Using ZAP to view and alter requests
Although Tamper Data can help with the testing process, sometimes we need a more flexible method to modify requests and more features, such as changing the method used to send them (that is, from GET to POST) or saving the request/response pair for further processing by other tools.
OWASP ZAP is much more than a web proxy, it not only intercepts traffic, it also has lots of features similar to the crawler we used in the previous chapters, vulnerability scanner, fuzzer, brute forcer, and so on. It also has a scripting engine that can be used to automate activities or to create a new functionality.
In this recipe, we will begin the use of OWASP ZAP as a web proxy, intercept a request, and send it to the server after changing some values.
Getting ready
Start ZAP and configure the browser to send information through it.
How to do it...
Browse to
http://192.168.56.102/mutillidae/.Now, in the menu navigate to OWASP Top 10 | A1 – SQL Injection | SQLi – Extract Data...
