[OWASP-Bangalore] Burp - ZAP proxy chain

Akash akashmahajan at gmail.com
Wed Nov 19 14:42:24 UTC 2014


Do you have any logs on ZAP when this fails?

Also do you get any status code in the browser when this happens?

On 19 November 2014 20:09, Sagar Belure <sagar.belure at gmail.com> wrote:

> Hello all,
>
> First to with introduction, my name is Sagar Belure, a security
> professional, windows/linux admin, open source enthusiast. Mostly work on
> Web/Network side of information security. A beginner in Digital Forensics
> world of information security domain.
>
> All right, going with query -
> I have configured proxy chains in following way -
> Web server -> Burp -> ZAP -> web browser
>
> This works perfectly fine for non-SSL traffic, if I configure upstream
> proxy in ZAP, pointing to burp running on different system.
> 1. I tried with checking "Enable unsafe SSL/TLS negotiation" under Tools
> -> Options -> Certificate in ZAP, with no luck.
> 2. Also, tried importing burp certificate into ZAP, again no luck.
>
> Is there any way, ZAP (or IronWASP) could be configured to upstream proxy
> with SSL connection.
>
> The error I get on firefox - "The connection was interrupted".
>
> PS: Q. Why do I want to do that? Ans: There are few reasons. Primary and
> important being, to route my traffic from my home network to target
> network. Burp and ZAP are running on two separate systems. And then there
> are some other reasons too.
>
> Regards,
> Sagar Belure
> sagar.belure.com | blog.belure.com
> @sagarbelure
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
>
>


-- 
Warm regards,
Akash Mahajan

*That Web Application Security Guy* | +91 99 805 271 82
akashm.com | *@makash* on twitter | linkd.in/webappsecguy
*OWASP Bangalore Chapter Lead | null Community Manager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20141119/9652fc40/attachment.html>


More information about the OWASP-Bangalore mailing list