Merge pull request #1771 from zapbot/update-site-content

Update site content

Author: thc202

addons/index.html

@@ -2144,7 +2144,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v5/imagelocationscanner-beta-5.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v6/imagelocationscanner-beta-6.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -2157,16 +2157,16 @@ <h1 class="text--white">ZAP Marketplace</h1>
             imagelocationscanner
         </td>
         <td align="center">
-            5
+            6
         </td>
         <td >
             beta
         </td>
         <td>
-            Jay Ball (veggiespam) and the ZAP Dev Team
+            Jay Ball (@veggiespam) and the ZAP Dev Team
         </td>
         <td align="center">
-            2024-04-11
+            2025-06-19
         </td>
     </tr>
 

docs/desktop/addons/image-location-and-privacy-scanner/images/screenshot-2-zap.png

@@ -1827,14 +1827,33 @@ <h1 id="image-location-and-privacy-scanner">Image Location and Privacy Scanner</
 
 <h2 id="id-10103">Image Location and Privacy Scanner <a class="header-link" href="#id-10103"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <p>Passively scans for GPS location and other privacy-related exposures in images during normal security assessments of websites. Image Location and Privacy Scanner (ILS) assists in situations where end users may post profile images and possibly give away their home location, e.g. a dating site or children&rsquo;s chatroom.</p>
-<p>More information on this topic, including a white paper based on a real-world site audit given as a presentation at the New Jersey chapter of the OWASP organization, can be found at <a href="https://www.veggiespam.com/ils/">https://www.veggiespam.com/ils/</a> .</p>
-<p>This software finds the GPS information inside of Exif tags, IPTC codes, and proprietary camera codes. Then, the Image Location and Privacy Scanner flags the findings in the ZAP Alerts list as an information message. It would be up to the auditor to determine if location exposure is truly a security risk based on context.</p>
-<p>Some Notes:</p>
+<p>More information on this topic, including a white paper based on a real-world site audit given as a presentation at the New Jersey chapter of the OWASP organization, can be found at <a href="https://www.veggiespam.com/ils/">https://www.veggiespam.com/ils/</a>.</p>
+<p>This software scans images to find the GPS information inside of Exif tags, IPTC codes, and proprietary camera tags. Then, ILS flags the findings in the ZAP Alerts list as an information message. It would be up to the auditor to determine if location exposure is truly a security risk based on context.</p>
+
+<h2 id="sample-findings">Sample Findings <a class="header-link" href="#sample-findings"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
+<p>Configure the web browser to proxy through ZAP and then browse to a few sample sites to see Alerts being raised:</p>
+<ul>
+<li>MetaData Extractor&rsquo;s <a href="https://github.com/drewnoakes/metadata-extractor/wiki/SampleOutput">SampleOutput page</a> contains some good images. <em>(Note: For some URLs, you need a <a href="https://github.com/drewnoakes/metadata-extractor-images/tree/master/jpg">GitHub session cookie</a>)</em>
+<ul>
+<li><a href="https://raw.githubusercontent.com/drewnoakes/metadata-extractor-images/master/jpg/Apple%20iPhone%204.jpg">iPhone 4</a> shows GPS data.</li>
+<li><a href="https://raw.githubusercontent.com/drewnoakes/metadata-extractor-images/master/jpg/FujiFilm%20FinePixS1Pro%20(1).jpg">FujiFilm FinePix S1 Pro</a> has embedded IPTC locations and keywords.</li>
+<li><a href="https://raw.githubusercontent.com/drewnoakes/metadata-extractor-images/master/jpg/Panasonic%20DMC-TZ10.jpg">Panasonic DMC-TZ10</a> shows proprietary Panasonic MakerNote tags including city, state, country along with facial recognition information, like the name and age of the person in the picture. ZAP screenshot is shown below.</li>
+</ul>
+</li>
+<li>This professional photographer utilizes Exif &amp; IPTC data in many of the full-sized (non-thumbnail) photos: <a href="https://raia.com/">Raia.com</a></li>
+</ul>
+<p><img src="/docs/desktop/addons/image-location-and-privacy-scanner/images/screenshot-2-zap.png" alt=""></p>
+
+<h2 id="usage-notes">Usage Notes <a class="header-link" href="#usage-notes"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <ul>
-<li>Before ZAP 2.7.x, you must manually enabled image scanning with: Tools → Options → Display → Process images in the HTTP requests/responses pane.</li>
-<li>If you have images disabled in Global Exclude URL, then any passive image scanner, like ILS, will be unable to see the images and report on privacy issues.</li>
+<li>Before ZAP 2.7.x, you must manually enabled image scanning with: Tools → Options → Display → &ldquo;Process images in the HTTP requests/responses&rdquo; for ILS to function at all.</li>
+<li>By default, ZAP hides images in the history, but ILS stills scan these images for findings. If an alert is triggered, then the image and its alerts will appear in the Alerts tab but not in the History tab. To show images in the history, both with alerts and without, enable with &ldquo;Process images in the HTTP&rdquo; as above.</li>
+<li>If you have image processing completely disabled via Tools → Options → Network → Global Exclusions → Extension - Image (née Global Exclude URL), then any passive image scanner, like ILS, will be unable to see the images and report on privacy issues - thus disuse this feature with images so ILS can function.</li>
 </ul>
-<p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/imagelocationscanner">imagelocationscanner</a><br>
+<p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/imagelocationscanner">ZAP Extension &ldquo;imagelocationscanner&rdquo; Source</a><br>
+Project Source Code Origin with more information: <a href="https://github.com/veggiespam/ImageLocationScanner">Veggiespam&rsquo;s Image Location Scanner on GitHub</a><br>
+Project Home Page: <a href="https://www.veggiespam.com/ils/">Veggiespam&rsquo;s Image Location Scanner</a><br>
+Keywords: Infosec, Audit, Information Exposure, Data Leakage, Vulnerability, GPS, Exif, IPTC, PII, OpSec, Privacy<br>
 Alert ID: <a href="/docs/alerts/10103/">10103</a>.</p>
 
         </div>