How do I setup ZAP as a transparent proxy between two servers running on my localhost?

[pa...@cloudhealthtech.com]

I am running a Ruby-on-rails server and an Elasticsearch server on my machine. 

The rails app sends HTTP web service requests (GET and POST) to Elasticsearch and expects JSON messages in return.

Normally, Elasticsearch expects its requests to come via port 9200. 

I changed elasticsearch.yml to use 9400 instead.

I tried it out in a web browser and verified that Elasticsearch is indeed now monitoring port 9400, not 9200.

Then I went into the ZAP Options > Local Proxy setup page and changed Port to 9200.

If I now make an HTTP request to port 9200, I get back "Bad Format".

What additional setup do I need to perform? For instance, how do I tell ZAP to forward messages to port 9400?

How do I start ZAP so it allows me to view the message traffic between the rails app and elasticsearch?

I have never used ZAP before, and not sure where in the documentation it describes how to do this, if possible.

I cross-posted this on Stackoverflow. 

https://stackoverflow.com/questions/37861457/how-do-i-setup-owasp-zap-as-an-mitm-proxy-to-debug-http-web-service-calls

Paul

[kingthorin+owaspzap]

You wouldn't configure ZAP to listen on the same port as the other service, that'll just result in port conflicts.

You'd configure the service to use an upstream or forward proxy. What you need is to configure your apps/network properly not ZAP.

[pa...@cloudhealthtech.com]

I ended up using mitmproxy, because it is easily configured as a reverse proxy and has many fewer features, making it easier to use for my narrow purposes.

Paul