You're reading from Zed Attack Proxy Cookbook Hacking tactics, techniques, and procedures for testing web applications and APIs

Product type Paperback

Published in Mar 2023

Publisher Packt

ISBN-13 9781801817332

Length 284 pages

Edition 1st Edition

Languages

Perl

Concepts

Penetration Testing

Authors (3):

Nestor Torres

Ahmed Almoailu

Ryan Soper

View More author details

Table of Contents (14) Chapters

Preface

1. Chapter 1: Getting Started with OWASP Zed Attack Proxy

2. Chapter 2: Navigating the UI FREE CHAPTER

3. Chapter 3: Configuring, Crawling, Scanning, and Reporting

4. Chapter 4: Authentication and Authorization Testing

5. Chapter 5: Testing of Session Management

6. Chapter 6: Validating (Data) Inputs – Part 1

7. Chapter 7: Validating (Data) Inputs – Part 2

8. Chapter 8: Business Logic Testing

9. Chapter 9: Client-Side Testing

10. Chapter 10: Advanced Attack Techniques

11. Chapter 11: Advanced Adventures with ZAP

12. Index

Why subscribe?

13. Other Books You May Enjoy

Persisting a session

In this recipe, we are going to go over how to set your ZAP Proxy session persisting. This is useful when you are working on an assessment over multiple days so you can close ZAP and you won’t lose any information.

Getting ready

To be able to go over this recipe, you will need to have ZAP installed on your computer.

How to do it…

Upon running the ZAP application from your host of choice, a dialog box will pop up asking whether you want to persist the ZAP session. In this dialog box, you will have multiple choices for how to persist the ZAP session and where to store those session files in a local database that can be retrieved later.

There are three options to choose from on how you wish to persist and a checkbox for remembering your choice. The following are your options:

Yes, I want to persist this session with name based on the current timestamp: This option saves the session file using the default filename and location.
Yes, I want to persist this session but I want to specify the name and location: This option allows you to rename the file and choose the location where the file will be stored.
No, I do not want to persist this session at this moment in time: When this option is selected, the file is not stored.
Remember my choice and do not ask me again.: This checkbox can be checked along with any of the three preceding options to make it the default choice.

Let’s see what it looks like visually in the following screenshot:

Figure 2.1 – Persisting the sessions

From here, we’ll move on to describing the top menu bar, as well as other menus contained within it, options, and the top-level toolbar that sits under the main menu bar.

How it works…

Persisting a session will allow you to save your work and quickly come back to what’s been captured and is in progress. Basically, this is how you save your work. There may be other times when testing is temporary and there is no need to persist. Other times, persisting may not be an option you want to do at first as capturing a web application will also start capturing out-of-scope content that isn’t saved to the Sites tree or Context.