ZAP Attack Proxy

zap

What is it?

The ZAP web application attack tool is used to run simulated application layer attacks against a web application. Please ensure you have permission from the application owner before you use this tool.

Whilst we recommend using the Chrome browser for the management access to the appliances you will want to use another browser to generate the test traffic and I’d recommend Firefox for this purpose.
ZAP is started by connecting your management (Chrome) browser to :8080/zap/.

When you do this you will first see the first ZAP webswing initializing screen. The attack proxy is running as an application on the jetNEXUS load balancing host, it can be accessed with the credentials provided by Azure and the URL below:

Session initialized

This will change to the next ZAP startup.

OWASP ZAP

And then you have the option to choose whether you want to persist the session, so it can be loaded again afterwards. For the test drive this probably isn’t required.

Zed Attack

Once this is complete ZAP will be running and the LED on the 8090 IP service will change from Red to Green showing the TCP health check is passing as port :8090 is now open.

You can now configure your Firefox web traffic browser to use the ZAP Public IP address and port :8090 as the Network Proxy.

ZAP PROXY
Replace X.X.X.X with the Public IP of your test drive.

Using ZAP

There are a few steps to follow to set up ZAP to first spider the application and then perform an attack. I would refer you to the several online resources for details on how to set this up rather than regurgitate the information here.

Where it refers to setting your browser proxy to localhost, you have already performed the necessary configuration steps above.

Viewing the Results

When you have performed the attack you should be able to view the results in the ZAP Proxy

OWASP ATTACK

Damn Vulnerable Web App (DVWA)

A configurable Target web server that can be used to test your WAF and Attack tool

ZAP Web Application Attack Tool

Web Application Attack Tool is a vulnerability scanner based on OWASP ZAP

We would love to hear from you

Contact us

0808 1645876

(866) 376-0175

Don’t take our word for it – take a free trial

Hardware, software or even your own online image complete with a full test environment.
Just let us know what you need here

Copyright © 2021 Edgenexus Limited.