Need support on using ZAP on Chrome or IE 10

[Gaurav Mittal]

Hi,

Can someone help me to use ZAP tool on Chrome or IE. I am able to use it on firefox, but our website does not support Firefox. It only supports IE 9, 10, 11 and Chrome 36 and above.

Regards,

Gaurav

[Simon Bennetts]

ZAP should work with all modern web browsers.
You just need to configure the browser to use ZAP as a proxy and to import the ZAP root CA as a trusted CA cert.
The help included with ZAP covers this, and its also online here: https://github.com/zaproxy/zap-core-help/wiki/HelpStartProxies

Any problems then let us know.

Simon

[Gaurav Mittal]

Hi Simon,

Thanks for the reply. Sorry for replying the mail late. 

Yes I am able to open and connect the ZAP to the chrome browser, by changing the Proxy setting to localhost.

I am also able to run the active scan, but what I see is, it just scans the first page only. We have a form based Application and have Dynamic Pages. First Page itself requires login credentials.

Can you kindly point me to documentations on how to use ZAP for for the applications that have dynamic Pages and Form Based logins.

Regards,

Gaurav

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/B6HmcaRefZE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Regards,
Gaurav Mittal

[Simon Bennetts]

Hi Gaurav,

For an introduction to authentication handling in ZAP have a look at this tutorial vid: https://www.youtube.com/watch?feature=player_embedded&v=cR4gw-cPZOA

What do you mean by Dynamic Pages?
If you mean its a 'single page app' then you'll need to specify the form or URL parameters that are really part of the application structure as 'structural parameters' in the Context / Structure panel.

Cheers,

Simon

To unsubscribe from this group and all its topics, send an email to zaproxy-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Regards,
Gaurav Mittal

[Varinder Virdi]

Hi,

I am trying to use https with Zap having proxy server enabled.

The same is working in IE, firefox but on chrome, i am getting certificate error though i have imported dynamic CA certificate in chrome.

Can you please give me information if we need to do some additional settings for working over SSL and Zap in chrome.

Thanks and Regards,

Varinder Kaur

[Simon Bennetts]

Strange, I thought that Chrome used the Windows cert store :/
Can you post details / screenshot of the error Chrome reports?

[Varinder Virdi]

Hi Simon,

Thanks for reply!!

I have attached screenshots of the certificate error on https as well as the certificate installation in chrome.

Please let me know if you need more information OR i have done something wrong.


Thanks,

Varinder Kaur

[kingthorin+owaspzap]

Did the page load? To me that's a warning not an error.

Do you have the option to "Proceed anyway"?

[Varinder Virdi]

Yes i have option to proceed anyway, but i am not sure if it will be right to proceed without resolving this issue Or ZAP will find the security issues correctly without fixing this issue.

Can you please let us know if it will not effect testing. If so we will proceed without fixing this.

/Regards,

Varinder Kaur

[Simon Bennetts]

I think this might have just been fixed c/o robocoder :)
https://github.com/zaproxy/zaproxy/pull/1695

Cheers,

Simon

[kingthorin+owaspzap]

If you're able to "Proceed anyway" it should not affect your ability to test at all.