infosecgirls
Appsec
Appsec
  • Introduction
  • Application Details
    • VM - Pre-req
    • Import Virtual Machines
    • Access Mutillidae Web Application
  • INITIAL SETUP WITH OWASP ZAP
    • OWASP ZAP
    • Setup OWASP ZAP
    • Modes
    • Automated Scan
    • Report Generation
  • Initial Setup with Burp
    • Start Burp Suite
    • Add FoxyProxy Addon
    • Add New Proxy In FoxyProxy
    • Configure Proxy Listener
    • Install Burp's CA Certificate In Firefox
    • Getting Rid of Unnecessary Browser Traffic
  • Quick Basics
    • Disable Intercept Mode in Burp
    • Enable Intercept Mode in Burp
    • Send to Repeater
    • Send to Comparer
  • Web Application Pentesting
    • A1 - Injection
      • SQL Injection with bWAPP
      • SQL Injection in DVNA
      • Command Injection in DVNA
    • A2 - Broken Authentication
      • Broken Authentication with bWAPP
    • A3 - Sensitive Data Exposure
      • Sensitive Data Exposure - DVNA
    • A4 - XML External Entities (XXE)
      • XML External Entity (XXE) Injection - Mutillidae
      • XML External Entity (XXE) Injection - DVNA
    • A5 - Broken Access Control
      • Broken Access Control - DVNA
    • A6 - Security Misconfiguration
      • Security Misconfiguration in DVNA
      • Security Misconfiguration in Mutillidae
      • Security Misconfiguration in Security Shepherd
    • A7 - Cross-Site Scripting (XSS)
      • Reflected XSS
      • DOM XSS
      • Stored XSS - Mutillidae
      • XSS - Sending data to remote server
    • A8 - Insecure Deserialization
      • Insecure Deserialization - DVNA
    • A9 - Using Components with Known Vulnerabilities
      • Using Components with Known Vulnerabilities - DVNA
    • 10 - Insufficient Logging & Monitoring
    • References
    • About Us
  • Additional Content
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Password Guessing Attack
    • User Enumeration
      • Unauthenticated User Access
      • Create a New User
      • Authenticated User Access
      • Intruder: Set Positions
      • Intruder: Define Payload
      • Intruder: Configure Grep - Extract
      • Trigger Attack & Save Results
    • Custom Iterator
    • Null Payload
    • Request in Browser: Privilege Escalation Check
  • Burp Extenders
    • Target
    • Proxy
    • Intruder
    • Repeater
    • Sequencer
    • Decoder
    • Comparer
    • Extender
Powered by GitBook
On this page
  • Fire Up Kali
  • Start OWASP ZAP

Was this helpful?

  1. INITIAL SETUP WITH OWASP ZAP

OWASP ZAP

PreviousAccess Mutillidae Web ApplicationNextSetup OWASP ZAP

Last updated 5 years ago

Was this helpful?

Fire Up Kali

Let's begin in the usual way—by firing up . In this tutorial, I will be using Kali 2.0 as so many of you are now using it, although I still have my reservations. Earlier versions of Kali also have OWASP ZAP, so if you are using those, you can also follow this tutorial.

Start OWASP ZAP

If you want to start OWASP ZAP from the command line, you can simply type:

kali > owasp-zap

The first thing you will see is the license. Go ahead and accept the terms if you feel comfortable with them. This is a standard Apache license

If you don't have the zap installed in kali, Download it

The OWASP ZAP Interface

When OWASP ZAP eventually opens, it should look like the screenshot below. This tool has many powerful features, but initially, we will only try out its "Attack" function in the large right-hand window. In this mode, OWASP ZAP aggressively goes to the website we designate and begins to look for vulnerabilities

Zed Attack Proxy -

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Kali