ZAProxy

The Zed Attack Proxy (ZAProxy) included in the Co-browse Server installation package is based on the OWASP Zed Attack Proxy Project.

ZAProxy can run in two modes:

• UI-less ZAProxy—can only be used as a proxy injecting web site with the instrumentation snippet.
• UI-based ZaProxy—in addition to acting as a proxy, the ZAProxy also provides a UI for validating the vulnerabilities in your website. For details, see Testing with ZAProxy SecurityTesting.

Start and Configure ZAProxy

• Start and Configure UI-less ZAProxy
• Start and Configure UI-based ZaProxy

Set up your Web Browser

After you configure either UI-less ZAProxy or UI-based ZaProxy, set up your Web Browser to use ZAProxy:

Start

1. Start your web browser.
2. Open your Internet settings. For instance, in Firefox, select Tools > Options. The Options dialog window appears.
3. Select Advanced and in the Network tab, click Settings.... The Connection Settings dialog window opens.
4. Select the Manual proxy configuration option and do the following:
   • Enter your host IP address in the HTTP Proxy text box.
   • Enter the port used by the ZAProxy in the Port text box. This is the port you made note of in Configure ZAProxy Host and Port.
   • Select the Use this proxy server for all protocols option.
     
     

     ZAProxy used in Firefox
   • In the "No Proxy for:" text box, list the IP address or domain name as it appears in the data-gcb-url attribute of the Co-browse JavaScript (see Basic Instrumentation). This ensures that communication with Co-browse server is not proxied. Note: If the proxy and Co-browser Server are running on the same machine, this value will be the same as the IP in the HTTP Proxy text box.
5. Click OK. Now your browser is using the ZAProxy, which will inject the Co-browse JavaScript code into all web pages except those you specified in Configure the URL Filter.

End