[OWASP-Bangalore] Burp - ZAP proxy chain

Sagar Belure sagar.belure at gmail.com
Wed Nov 19 14:39:14 UTC 2014


Hello all,

First to with introduction, my name is Sagar Belure, a security
professional, windows/linux admin, open source enthusiast. Mostly work on
Web/Network side of information security. A beginner in Digital Forensics
world of information security domain.

All right, going with query -
I have configured proxy chains in following way -
Web server -> Burp -> ZAP -> web browser

This works perfectly fine for non-SSL traffic, if I configure upstream
proxy in ZAP, pointing to burp running on different system.
1. I tried with checking "Enable unsafe SSL/TLS negotiation" under Tools ->
Options -> Certificate in ZAP, with no luck.
2. Also, tried importing burp certificate into ZAP, again no luck.

Is there any way, ZAP (or IronWASP) could be configured to upstream proxy
with SSL connection.

The error I get on firefox - "The connection was interrupted".

PS: Q. Why do I want to do that? Ans: There are few reasons. Primary and
important being, to route my traffic from my home network to target
network. Burp and ZAP are running on two separate systems. And then there
are some other reasons too.

Regards,
Sagar Belure
sagar.belure.com | blog.belure.com
@sagarbelure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20141119/c634d7fb/attachment-0001.html>


More information about the OWASP-Bangalore mailing list