owasp zap screenshots - university of pennsylvaniaquestions and solutions as screenshots : owasp zap...
TRANSCRIPT
![Page 1: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/1.jpg)
QuestionsandSolutionsasscreenshots:OWASPZAP
1. SettingZAPasanInterceptingproxyserver:Inoptionsmenuonhomepageofapplication,inlocalproxy,portnumbercanbechangedfortheproxy.
Innetworksettingofbrowser,proxyshouldbeenabled.
![Page 2: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/2.jpg)
Inthehistorytab,alltherequests,responsescanbeseenwhenrequestsaremadethroughthebrowserthenandtheapplicationactsasaproxylisteningandrecordingalltherequests.Also,alertsandtagslikecookiescanbeseen.
![Page 3: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/3.jpg)
Tocrawlawebsiteorlaunchactiveattacks,asamplewebapplicationwascreated.Thiswebapplicationrunsonjettyandisasimpleuserform
2. Crawlingyourwebapplication:Spideroptionisnowselectedafterrightclickingthewebapplication,whichcrawlsthewebsiteanddisplaysresults
![Page 4: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/4.jpg)
Thesearetheresultsobtainedaftercrawling:
Optionsforcrawlinglikedepth,threadscanbesetupinoptionsmenu:
![Page 5: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/5.jpg)
3. Activeattacksonwebapplicationtolookforunhandledalerts:Activescanwillscanthewebapplicationanddisplaypossiblealerts
![Page 6: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/6.jpg)
Asexplainedintheslides,differentalertscanbecheckedinbottomleftcorner:
4. Fuzztestwebapplicationforaspecificparameter:SelectFuzztestingforyourwebapplication
Thenhighlighttheparameter,youwanttofuzzteston,likeinthebelowcaseitisusername,andselectaddpayload
![Page 7: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/7.jpg)
Selectfilefuzzerandchoosedifferentfuzztestersavailable.Youcanchoosealltoperformextensivetestingorjustafewselectedpayloads
![Page 8: OWASP ZAP Screenshots - University of PennsylvaniaQuestions and Solutions as screenshots : OWASP ZAP 1. Setting ZAP as an Intercepting proxy server : In options menu on home page of](https://reader034.vdocument.in/reader034/viewer/2022042109/5e894f3f955ecb52640b30e9/html5/thumbnails/8.jpg)
Youcanthenseetheresultsfordifferentpayloads.Requestsandresponsescanbeseen,anddifferentpayloadscanthusbetestedeasily.Reflectedstateindicatesthattheresponseincorrect,andthatpayloadishandledbytheapplication.