capturing non-browser based traffic to ZAP Proxy
169 views
Skip to first unread message
Rami Reddy
Feb 11, 2021, 9:14:31 AM2/11/21
to OWASP ZAP User Group
Hello friends,
We have a set of API based automation tests, where we are calling our API. I want to run these tests with ZAP Proxy receiving the requests and their payloads, so that we can get accurate Payload to ZAP, which we can use for attacks later.
I see browser-based plugins like FoxyProxy, which allows us to pass traffic from certain sites/api to ZAP Proxy. However, my automation tests are not browser based. From java code, we are directly calling those API and verifying. What is the approach for capturing non-browser based traffic?
I tried to setup proxy in Mac by going to System Preferences -> Network. But still, ZAP Proxy is not getting the API traffic.
Thanks
Rami Reddy
thc...@gmail.com
Feb 11, 2021, 10:15:30 AM2/11/21
to zaprox...@googlegroups.com
Hi.
Configure your test runner (or JVM) to proxy through ZAP, e.g.:
https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
Best regards.
Configure your test runner (or JVM) to proxy through ZAP, e.g.:
https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
Best regards.
Simon Bennetts
Feb 11, 2021, 10:18:16 AM2/11/21
to OWASP ZAP User Group
Hi Rami,
You should be able to use these commands to proxy non browser based traffix - run them before you run your tests:
export http_proxy=http://localhost:8090/
export https_proxy=http://localhost:8090/
export https_proxy=http://localhost:8090/
Change those lines to reflect the host and port your ZAP instance is listenning on of course.
Cheers,
Simon
Rami Reddy
Feb 12, 2021, 5:41:16 AM2/12/21
to zaprox...@googlegroups.com
Thank you guys for quick response :)
I set the http_proxy / https_proxy and tried to capture the traffic by running a Java program and making a network call. But it didn't capture. So, I tried the other option provided by thc...@gmail.com and added the proxy details in Java Program. ZAP captured traffic, But I see that user agent is modified to "jre 1.8. " version details instead of actual user agent. So, API is throwing 502 Bad gateway errors.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/e3021954-c1dd-49b9-8c23-942161379058n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages