Project Url: cak/reflect
Introduction: OWASP ZAP add-on to help find reflected parameter vulnerabilities
More: Author   ReportBugs   

An OWASP Zed Attack Proxy (ZAP) add-on to help find reflected parameter vulnerabilities.


  • Inspect in scope urls for reflected parameters
  • Save requests/responses to table


Install the Reflect add-on

Download or build the extension

Option 1: Download release

You can find the latest release (ZAP file) here.

Option 2: Build the extension

gradle build

Add-on ZAP file will be located at: ./build/zapAddOn/bin

Load the extension

  1. Open OWASP ZAP
  2. File
  3. Load Add-on file
  4. Select reflect .zap file
About Me
GitHub: Trinea
Facebook: Dev Tools