ZA Proxy: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
Firstly It's needed to install '''ZAP (ZA Proxy)''' using <code>sudo snap install zaproxy --classic</code> then need to configure Proxy Server and generate Certificate as in '''Options''' section. After that Certificate need to import in Firefox browser. Then [https://addons.mozilla.org/en-US/firefox/addon/switchyomega/ Proxy SwitchyOmega] Extension needed to install and configure '''AutoProxy'''. Then any site can be configure for Pen Testing.
==Options==
OWASP ZAP » Options » Local Proxies                  » Go to New Screen
OWASP ZAP » Options » '''Dynamic SSL  Certificates      » Go to New Screen  » Save'''
OWASP ZAP » Firefox » '''Settings  » Certificates      » View Certificates » Import'''
OWASP ZAP » Firefox » Settings  » Network Settings  » Proxy
OWASP ZAP » Firefox » Extensions » Proxy SwitchyOmega » Auto Switch
==Shortcuts==
{|
| valign="top" |
───────────────────────────────────────────────
Ctrl + Alt  + D  » Options
Ctrl + J          » Import WSDL From Web
Ctrl + I          » Import a File From URLs
| valign="top" |
───────────────────────────────────────────────
Ctrl + Shift + I  » Import WSDL From System
|-
| colspan="3" |
----
|-
| valign="top" |
| valign="top" |
|}
==Knowledge==
==Knowledge==
{|
{|
Line 26: Line 59:
{|
{|
| valign="top" |
| valign="top" |
* [https://snapcraft.io/zaproxy ZAP » <code>sudo snap install zaproxy --classic</code>]
* [https://www.devonblog.com/security/owasp-zap-for-dummies/ ZAP » Configure to monitor security Threats]
* [https://superuser.com/questions/417896/ ZAP » Using a Proxy for Certain Sites Only]
* [https://superuser.com/questions/417896/ ZAP » Using a Proxy for Certain Sites Only]
* [https://www.linkedin.com/pulse/how-setup-owasp-zap-scan-your-web-application-security-botla  ZAP » Setup to scan your web application]
* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file ZAP » Proxy Auto-Configuration]
* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file ZAP » Proxy Auto-Configuration]
* [https://security.secure.force.com/security/tools/webapp/zapbrowsersetup ZAP » Setting up for Browser]
* [https://security.secure.force.com/security/tools/webapp/zapandroidsetup ZAP » Setting up for Android]
* [https://addons.mozilla.org/en-US/firefox/addon/switchyomega/ ZAP » Proxy SwitchyOmega]
* [https://addons.mozilla.org/en-US/firefox/addon/switchyomega/ ZAP » Proxy SwitchyOmega]
* [https://www.zaproxy.org/ ZAP » Zed Attack Proxy]
* [https://www.zaproxy.org/ ZAP » Zed Attack Proxy]
* [https://www.zaproxy.org/getting-started/ ZAP » Getting Started]
* [https://github.com/zaproxy/zaproxy ZAP » GitHub]
* [https://github.com/zaproxy/zaproxy ZAP » GitHub]


| valign="top" |
| valign="top" |
* [https://snapcraft.io/zaproxy ZAP » <code>sudo snap install zaproxy --classic</code>]


| valign="top" |
| valign="top" |
Line 42: Line 80:
|-
|-
| valign="top" |
| valign="top" |
* [https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing IAST » Interactive Application Security Testing]
* [https://www.opentext.com/what-is/dast DAST » Dynamic Application Security Testing]
* [https://www.sonarsource.com/solutions/security/ Penetration Testing, Process, Types, & Tools]
* [https://www.synopsys.com/software-integrity/application-security-testing-services/mobile-application-security-testing.html MAST » Mobile Application Security Testing]
* [https://www.sonarsource.com/solutions/security/ SAST » Static Application Security Testing]
* [https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools Open Source Application Security Tool]
* [[JMeter]]
* [[Wrk]]


| valign="top" |
| valign="top" |

Latest revision as of 23:52, 22 May 2024

Firstly It's needed to install ZAP (ZA Proxy) using sudo snap install zaproxy --classic then need to configure Proxy Server and generate Certificate as in Options section. After that Certificate need to import in Firefox browser. Then Proxy SwitchyOmega Extension needed to install and configure AutoProxy. Then any site can be configure for Pen Testing.

Options

OWASP ZAP » Options » Local Proxies                   » Go to New Screen
OWASP ZAP » Options » Dynamic SSL  Certificates       » Go to New Screen  » Save
OWASP ZAP » Firefox » Settings   » Certificates       » View Certificates » Import
OWASP ZAP » Firefox » Settings   » Network Settings   » Proxy
OWASP ZAP » Firefox » Extensions » Proxy SwitchyOmega » Auto Switch

Shortcuts

───────────────────────────────────────────────
Ctrl + Alt   + D   » Options
Ctrl + J           » Import WSDL From Web
Ctrl + I           » Import a File From URLs
───────────────────────────────────────────────
Ctrl + Shift + I   » Import WSDL From System



Knowledge

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep 8080
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio

References