[OWASP-Bangalore] Burp - ZAP proxy chain
sagar.belure at gmail.com
Thu Nov 20 08:02:06 UTC 2014
On Wed, Nov 19, 2014 at 8:12 PM, Akash <akashmahajan at gmail.com> wrote:
> Do you have any logs on ZAP when this fails?
Not sure, where I can see logs for ZAP. But 'History' tab does not reflect
> Also do you get any status code in the browser when this happens?
When I check with Response headers for "The connection was interrupted" in
firefox, it gives response headers of 'about:neterror' and not from
> On 19 November 2014 20:09, Sagar Belure <sagar.belure at gmail.com> wrote:
>> Hello all,
>> First to with introduction, my name is Sagar Belure, a security
>> professional, windows/linux admin, open source enthusiast. Mostly work on
>> Web/Network side of information security. A beginner in Digital Forensics
>> world of information security domain.
>> All right, going with query -
>> I have configured proxy chains in following way -
>> Web server -> Burp -> ZAP -> web browser
>> This works perfectly fine for non-SSL traffic, if I configure upstream
>> proxy in ZAP, pointing to burp running on different system.
>> 1. I tried with checking "Enable unsafe SSL/TLS negotiation" under Tools
>> -> Options -> Certificate in ZAP, with no luck.
>> 2. Also, tried importing burp certificate into ZAP, again no luck.
>> Is there any way, ZAP (or IronWASP) could be configured to upstream proxy
>> with SSL connection.
>> The error I get on firefox - "The connection was interrupted".
>> PS: Q. Why do I want to do that? Ans: There are few reasons. Primary and
>> important being, to route my traffic from my home network to target
>> network. Burp and ZAP are running on two separate systems. And then there
>> are some other reasons too.
>> Sagar Belure
>> sagar.belure.com | blog.belure.com
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> Twitter : @owaspbangalore
> Warm regards,
> Akash Mahajan
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> Twitter : @owaspbangalore
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore