Collaborate Disseminate
I have used ZAP for performing MiTM for Web Applications, what are the settings or methods to perfrom MitM for a Desktop Application ?
Is there a way you could setup ZAP as a system proxy so you can monitor the entire traffi… Continue reading How to configure ZAP for Desktop Appliation
I ran a zap scan for my project and found some medium & low level vulnerabilities. But going through some posts, I found that we should run injections (sql, xss, command) on text fields also.
But running these injections… Continue reading After a full web vulnerability scan, do we need to test each & every similar field for possible injections?
OWASP ZAP identifies the following as a reflected XSS. The JavaScript itself is never rendered as JavaScript, only displayed as text to a user. I am curious if this truly is classed as an XSS, and is it exploitable?
I have been using both the tools for a while now. I wanted to categorically know the difference between the two tools to use them better.
Continue reading What is the difference between ZAP and Burp tools in detail?
Hello just wondering if someone already wrote a script for Zap to modify headers automatically with out me having to do it on each response/request..
example.
modify response from 3xx or 4xx to 2xx to bypass some misconfigure… Continue reading Zap Proxy – script to modify headers automatically
I have performed the below steps to capture request/response in ZAP :-
Generate the dynamic certificate in ZAP.
Add the Certificate to the browser (FireFox).
Set the local Proxy to 127.0.0.1 and port to 8090
set the out… Continue reading Not able to get response via OWASP ZAP
I’m trying to fuzz wordpress post password fuctionality with my lists of password. Unfortunately, when fuzzing password page with correct password, and setting redirections to true, ZAP does not display logged in page. Instea… Continue reading Zed Attack Proxy Fuzzer cookie handling
This question already has an answer here:
What is certificate pinning?
6 answers
I have to test the native android applic… Continue reading Mobile internet not working via zap proxy [duplicate]
There are several Linux servers accessible through public IP addresses running web applications. I want to scan these servers from a different computer (headless) using a scanning tool by giving their IP addresses and discove… Continue reading OpenVAS vs OWASP ZAP for vulnerability scanning
I’m trying to find a way to generate api specification from a list of urls(1 domain) captured in zap or burp. Anyone knows a way of doing this? Tried api2swagger but seems overdoing it.