OWASP's ZAP is a security tool and uses a proxy based approach to do its job. And because of this, the first thing we need to setup is proxy LAN settings.
Please download OWASP ZAP and then fire it up. Once it is up and running, togo Tools->Options->Local Proxy.
Once we have this setup, we proceed to configure your browser's proxy settings.
Fire up chrome, got to Advance settings -> Change proxy settings .. -> LAN Settings and under Proxy server, please change "Address" to localhost and port to "8080".
Now you're ready to go login to your website and start running scanning. What is happening that any traffic that pass through your browser get analyzed. The advantage of this approach is that, you don't have to setup username/password or oAuth token and a bunch of security stuff.
Of course, you can choose and easier approach (but don't have much use case in general) which is to use "Quick start" feature. All you need to do i…
Writing Owin component is really easy. Changing response's body content can be tricky.
Let's say you need to strip out confidential information from your http/https response before passing it to the client. Sounds pretty easy but tricky at the same time.
Key points to note is that :-
1. Must invoke the next owin component in the pipeline before reading response as string. (maybe that's obvious)
Try to use filter to control flow to your owin component. As you can see below, code 21, i running a check on Request.Path to prevent application to flow through (modifying anything in my Owin component).
2.When modifying content, you need to set context.Response.ContentType, StatusCode and ContentLength to the size of data you're trying to push across.
I used memorystream to channel my output to context.response.body
3. Must use code starting from Line 69 to copy content to context.Response.Body. Your owin pipeline can get pretty unable if you don't do this.
Comments