Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Zed Attack Proxy (ZAP)

  1. #11
    Junior Member
    Join Date
    Mar 2010
    Posts
    28

    Default Re: Zed Attack Proxy (ZAP)

    This is a great tool psiinon. Look forward to seeing this in Backtrack.
    Backtrack has the best Mods -period.

  2. #12
    Just burned his ISO LVHLVH's Avatar
    Join Date
    Oct 2010
    Posts
    7

    Default Re: Zed Attack Proxy (ZAP)

    Quote Originally Posted by psiinon View Post
    My comments about Ratproxy, skipfish and Fiddler2 + Watcher are based on my current understanding of these tools - please correct me if I'm wrong about anything

    [snip]

    ZAP is not really aimed at such people, although I'm sure they can have a quick look at the functionality it provides and work out if it could fit into their toolbox. They might find it useful for an initial assessment before breaking out the specialist tools.

    Does that answer your question?
    Psiinon
    Just my 2 cents on the matter.

    You cannot (and should not) compare skipfish or ratproxy with ZAP, webscarab, burp, fiddler or any other intercepting proxy.

    Skipfish is a pattern recognition based scanner (much like nikto) with a focus on web apps. It tries to identify files with known vulnerabilities based on a fingerprint. As such it does not try to find issues based on request/response and it does not work well with custom software.

    Ratproxy does try to find vulnerabilities based on requests and responses but can only be used as a parallel scanner. So you start ratproxy, browse the website, stop the proxy and read the report. It is not possible to modify requests on-the-run and you have to stop the proxy before you can see the results.

    ZAP is an intercepting proxy and should be compared with other intercepting proxies (as mentioned before). If you look at the 'competition' I think ZAP can claim a good spot in the market. Paros (free (on which ZAP is based)) hasn't had an update in ages and although nightly builds for webscarab are being greated each night no real new functionalities have been added for the last year (correct me if I'm wrong on this one, but looking at the java package I cannot find any).
    Burp is being maintained fairly well, but you need to buy a (although cheap) license to really unleash it's power. Fiddler/watcher is nice, but targeted at a Windows/IE platform and does indeed not include an active scanner.

    Concluding; I think ZAP has great potential and is not just a 'beginners' tool. I think with a few releases it will outperform paros, webscarab, and fiddler and will only have Burp Suite Pro as it's master ...

    (for the record; I am not involved whatsoever in the development of ZAP, webscarab or any other tool but I am speaking from professional experience with the tools).
    Last edited by LVHLVH; 10-08-2010 at 11:39 AM. Reason: typo

  3. #13
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default Re: Zed Attack Proxy (ZAP)

    "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Albert Einstein

  4. #14
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    11

    Default Re: Zed Attack Proxy (ZAP)

    Quote Originally Posted by SWFu64 View Post
    You beat me to it!

    Significant changes in 1.2.0:

    • Memory leaks have been fixed in the active scanner and spider
    • External applications can now be invoked from the Sites and History tabs
    • The passive scanner now looks for vulnerabilities


    More details here: http://code.google.com/p/zaproxy/wiki/HelpReleases1_2_0

    Thanks,

    Psiinon

  5. #15
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Zed Attack Proxy (ZAP)

    This package has been updated to the latest version.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. proxy-bt3
    By vanescar in forum Supporto Software
    Replies: 0
    Last Post: 04-27-2010, 10:50 PM
  2. NC Through Proxy?
    By wolf17 in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-10-2009, 05:13 AM
  3. everything over Proxy
    By goon123 in forum OLD Specialist Topics
    Replies: 1
    Last Post: 07-06-2009, 12:44 AM
  4. using a proxy
    By ycpc55 in forum OLD Newbie Area
    Replies: 15
    Last Post: 04-22-2009, 04:58 AM
  5. How to use a proxy?
    By Schtekarn in forum OLD BT3final Support
    Replies: 19
    Last Post: 06-22-2008, 09:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •