Transparent proxy from OWASP

By Posted in - Blog on December 22nd, 2016 0 Comments

ZAP seems like a very good tool for pen testing, but also for debugging HTTP requests between microservices.

The best thing is that it can be run with docker.

An example of setting it up as a transparent proxy with iptables is described here .

The key being to forward request port to ZAP, and it will automatically capture them.

Example:

iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 192.168.0.4:8443
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.0.4:8080

Please leave a Comment

Solve : *
17 + 20 =