Last active
June 8, 2019 12:49
-
-
Save nestoru/89d5358bcac6b77ef3012b8ec28c02ca to your computer and use it in GitHub Desktop.
OWASP Zed Attack Proxy (ZAP) AKA zaproxy installation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TODAY=`date +%Y-%m-%d` | |
| INSTALL_DIR=~/ | |
| cd $INSTALL_DIR | |
| git clone https://github.com/zaproxy/zaproxy.git | |
| cd zaproxy/ | |
| ./gradlew :zap:distDaily | |
| cd zap/build/distributions/ | |
| unzip ZAP_D-${TODAY}.zip | |
| cd ZAP_D-${TODAY}/ | |
| ## Manual steps | |
| # Start the GUI to install all addons | |
| # ./zap.sh -addoninstallall -addonupdate | |
| # Close the GUI and remove the HUD addon because otherwise it will interfere with tests | |
| # ./zap.sh -addonuninstall hud | |
| # Close the GUI and run the below to finally run zaproxy on port 8081: | |
| # ./zap.sh -config connection.timeoutInSecs=3000 -config proxy.port=8081 | |
| # Go to zaproxy menu export the Root CA certificate using "Tools | Options | Dynamic SSL Certificates | Save" | |
| # To use the proxy in chrome use the below: | |
| # google-chrome --proxy-server="http://localhost:8081" | |
| # Go to chrome settings search for "certificate", click "Mamage Certificates | Authorities | Import | All Files"; select the exported cer file and select "trust his certificate for identifying websites" | |
| # To not use the proxy in chrome use the below: | |
| # google-chrome --no-proxy-server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment