Pen-testing tools: Difference between revisions

From miki
Jump to navigation Jump to search
 
Line 1: Line 1:
== Proxies ==
== Proxies ==
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project] (ZAP)
=== [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project] (ZAP) ===
:Powerful tool that can e.g. easily intercept HTTPS queries and mount MITM attacks.
Powerful tool that can e.g. easily intercept HTTPS queries and mount MITM attacks.


:On Firefox, install ''Plug-n-Hack'' plugin (go to http://localhost:8080/pnh/). Control the plugin / ZAP via Firefox Developer Toolbar ({{kb|Shift+F2}})
On Firefox, install ''Plug-n-Hack'' plugin (go to http://localhost:8080/pnh/). Control the plugin / ZAP via Firefox Developer Toolbar ({{kb|Shift+F2}})
help pnh
help pnh
help zap
help zap

;Troubleshooting
* On Ubuntu, disable the network proxy in gnome settings. It seems to interfere with ZAP.

Latest revision as of 17:10, 21 March 2014

Proxies

OWASP Zed Attack Proxy Project (ZAP)

Powerful tool that can e.g. easily intercept HTTPS queries and mount MITM attacks.

On Firefox, install Plug-n-Hack plugin (go to http://localhost:8080/pnh/). Control the plugin / ZAP via Firefox Developer Toolbar (Shift+F2)

help pnh
help zap
Troubleshooting
  • On Ubuntu, disable the network proxy in gnome settings. It seems to interfere with ZAP.