O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using ZAP to view and alter requests

Although Tamper Data can help with the testing process, sometimes we need a more flexible method to modify requests and more features, such as changing the method used to send them (that is, from GET to POST) or saving the request/response pair for further processing by other tools.

OWASP ZAP is much more than a web proxy, it not only intercepts traffic, it also has lots of features similar to the crawler we used in the previous chapters, vulnerability scanner, fuzzer, brute forcer, and so on. It also has a scripting engine that can be used to automate activities or to create a new functionality.

In this recipe, we will begin the use of OWASP ZAP as a web proxy, intercept a request, and send it to the server ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required