Monday 21 March 2016

Using OWASP Zed Attack Proxy (ZAP) and Plug-n-Hack as a proxy for your browser

Background

Some time back we saw how to use Fiddler proxy to intercept traffic from local browser or you Android devices. 
Recently I came across a more powerful proxy tool called OWASP Zed Attack Proxy or ZAP . It's not just a proxy tool. It is a tool used for ethical hacking. You can use it to attack sites and find vulnerabilities. Using ZAP you can do various things like -
etc.

You can read more about ZAP on their home page -

NOTE : You should use these ethical hacking tools only on sites that you have permission for. Using these on other sites may be treated as an offense.

In this post I am going to show you how to set up a simple proxy to redirect your browser traffic through ZAP.

 You can download the software from here. You can choose the download based on your operating system.

Once you download, install and open ZAP it would look something like below -



Using ZAP as proxy

Before we move on to browser to see how we can use ZAP as a proxy there lets see proxy settings in ZAP itself.
  • Go to Tools -> Options ->Local proxy
Here you can see the Address and port the proxy is listening on. You can manually configure your browser proxy settings to use this.



 Now click on Plug-n-Hack on the ZAP home page or copy the URL pasted in browser.

Click on "Click to setup!"

And install the addon.





 Finally enable the browser to send traffic via our ZAP proxy -



NOTE :  If you are getting - "A provider with this name has already been configured.".




You can manually check the proxy settings.




Also if you want the automatic configuration you can clear it. Also from now on you can use
  • zap
  • pnh
command in firefox console  (Shift + F2)
 



You can use pnh command to clear and remove proxy settings from firefox





You should finally see something like below -



Related Links

t> UA-39527780-1 back to top