ZAProxy
The Zed Attack Proxy (ZAProxy) included in the Co-browse Server installation package is based on the OWASP Zed Attack Proxy Project.
ZAProxy can run in two modes:
- UI-less ZAProxy—can only be used as a proxy injecting web site with the instrumentation snippet.
- UI-based ZaProxy—in addition to acting as a proxy, the ZAProxy also provides a UI for validating the vulnerabilities in your website. For details, see Testing with ZAProxy SecurityTesting.
Start and Configure ZAProxy
Set up your Web Browser
After you configure either UI-less ZAProxy or UI-based ZaProxy, set up your Web Browser to use ZAProxy:
Start
- Start your web browser.
- Open your Internet settings. For instance, in Firefox, select Tools > Options. The Options dialog window appears.
- Select Advanced and in the Network tab, click Settings.... The Connection Settings dialog window opens.
- Select the Manual proxy configuration option and do the following:
- Enter your host IP address in the HTTP Proxy text box.
- Enter the port used by the ZAProxy in the Port text box. This is the port you made note of in Configure ZAProxy Host and Port.
- Select the Use this proxy server for all protocols option.
- In the "No Proxy for:" text box, list the IP address or domain name as it appears in the data-gcb-url attribute of the Co-browse JavaScript (see Basic Instrumentation). This ensures that communication with Co-browse server is not proxied. Note: If the proxy and Co-browser Server are running on the same machine, this value will be the same as the IP in the HTTP Proxy text box.
- Click OK. Now your browser is using the ZAProxy, which will inject the Co-browse JavaScript code into all web pages except those you specified in Configure the URL Filter.
End
This page was last edited on October 13, 2015, at 01:41.
Comments or questions about this documentation? Contact us for support!