OWASP ZAP · Capability

ZAP API — websocket

ZAP API — websocket. 6 operations. Lead operation: websocket. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zapwebsocket

What You Can Do

GET
Websocketactionsendtextmessage — Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client
/v1/json/websocket/action/sendtextmessage
GET
Websocketactionsetbreaktextmessage — Sets the text message for an intercepted websockets message
/v1/json/websocket/action/setbreaktextmessage
GET
Websocketviewbreaktextmessage — Returns a text representation of an intercepted websockets message
/v1/json/websocket/view/breaktextmessage
GET
Websocketviewchannels — Returns all of the registered web socket channels
/v1/json/websocket/view/channels
GET
Websocketviewmessage — Returns full details of the message specified by the channelId and messageId
/v1/json/websocket/view/message
GET
Websocketviewmessages — Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (d
/v1/json/websocket/view/messages

MCP Tools

sends-specified-message-channel-specified

Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client

read-only idempotent
sets-text-message-intercepted-websockets

Sets the text message for an intercepted websockets message

read-only idempotent
returns-text-representation-intercepted-websockets

Returns a text representation of an intercepted websockets message

read-only idempotent
returns-all-registered-web-socket

Returns all of the registered web socket channels

read-only idempotent
returns-full-details-message-specified

Returns full details of the message specified by the channelId and messageId

read-only idempotent
returns-list-all-messages-that

Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (d

read-only idempotent

Capability Spec

owasp-zap-websocket.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — websocket
  description: 'ZAP API — websocket. 6 operations. Lead operation: websocket. Self-contained Naftiko capability covering one
    Owasp Zap business surface.'
  tags:
  - Owasp Zap
  - websocket
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-websocket
    baseUri: http://zap
    description: ZAP API — websocket business capability. Self-contained, no shared references.
    resources:
    - name: JSON-websocket-action-sendTextMessage
      path: /JSON/websocket/action/sendTextMessage/
      operations:
      - name: websocketactionsendtextmessage
        method: GET
        description: Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message
          will be sent to the server and if it is 'False' then it will be sent to the client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-websocket-action-setBreakTextMessage
      path: /JSON/websocket/action/setBreakTextMessage/
      operations:
      - name: websocketactionsetbreaktextmessage
        method: GET
        description: Sets the text message for an intercepted websockets message
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-websocket-view-breakTextMessage
      path: /JSON/websocket/view/breakTextMessage/
      operations:
      - name: websocketviewbreaktextmessage
        method: GET
        description: Returns a text representation of an intercepted websockets message
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-websocket-view-channels
      path: /JSON/websocket/view/channels/
      operations:
      - name: websocketviewchannels
        method: GET
        description: Returns all of the registered web socket channels
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-websocket-view-message
      path: /JSON/websocket/view/message/
      operations:
      - name: websocketviewmessage
        method: GET
        description: Returns full details of the message specified by the channelId and messageId
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-websocket-view-messages
      path: /JSON/websocket/view/messages/
      operations:
      - name: websocketviewmessages
        method: GET
        description: Returns a list of all of the messages that meet the given criteria (all optional), where channelId is
          a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number
          of messages to return (d
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-websocket-rest
    port: 8080
    description: REST adapter for ZAP API — websocket. One Spectral-compliant resource per consumed operation, prefixed with
      /v1.
    resources:
    - path: /v1/json/websocket/action/sendtextmessage
      name: json-websocket-action-sendtextmessage
      description: REST surface for JSON-websocket-action-sendTextMessage.
      operations:
      - method: GET
        name: websocketactionsendtextmessage
        description: Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message
          will be sent to the server and if it is 'False' then it will be sent to the client
        call: owasp-zap-websocket.websocketactionsendtextmessage
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/websocket/action/setbreaktextmessage
      name: json-websocket-action-setbreaktextmessage
      description: REST surface for JSON-websocket-action-setBreakTextMessage.
      operations:
      - method: GET
        name: websocketactionsetbreaktextmessage
        description: Sets the text message for an intercepted websockets message
        call: owasp-zap-websocket.websocketactionsetbreaktextmessage
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/websocket/view/breaktextmessage
      name: json-websocket-view-breaktextmessage
      description: REST surface for JSON-websocket-view-breakTextMessage.
      operations:
      - method: GET
        name: websocketviewbreaktextmessage
        description: Returns a text representation of an intercepted websockets message
        call: owasp-zap-websocket.websocketviewbreaktextmessage
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/websocket/view/channels
      name: json-websocket-view-channels
      description: REST surface for JSON-websocket-view-channels.
      operations:
      - method: GET
        name: websocketviewchannels
        description: Returns all of the registered web socket channels
        call: owasp-zap-websocket.websocketviewchannels
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/websocket/view/message
      name: json-websocket-view-message
      description: REST surface for JSON-websocket-view-message.
      operations:
      - method: GET
        name: websocketviewmessage
        description: Returns full details of the message specified by the channelId and messageId
        call: owasp-zap-websocket.websocketviewmessage
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/websocket/view/messages
      name: json-websocket-view-messages
      description: REST surface for JSON-websocket-view-messages.
      operations:
      - method: GET
        name: websocketviewmessages
        description: Returns a list of all of the messages that meet the given criteria (all optional), where channelId is
          a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number
          of messages to return (d
        call: owasp-zap-websocket.websocketviewmessages
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: owasp-zap-websocket-mcp
    port: 9090
    transport: http
    description: MCP adapter for ZAP API — websocket. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: sends-specified-message-channel-specified
      description: Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message
        will be sent to the server and if it is 'False' then it will be sent to the client
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketactionsendtextmessage
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-text-message-intercepted-websockets
      description: Sets the text message for an intercepted websockets message
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketactionsetbreaktextmessage
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-text-representation-intercepted-websockets
      description: Returns a text representation of an intercepted websockets message
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketviewbreaktextmessage
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-all-registered-web-socket
      description: Returns all of the registered web socket channels
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketviewchannels
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-full-details-message-specified
      description: Returns full details of the message specified by the channelId and messageId
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketviewmessage
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-list-all-messages-that
      description: Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a
        channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of
        messages to return (d
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-websocket.websocketviewmessages
      outputParameters:
      - type: object
        mapping: $.