Friday, February 1, 2019

The Magic Behind Burp, ZAP, and Other Proxies

If you build web applications and care about security, you have probably used the Burp and ZAP proxy security tools. These tools perform dynamic analysis of live web applications to identify security vulnerabilities. Burp and ZAP can discover issues with your applications as you navigate through them via a browser. Essentially, it was configured as the "man in the middle" and was able to intercept all traffic between your browser and web application. Have you ever wondered how it is possible to intercept encrypted traffic over https? This article explains how it is done and provides a basic framework for creating your own proxy software.

To get started with Burp and ZAP (from now on, I'll refer to these as simply the "proxy"), you have to decide what port you want the proxy to listen on and configure your browser to use that port as a proxy. In Firefox, to use port 9000, your configuration might look like the following:



from DZone.com Feed http://bit.ly/2RY1rmt

No comments:

Post a Comment