Use ZAP to intercept CLI tool requests? (continuation)
88 views
Skip to first unread message
rob oris
Mar 14, 2023, 12:08:00 PM3/14/23
to OWASP ZAP User Group
Quote from other conversation:
"Are you using the ZAP desktop?
If so then if the requests are not showing up the the History then they are not getting proxied through ZAP.
If not then how are you using ZAP?
Cheers,
Simon"
Hi Simon,
I really appreciate you and thc202 trying to help, with both my Google Groups and ZAP problems! Unless and until my Groups problems are resolved, I must resort to beginning a new conversation every time I need to reply. I apologize for any inconvenience, but this is the only workaround I have found so far.
I am attempting to use ZAP desktop to capture HTTP traffic from command line tools such as msfconsole. To demonstrate that my system and msf configurations are correctly set up, I switch back-and-forth between ZAP and Burp Suite. Some of the attached screenshots are therefore taken from ZAP, while others come from Burp Suite. I hope that there is some way to make ZAP work for my use-case as well as Burp Suite does. NB: I do not use ZAP and Burp Suite concurrently, to avoid any potential conflict.
As can be seen in the screenshot of msfconsole options and execution, msfconsole is configured for PROXIES => HTTP:127.0.0.1:8080 . msfconsole works with Burp Suite as configured, but it does not work with ZAP. It seems that msfconsole is correctly configured to run its HTTP traffic through a proxy on 127.0.0.1:8080, since it works with Burp Suite as configured. However, nothing happens in ZAP when I generate the same traffic from msfconsole.
Please review the attached screenshots and let me know if you need any further information.
Thank you,
roboris
"Are you using the ZAP desktop?
If so then if the requests are not showing up the the History then they are not getting proxied through ZAP.
If not then how are you using ZAP?
Cheers,
Simon"
Hi Simon,
I really appreciate you and thc202 trying to help, with both my Google Groups and ZAP problems! Unless and until my Groups problems are resolved, I must resort to beginning a new conversation every time I need to reply. I apologize for any inconvenience, but this is the only workaround I have found so far.
I am attempting to use ZAP desktop to capture HTTP traffic from command line tools such as msfconsole. To demonstrate that my system and msf configurations are correctly set up, I switch back-and-forth between ZAP and Burp Suite. Some of the attached screenshots are therefore taken from ZAP, while others come from Burp Suite. I hope that there is some way to make ZAP work for my use-case as well as Burp Suite does. NB: I do not use ZAP and Burp Suite concurrently, to avoid any potential conflict.
As can be seen in the screenshot of msfconsole options and execution, msfconsole is configured for PROXIES => HTTP:127.0.0.1:8080 . msfconsole works with Burp Suite as configured, but it does not work with ZAP. It seems that msfconsole is correctly configured to run its HTTP traffic through a proxy on 127.0.0.1:8080, since it works with Burp Suite as configured. However, nothing happens in ZAP when I generate the same traffic from msfconsole.
Please review the attached screenshots and let me know if you need any further information.
Thank you,
roboris
Message has been deleted
psiinon
Mar 17, 2023, 7:17:29 AM3/17/23
to zaprox...@googlegroups.com
Do the requests from msfconsole work when you proxy it through ZAP?
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/359c589c-957d-4670-9692-bcca93d12e25n%40googlegroups.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages