ZA Proxy: Difference between revisions
Jump to navigation
Jump to search
(18 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Firstly It's needed to install '''ZAP (ZA Proxy)''' using <code>sudo snap install zaproxy --classic</code> then need to configure Proxy Server and generate Certificate as in '''Options''' section. After that Certificate need to import in Firefox browser. Then [https://addons.mozilla.org/en-US/firefox/addon/switchyomega/ Proxy SwitchyOmega] Extension needed to install and configure '''AutoProxy'''. Then any site can be configure for Pen Testing. | |||
==Options== | |||
OWASP ZAP » Options » Local Proxies » Go to New Screen | |||
OWASP ZAP » Options » '''Dynamic SSL Certificates » Go to New Screen » Save''' | |||
OWASP ZAP » Firefox » '''Settings » Certificates » View Certificates » Import''' | |||
OWASP ZAP » Firefox » Settings » Network Settings » Proxy | |||
OWASP ZAP » Firefox » Extensions » Proxy SwitchyOmega » Auto Switch | |||
==Shortcuts== | |||
{| | |||
| valign="top" | | |||
─────────────────────────────────────────────── | |||
Ctrl + Alt + D » Options | |||
Ctrl + J » Import WSDL From Web | |||
Ctrl + I » Import a File From URLs | |||
| valign="top" | | |||
─────────────────────────────────────────────── | |||
Ctrl + Shift + I » Import WSDL From System | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
| valign="top" | | |||
|} | |||
==Knowledge== | |||
{| | |||
|valign='top'| | |||
sudo ss -tulwn | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | grep 8080 | |||
sudo ss -tulpn | grep LISTEN | grep sshd | |||
sudo ss -tulpn | grep LISTEN | grep minio | |||
|valign='top'| | |||
|valign='top'| | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
|valign='top'| | |||
|valign='top'| | |||
|} | |||
==References== | ==References== | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
* [https:// | * [https://www.devonblog.com/security/owasp-zap-for-dummies/ ZAP » Configure to monitor security Threats] | ||
* [https://superuser.com/questions/417896/ ZAP » Using a Proxy for Certain Sites Only] | |||
* [https://www.linkedin.com/pulse/how-setup-owasp-zap-scan-your-web-application-security-botla ZAP » Setup to scan your web application] | |||
* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file ZAP » Proxy Auto-Configuration] | |||
* [https://security.secure.force.com/security/tools/webapp/zapbrowsersetup ZAP » Setting up for Browser] | |||
* [https://security.secure.force.com/security/tools/webapp/zapandroidsetup ZAP » Setting up for Android] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/switchyomega/ ZAP » Proxy SwitchyOmega] | |||
* [https://www.zaproxy.org/ ZAP » Zed Attack Proxy] | * [https://www.zaproxy.org/ ZAP » Zed Attack Proxy] | ||
* [https://www.zaproxy.org/getting-started/ ZAP » Getting Started] | |||
* [https://github.com/zaproxy/zaproxy ZAP » GitHub] | |||
| valign="top" | | | valign="top" | | ||
* [https://snapcraft.io/zaproxy ZAP » <code>sudo snap install zaproxy --classic</code>] | |||
| valign="top" | | | valign="top" | | ||
Line 14: | Line 80: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing IAST » Interactive Application Security Testing] | |||
* [https://www.opentext.com/what-is/dast DAST » Dynamic Application Security Testing] | |||
* [https://www.sonarsource.com/solutions/security/ Penetration Testing, Process, Types, & Tools] | |||
* [https://www.synopsys.com/software-integrity/application-security-testing-services/mobile-application-security-testing.html MAST » Mobile Application Security Testing] | |||
* [https://www.sonarsource.com/solutions/security/ SAST » Static Application Security Testing] | |||
* [https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools Open Source Application Security Tool] | |||
* [[JMeter]] | |||
* [[Wrk]] | |||
| valign="top" | | | valign="top" | |
Latest revision as of 23:52, 22 May 2024
Firstly It's needed to install ZAP (ZA Proxy) using sudo snap install zaproxy --classic
then need to configure Proxy Server and generate Certificate as in Options section. After that Certificate need to import in Firefox browser. Then Proxy SwitchyOmega Extension needed to install and configure AutoProxy. Then any site can be configure for Pen Testing.
Options
OWASP ZAP » Options » Local Proxies » Go to New Screen OWASP ZAP » Options » Dynamic SSL Certificates » Go to New Screen » Save OWASP ZAP » Firefox » Settings » Certificates » View Certificates » Import OWASP ZAP » Firefox » Settings » Network Settings » Proxy OWASP ZAP » Firefox » Extensions » Proxy SwitchyOmega » Auto Switch
Shortcuts
─────────────────────────────────────────────── Ctrl + Alt + D » Options Ctrl + J » Import WSDL From Web Ctrl + I » Import a File From URLs |
─────────────────────────────────────────────── Ctrl + Shift + I » Import WSDL From System | |
| ||
Knowledge
sudo ss -tulwn | grep LISTEN sudo ss -tulpn | grep LISTEN | grep 8080 sudo ss -tulpn | grep LISTEN | grep sshd sudo ss -tulpn | grep LISTEN | grep minio |
||
| ||
References
| ||