From the course: Ethical Hacking: Session Hijacking

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Using Zed Attack Proxy (ZAP)

Using Zed Attack Proxy (ZAP) - Linux Tutorial

From the course: Ethical Hacking: Session Hijacking

Start my 1-month free trial

Using Zed Attack Proxy (ZAP)

- [Instructor] Zed Attack Proxy is another web proxy tool which comes as part of Kali. Let's take a look at it. I select Applications, Web Application Analysis, owasp zap. Okay, we have the main ZAP page. Let's check Tools, Options, and select Local Proxies, and we can see that ZAP is set up to proxy on port 8080. I start up Firefox, and I'll set it up for proxying by selecting Preferences, Advanced, Network, Settings, Manual proxy, to 127.0.0.1, and Port 8080. Okay, we're ready to go. I'll connect through to the Zero Online Banking site, and I'll log in with a username of username, and a password of password. Okay, I'll go back to ZAP to see what's happened. I'll open the Sites in the left panel. And we can see the banking site has been recorded, with the conversation in the bottom panel. I've selected the POST request for sign in, and in the top right panel in the Request tab we can see the message header, and the plain text credentials and user token in the lower part. I'll now get…

Contents