Comparison with Burp Suite.

[Salman Khwaja]

Burp suite is considered a defacto in Pen Testing. Is Owasp Zap an equivalent to Burp ? Is there any documentation which would run down the features of Burp Versus Owasp. Technically both of them works as Proxy, so I do think there would be more similarities than differences. Just wondering if there is any document which could be shown. 

Also, the concept of INTERCEPT the request and then sending a very large payload by tampering the Request can done easily in Burp. How can we do it is ZAP ? 

[Simon Bennetts]

While ZAP is not intended to be a clone of Burp there are lots of overlaps.
I'd be very happy to see a comparison doc, but as I havnt used burp for many years I'm probably not the best person to write such a doc :)

Intercepting a request in ZAP is very easy - see https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsBreakpoints you can then do whatever you like to the request before sending it on.
You can also change any request or response on the fly using scripts: https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts

If you're not sure how to do anything you need to in ZAP then this group is the right place to ask :)

Cheers,

Simon

[kingthorin+owaspzap]

I must have missed that memo :)

Yes you can intercept and manipulate requests/responses in ZAP either manually (break on all), automatically (regex break points or Replacer addon), or programmatically (using scripts or creating your own addon).