[OWASP-Bangalore] Burp - ZAP proxy chain

Sagar Belure sagar.belure at gmail.com
Thu Nov 20 09:46:51 UTC 2014


Thank Maran.

Here is the zap.log : http://pastebin.com/XiyNMYCz

Regards,
Sagar Belure

On Thu, Nov 20, 2014 at 2:50 PM, Marudhamaran Gunasekaran <
gmaran23 at gmail.com> wrote:

> *Default logging location for ZAP *
> %userprofile%\OWASP ZAP\zap.log if you are on windows. ~/.ZAP\zap.log on
> Linux.
>
> On Thu, Nov 20, 2014 at 1:32 PM, Sagar Belure <sagar.belure at gmail.com>
> wrote:
>
>> Hi,
>>
>>
>> On Wed, Nov 19, 2014 at 8:12 PM, Akash <akashmahajan at gmail.com> wrote:
>>
>>> Do you have any logs on ZAP when this fails?
>>>
>>
>> Not sure, where I can see logs for ZAP. But 'History' tab does not
>> reflect anything.
>>
>>
>>>
>>> Also do you get any status code in the browser when this happens?
>>>
>>
>> When I check with Response headers for "The connection was interrupted"
>> in firefox, it gives response headers of 'about:neterror' and not from
>> ZAP/burp/web server.
>>
>>
>>>
>>> On 19 November 2014 20:09, Sagar Belure <sagar.belure at gmail.com> wrote:
>>>
>>>> Hello all,
>>>>
>>>> First to with introduction, my name is Sagar Belure, a security
>>>> professional, windows/linux admin, open source enthusiast. Mostly work on
>>>> Web/Network side of information security. A beginner in Digital Forensics
>>>> world of information security domain.
>>>>
>>>> All right, going with query -
>>>> I have configured proxy chains in following way -
>>>> Web server -> Burp -> ZAP -> web browser
>>>>
>>>> This works perfectly fine for non-SSL traffic, if I configure upstream
>>>> proxy in ZAP, pointing to burp running on different system.
>>>> 1. I tried with checking "Enable unsafe SSL/TLS negotiation" under
>>>> Tools -> Options -> Certificate in ZAP, with no luck.
>>>> 2. Also, tried importing burp certificate into ZAP, again no luck.
>>>>
>>>> Is there any way, ZAP (or IronWASP) could be configured to upstream
>>>> proxy with SSL connection.
>>>>
>>>> The error I get on firefox - "The connection was interrupted".
>>>>
>>>> PS: Q. Why do I want to do that? Ans: There are few reasons. Primary
>>>> and important being, to route my traffic from my home network to target
>>>> network. Burp and ZAP are running on two separate systems. And then there
>>>> are some other reasons too.
>>>>
>>>> Regards,
>>>> Sagar Belure
>>>> sagar.belure.com | blog.belure.com
>>>> @sagarbelure
>>>>
>>>> _______________________________________________
>>>> OWASP-Bangalore mailing list
>>>> OWASP-Bangalore at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>>> Twitter : @owaspbangalore
>>>>
>>>>
>>>
>>>
>>> --
>>> Warm regards,
>>> Akash Mahajan
>>>
>>> *That Web Application Security Guy* | +91 99 805 271 82
>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>
>>>
>>> _______________________________________________
>>> OWASP-Bangalore mailing list
>>> OWASP-Bangalore at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>> Twitter : @owaspbangalore
>>>
>>>
>> Regards,
>> Sagar Belure
>>
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>> Twitter : @owaspbangalore
>>
>>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> Twitter : @owaspbangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20141120/6b928707/attachment-0001.html>


More information about the OWASP-Bangalore mailing list