Add Replacer to doc

wurstbrot · web-flow · commit 7452e1ee49fe · 2018-11-14T13:26:58.000+01:00
Please see secureCodeBox/scanner-webapplication-zap#17.
diff --git a/docs/user-guide/scanprocesses/Zap.md b/docs/user-guide/scanprocesses/Zap.md
@@ -82,12 +82,31 @@ A full example target looks like this:
     LOGGED_OUT_INDICATOR: "",
     ZAP_SPIDER_API_SPEC_URL: "",
     ZAP_CSRF_TOKEN_ID: "csrftoken",
+    ZAP_REPLACER_RULES:  
+     [
+         { 
+           matchType:"RESP_HEADER",
+           description:"Remove CSP",
+           matchString:"Content-Security Policy",
+           initiators:"",
+           matchRegex:"false",
+           replacement:"",
+           enabled:"true"
+         },
+         {
+            matchType:"REQ_HEADER",
+            description:"Add a special Authentication Header",
+            matchString:"Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l",
+            initiators:"",
+            matchRegex:"false",
+            replacement:"Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l",
+            enabled:"true"
+         }
+    ]
   ]
 }
 ```
 
 >**Note**: The attributes in the example are all fields currently supported by the secureCodeBox Zap Scanner. Mandatory is only `ZAP_BASE_URL`. If this field is not present, the target is ignored.
-
-
-
-
+ ## Zap Addon Replacer
+The [Replacer](https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsReplacerReplacer) is used to replace strings in requests and responses and is enabled in the SecureCodeBox. It might be usefull to to add an authentication header for security testing of APIs (e.g. with an OpenAPI specification).
