I've been trying some bugbounty programs recently. I often alternate between using BurpSuite and ZAP. Many programs want you to add a custom header to your requests so the traffic can be identified, and in some cases, bypass some roadblocks. In this post, I'll show how to configure ZAP to add the custom header.

image

At first, I was pretty confused about how to do this. Through some googling and some github issue searching, I found the answer.

Step 1: Open the scripts pane. It may not be visible, so click the + icon next to sites.

image

Step 2: Right click on "HTTP Sender" and create a new script. Choose the [AddZapHeader.js]{.title-ref} as the template, check the enable box and add a description (optional)

image

Step 3: Edit the script to add the header(s) desired.

image

Step 4: In the scripts pane, right click the script you created and click "save"

Step 5: Test it

image