Can Owasp Zap be used to proxy all http and https traffic over an HTTPS connection?

Question

Can Owasp Zap be used to proxy all http and https traffic over an HTTPS connection?

I just started using Zap and successfully launch it in Firefox and Chrome.

I would like to use it to automatically maintain an SSL certificate for sites without https.

So for example, I would like it to be able to serve

http://example.com

as

https://example.com

although example.com will not normally serve an SSL certificate.

This will allow me to test local development sites without creating the certificate for them, or configure the certificate on a web server.

I tried redirecting the port dev (18000) to port 443, but there is no SSL certificate that is served by my web server, and the connection does not work. I also tried this with the sni terminator zap plugin with no luck, although it seems to be very close!

Any suggestions?

+5

reverse-proxy owasp zap

Brad parks Jan 17 '17 at 19:07

source share

1 answer

Sacn · Answer 1 · 2017-01-27T10:18:02+0000

No application can choose the communication protocol on which the client communicates. Communication with web servers is strictly client-specific, with the exception of server redirection. In order for the client to select HTTP from the two parameters http and http (s), you can install browser plugins, such as HTTP(s) everywhere, which will look for https first, even if http is entered in the browser

Can Owasp Zap be used to proxy all http and https traffic over an HTTPS connection?

More articles: