ZAPROXY API DOCUMENTATION
[Link]
ZAPROXY API UI
[Link]
SETUP
1. Uninstall Docker Desktop
2. Install Rancher Desktop: [Link] choose the dockered option
3. Restart the laptop even if you are not asked to do so
In order to check the port you are using, go to: ZAP desktop Tools Options Local Proxies
In order to check your API key go to ZAP Tools Options API API key
� For juice shop application open gitbash and run the following command:
docker run --rm -p 3000:3000 bkimminich/juice-shop
Once you are ready you should be able to open: [Link]
For bodgeit application open command prompt and run the following command:
docker run --rm -p 8090:8080 -i -t psiinon/bodgeit
Once you are ready you should be able to open: [Link]
For AltoroMutual application just use the following link:
[Link]
Dast-setup
git clone [Link]
go to dast-setup folder git bash here
docker compose --env-file ./env/zap_env.env up -d
Put Your Target in Context
The context feature in ZAP plays an important role in keeping the interception and scanning in check.
Today's web applications come from so many different sources. When we pen test we have to be
cognizant to only hit the sites we are allowed to hit. The ZAP context allows you to place the URL of the
site in context or pieces of the site to be grouped in various context containers. This can be handy for
larger sites, allowing you to break down the reporting into more meaningful chunks.
In order to get that a site into scope and set up a context around it I simply have to right-click on the
URL in the tree. This will pop-up a menu, and I can scroll down to Include in Context. ZAP will then ask
me if I want to include this URL in the default context or if I want to start a new context. If you're only
working with one URL you can just stick with the default context.
�At this point, a properties box will pop-up asking if the regex string for the URL is correct. If you are
unfamiliar with regex it is basically a string comparison with wildcards and other fancy doodads. What
you're telling ZAP is every time a URL starts with http:// --- important note here, not HTTPS in case the
site converts over later, but starts with [Link] 168. 56. 101. You want to capture the content and
display that URL. Because of the star on the end you are capturing all directories, pages, media, etc of
the site.
If you want to capture a specific directory you can add that, but you always want to end on the wildcard
in order to capture all subfolders. If you plan to capture subdomains, for instance, if you're attacking
[Link], but pages like the admin page, the enroll page are located at [Link]
you will need to add a wildcard after the slashes, but before the domain name.
In order to enable the context we click on the little bullseye icon in the top left corner of the Tree View.
Right now I am only working with the default context. If I were to work with multiple contexts you can
pick and choose which ones are in scope by double clicking on the context, and checking or unchecking
the In Scope box here.
