ZAP proxy principle
Follows browser, Chrome Take, for example, issued a request Chrome will go through ZAP, ZAP and then sent to the server as shown below:
Chrome settings
1. Chrome settings only need to enter in the address bar chrome://settings
2. Then in the search field, enter 代理
then click 打开您计算机的代理设置
3. Manual proxy settings
Port Why is 8080
it because ZAP receives the default port? 8080
As follows:
Of course, you can be set to your favorite port, as long as Chrome and ZAP set 端口一致
on the line.
If this time you use the Chrome baidu might be the case
Because you are logged in https://www.baidu.com , Chrome needs to import SSL certificates ZAP job.
ZAP settings
ZAP start setting
ZAP will open when the pop-up window will ask you whether to save session information.
The first one is based on the current timestamp save session information
and the second is to save session information, but you have to specify the name and location to save the conversation
third not after going to save session information that you close ZAP, the session information records would be lost
if the proposed selection beginning with the third, then there is a demand and then select the second.
SSL Certificate Export
Click 工具
-> 选项
-> Dynamic SSL Certificates
-> 保存
may be stored on the desktop (inferior to use), the step is as follows:
Chrome Importing SSL certificate of ZAP
Enter the search bar 证书
will come out, as shown below
然后点击 管理证书
就会弹出另外要给一个对话框,
在弹出的对话框中点击 受信任的根证书颁发机构
--点击--> 导入
(刚刚保存的ZAP的SSL证书)
-->导入后关闭就好