Posts

Showing posts from 2015

Inspecting HTTP traffic using OWASP Zed Attack Proxy tool

Image
Whether I develop or debug a mobile application for Android or iOS with some networking functionality I might want to inspect HTTP traffic. Even for a web development there might be a need to intercept and modify the HTTP requests. There are number of tools available to intercept HTTP/HTTPS traffic. One of the most popular and well documented is probably Fiddler . That’s what I used on Windows platform. If you are on MAC, you have to configure Fiddler to run in a virtual machine or use some alternative tools. This post is about the second option. Specifically, OWASP Zed Attack Proxy (ZAP) tool -  free, open source, easy to install and use, penetration testing tool for finding vulnerabilities in web applications. This tool provides a lot of functionality whereas I am going to cover here only how to configure and use it as an intercepting  proxy on Mac. Also I include the steps to configure Android and iPhone devices in order to intercept the HTTP traffic. ZAP documentation