Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Zed Attack Proxy Cookbook

You're reading from   Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs

Arrow left icon
Product type Paperback
Published in Mar 2023
Publisher Packt
ISBN-13 9781801817332
Length 284 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (3):
Arrow left icon
Nestor Torres Nestor Torres
Author Profile Icon Nestor Torres
Nestor Torres
Ahmed Almoailu Ahmed Almoailu
Author Profile Icon Ahmed Almoailu
Ahmed Almoailu
Ryan Soper Ryan Soper
Author Profile Icon Ryan Soper
Ryan Soper
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Chapter 1: Getting Started with OWASP Zed Attack Proxy 2. Chapter 2: Navigating the UI FREE CHAPTER 3. Chapter 3: Configuring, Crawling, Scanning, and Reporting 4. Chapter 4: Authentication and Authorization Testing 5. Chapter 5: Testing of Session Management 6. Chapter 6: Validating (Data) Inputs – Part 1 7. Chapter 7: Validating (Data) Inputs – Part 2 8. Chapter 8: Business Logic Testing 9. Chapter 9: Client-Side Testing 10. Chapter 10: Advanced Attack Techniques 11. Chapter 11: Advanced Adventures with ZAP 12. Index 13. Other Books You May Enjoy

Toolbar

In this recipe, we are going to go over the ZAP Proxy toolbar and what each section of the toolbar does.

Getting ready

To review this recipe, you will need to have ZAP installed on your computer, and it should be started and running.

How to do it…

Looking at the toolbar from left to right, you will see the mode pulldown, as shown in Figure 2.3, which allows you to change modes in ZAP:

  • Safe Mode will prevent you from performing any dangerous actions against a target.
  • In Protected Mode, you will be able to perform dangerous actions against the application scope.
  • Standard Mode is the mode in which you can do anything you want with no restriction from the tool.
  • The last mode we have is ATTACK Mode. In this mode, you will start scanning for vulnerabilities with any new target added to the scope.
Figure 2.3 – The mode options on the top-level toolbar

Figure 2.3 – The mode options on the top-level toolbar

The next four icons in Figure 2.3 are options that allow you to save, modify, and edit session information from a target.

The last icon in Figure 2.3, the cogwheel, allows you, the user, to change the settings of all the sections of ZAP proxy. This can also be accessed by going to Tools then Options. We will go into more detail later in the next chapters when we start changing and optimizing each section as we perform attacks.

The next set of icons you find in Figure 2.4, from the top-level toolbar going left to right, allows you to change the ZAP proxy theme to eight different built-in templates:

Figure 2.4 – The middle of the top-level toolbar

Figure 2.4 – The middle of the top-level toolbar

The default setting is Flat Light, but you can switch to dark mode with Flat Dark, or use any other visual setting from the drop-down list, as shown in Figure 2.5. Keep in mind, any changes to the way that ZAP proxy looks may alter the locations of other settings within the tool. For this book, we are going to use the default settings throughout:

Figure 2.5 – Choosing a theme

Figure 2.5 – Choosing a theme

As we continue, the next set of icons in the toolbar allows you to view all tabs (tab and lightbulb icon), hide unpinned tabs (tab with red X icon), and show tab icons and hide tab names (tab with a green square and the letter T).

Moving on to the right, the last seven icons allow you to change the ZAP proxy window layout, and they also allow you to expand either the Sites tree window, the Information window, or the Workspace window. For this book, we will be using the default configuration that expands the Information window along the bottom half of ZAP and keeps the Workspace window:

Figure 2.6 – The window layout

Figure 2.6 – The window layout

In the last section of the top-level toolbar (Figure 2.7), you will see the following:

  • Settings (from left to right) that allow you to manage add-on plugins (red/blue/green blocks)
  • Check for plugin updates (lightning bolt with blue arrow)
  • Show/enable fields (lightbulb)
  • Set and customize breakpoints (green/red circle, line/arrow, right arrow, stop sign and red X)
  • Scan Policy Manager (control board)
  • Apply forced user mode (padlock)
  • Enable zest scripting (cassette tape)
  • Open the user guide (blue question mark)
  • Disable/enable the HUD (green radar)
  • Use a preconfigured browser to proxy sites (Firefox logo)
  • Report building (spiral notebook)

Each of these will be discussed in further detail in later chapters.

Figure 2.7 – The last section of the top-level toolbar

Figure 2.7 – The last section of the top-level toolbar

How it works…

The toolbar features the most common tools used in OWASP ZAP and is intended to help users with setting up and getting comfortable, accommodating different user preferences for testing with the tool. Spend time here getting to know and understand the options available to you.

See also

Open the Help menu and navigate to the OWASP ZAP user guide for more information.

Shortcut

Use F1 to quickly open the information guide.

You have been reading a chapter from
Zed Attack Proxy Cookbook
Published in: Mar 2023
Publisher: Packt
ISBN-13: 9781801817332
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime