It’s a bunch of proxy tools and iptables rules wrapped up into an app that give you a really simple way to tunnel traffic to an endpoint. ProxyDroid is a free and open-source app for Android.
If you can install your App and it follow HTTP_PROXY rule, or it have a Proxy settings or you target a mobile WebSite you can use the default Android proxy. If you don’t have an Android Device or you don’t want to Install the target App you can use GenyMotion. If your target App don’t follow the HTTP_PROXY rule on Android and you have root you can use ProxyDroid. Go to Tool > Options > Local Proxy and type in your local IP address. Now we need to tell ZAP to listen from all the device in the LAN.īy default ZAP listen on localhost:8080 so it’s visible only on our PC. If you are using GenyMotion ignore this step Remember to remove the Cert when you finish your Proxy session Since the Certificate is not Trusted and we are MiTM-ing the connection, a notification will pop-up saying: Network May be monitored by an Unknown Third party Install the Certificate from Settings->WiFi->Advanced->Install Certificate, select your file and Install it. In GenyMotion you can also Drag&Drop the Cert file on the Emulator. Transfer the Certificate to the Android Device with adb push owasp_zap_root_ca.cer sdcard/ You can also generate a new one from the Dynamic SSL Certificates section. When ZAP first starts up, it generates a certificate valid during one year. Go in Tools > Options > Dynamic SSL Certificates > Save and save the Cert to a file. 
Step on Android will be highlighted like this Configuring OWASP ZAPįire up ZAP Proxy, Create your Session and Contest if you want. Genymotion/Android Emulator ( if you want emulate the App).ARP-Poison your device and Run Wireshark.set your PC as WiFi Hotspot and Run Wireshark.If you want more Deep Packet Inspection, you can: If you want to use Charles Proxy read Intercepting Android traffic using Charles If you don’t know how to use ZAP read the OWASP ZAP PAGE. In this Post I want to cover the Configuration of the Proxy Connection,
When testing for Application Security, sometimes A PenTester need to Analyze the network connections that some Application makes, like how uses APIs, what data transfer Intercepting Android traffic using OWASP ZAP
0 kommentar(er)
