问题
I need to scan some APIs that only available on HTTP protocol.
Let's say I'm testing http://example.com, I did follow commands
export http_proxy=localhost:8080
export https_proxy=localhost:8080
curl http://example.com
<html><body>Redirecting to https://example.com/</body></html>
http://example.com is accessible however ZAP proxy always gives me a 302 Redirect response. And in the GUI, there is nothing captured by ZAP.
Capturing HTTPS APIs is working well, but how can I make it work for HTTP?
Thank you in advance.
回答1:
I'm guessing that you've got the HUD enabled - that always redirect to HTTPS. Thats explained in the tutorial that would have been linked to when you you started using ZAP. You can turn the HUD off via a button on the toolbar or a checkbox on the relevant Quick Start tab.
来源:https://stackoverflow.com/questions/59666603/how-to-capture-http-request-in-owasp-zap