-
Notifications
You must be signed in to change notification settings - Fork 10
Starting OWASP ZAP for use with zap automation
This page only addresses the command line options required to start OWASP ZAP to achieve the following:
- proxying UI Journey tests via ZAP running in daemon mode
- capturing traffic proxied through ZAP in named session
- starting ZAP referencing a named session
A more comprehensive list of ZAP command line options can be found in the zaproxy project
Information on downloading and installing OWASP ZAP can be found here.
Each of the below commands include the option -config api.disablekey=true. The zap-automation tool is only intended for local use against locally running services, and therefore doesn't yet support providing an api key so we always disable this feature.
zap-automation library expects ZAP to be running on port 11000. To start ZAP with a specific port, use the command line option -port <portNumber>
If you don't wish to preserve the ZAP session as a baseline for launching an attack with the zap-automation tool, run the following:
$ZAP_INSTALLATION_DIR/zap.sh -daemon -config api.disablekey=true -port 11000Go here for info on how to configure WebDriver to proxy via ZAP.
You can define the session location with -dir and name with -newsession:
$ZAP_INSTALLATION_DIR/zap.sh -daemon -config api.disablekey=true -port 11000 -dir ~/my-zap/session -newsession my-new-sessionThe following files being created in ~/my-zap/session
my-new-session.session
my-new-session.session.backup
my-new-session.session.data
my-new-session.session.log
my-new-session.session.properties
my-new-session.session.script
To reference an existing session like the one created in the previous step, you can provide its location with -dir and name with -session:
$ZAP_INSTALLATION_DIR/zap.sh -daemon -config api.disablekey=true -port 11000 -dir ~/my-zap/session -session my-new-sessionNote that omitting the -dir command will result in your session being created in ZAP's default location.