'How to capture HTTP request in OWASP ZAP
I need to scan some APIs that only available on HTTP protocol.
Let's say I'm testing http://example.com, I did follow commands
export http_proxy=localhost:8080
export https_proxy=localhost:8080
curl http://example.com
<html><body>Redirecting to https://example.com/</body></html>
http://example.com is accessible however ZAP proxy always gives me a 302 Redirect response. And in the GUI, there is nothing captured by ZAP.
Capturing HTTPS APIs is working well, but how can I make it work for HTTP?
Thank you in advance.
Solution 1:[1]
I'm guessing that you've got the HUD enabled - that always redirect to HTTPS. Thats explained in the tutorial that would have been linked to when you you started using ZAP. You can turn the HUD off via a button on the toolbar or a checkbox on the relevant Quick Start tab.
Solution 2:[2]
Yes, I have also faced an issue regarding HTTPS during manual exploration of my application using OWASP ZAP.
After disabling the Enable HUD option on Quick Start Tab, the issue got solved.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Simon Bennetts |
| Solution 2 | Ethan |