How to capture HTTP request in OWASP ZAP

Question

I need to scan some APIs that only available on HTTP protocol.

Let's say I'm testing http://example.com, I did follow commands

export http_proxy=localhost:8080
export https_proxy=localhost:8080
curl http://example.com  
<html><body>Redirecting to https://example.com/</body></html>

http://example.com is accessible however ZAP proxy always gives me a 302 Redirect response. And in the GUI, there is nothing captured by ZAP.

Capturing HTTPS APIs is working well, but how can I make it work for HTTP?

Thank you in advance.

score 2 · Accepted Answer · answered Jan 09 '20 at 16:20

I'm guessing that you've got the HUD enabled - that always redirect to HTTPS. Thats explained in the tutorial that would have been linked to when you you started using ZAP. You can turn the HUD off via a button on the toolbar or a checkbox on the relevant Quick Start tab.

score 0 · Answer 2 · edited Mar 23 '22 at 12:58

0

Yes, I have also faced an issue regarding HTTPS during manual exploration of my application using OWASP ZAP.

After disabling the Enable HUD option on Quick Start Tab, the issue got solved.

owasp zap httprequest

edited Mar 23 '22 at 12:58

Ethan

876
8
18
34

answered Mar 09 '22 at 09:37

Rajam Arunachalam

71
2
7

How to capture HTTP request in OWASP ZAP

2 Answers2

Linked