Header does include regex: {0} + +zest.format.zest.script = Zest Script + +zest.loop.add.popup = Add a Loop + +zest.move.down.popup = Move Down +zest.move.up.popup = Move Up + +zest.options.label.header = Header +zest.options.label.ignore = Ignore +zest.options.label.ignoreheaders = Headers to ignore when recording Zest scripts +zest.options.label.incresponses = Include responses +zest.options.title = Zest + +zest.parameterize.popup = Zest: Parameterize Text... + +zest.passivescanner.title = Zest Passive Scanner + +zest.pastevar.popup = Zest Paste Variable + +zest.proxy.request.drop = Dropping request: {0}\n +zest.proxy.response.drop = Dropping response: {0}\n + +zest.record.node.popup = Record Zest Client Script from Node... +zest.record.off.popup = Stop Recording +zest.record.on.popup = Start Recording + +zest.redact.popup = Zest: Redact Text... + +zest.request.popup = Add Request + +zest.results.panel.button.clear = Clear +zest.results.panel.button.options = Zest Options +zest.results.panel.mnemonic = z +zest.results.panel.title = Zest Results +zest.results.table.header.result = Result + +zest.return.popup = Add Return statement + +zest.runscript.popup = Run with Zest Script... + +zest.script.remove.confirm = Are you sure you want to delete this script? +zest.script.remove.popup = Delete Script +zest.script.sequence.scanname = {0} (Script) + +zest.scripts.panel.title = Zest Scripts + +zest.surround.with.popup = Surround with... + +zest.targeted.script.default = Default + +zest.token.popup = Tokenize Text... + +zest.tokens.table.name = Ataması +zest.tokens.table.value = Value + +zest.toolbar.button.load = Load Zest Script ... +zest.toolbar.button.new.active = New Active Zest Script ... +zest.toolbar.button.new.passive = New Passive Zest Script ... +zest.toolbar.button.new.targeted = New Targeted Zest Script ... +zest.toolbar.button.pause = Pause Zest Script +zest.toolbar.button.record.off = Record a new Zest script... +zest.toolbar.button.record.on = Recording a new Zest script +zest.toolbar.button.run = Run Zest Script +zest.toolbar.button.save = Save Zest Script ... +zest.toolbar.button.stop = Stop Zest Script + +zest.transformation.add.popup = Add Zest Transformation + +zest.tree.root = Zest