Maik Ro Profile picture
Jun 15 26 tweets 8 min read Twitter logo Read on Twitter
How to use ZAP to find Web Application vulnerabilities: Image
If you don’t want to Burp every time you look at a web application I have just the right free tool for you.

The ⚡️ZAP⚡️ Gang is coming together to hack some bug bounty programs and we are going to join them.
@zaproxy will help you hack websites quickly and in an automated fashion

Just the way we like it - and the best?!

It is open source and free.

WHOAAAA - but what is ZAP really?
It's a proxy. Plain and simple and not really descriptive.

Lets fix that.

A proxy is a piece of software that sits between you and the internet

Kinda like my dad when I was younger...
Hackers use proxies to capture requests send to the internet and from the internet to them.

Why?
They manipulate the requests

- add some data
- remove some data
- change some data

and finally see how the application handles these situations 🦾🤖
Proxies help hackers to stop every request and response - it's like a bouncer for their club. 💪😤

Request 1: COOL😎 - you are a good request, I know you, no need to search you

Request 2: STOP🦋 - who are you?! Let me see if I can find something interesting in your head(ers) 🤕
Hacker also use proxies to spider / scrape applications which is what we will do today.

@zaproxy has a very neat function for that but first we need to install the software and a proxy switcher

I will guide you through the process
1. Go to

zaproxy.org/download/ and click on the “download” button for your operating system

2. open the downloaded file and install the software

3. start Zed Attack Proxy (ZAP)
You could also run ZAP in a docker container 🐳 📦

if you would like to
hub.docker.com/r/owasp/zap2do…
ZAP will probably ask you to update plugins - go ahead and “Update all” of them and close the marketplace window

ps you dont have to wait until the update for all the plugins is done, it will continue the update in the background after you click “Close” Image
🎊 NICE 🎉

You just installed ZAP

Now you can either click on the small 🔥🦊 firefox in the top right

(or use a proxy-switcher - e.g. foxyproxy getfoxyproxy.org)

After you clicked the firefox icon - a browser will open - this one has ZAP integration already

umm?! Image
WHAT DOES THAT MEAN!?!?!

When you look at the address bar, something seems different compared to your normal browser, right?!

Those diagonal things are not there usually and the little robot face in front of the url is also new 🤖

Is this what Terminator warned us about?! Image
These are indicators that your current firefox window was modified by some tool (ZAP)

ah of course… wait WHAT?!

When you open a page in this browser - I chose bing because why not.

And look at ZAP next…
You will see that the website you visited now magically appeared in ZAP.

Any request / response coming through that browser can be modified with ZAP now

OHHHH - that is coool 😈 Image
Now we come to the real wizard part

Hold your horses HARRY. 🪄🦄

We will use a spider to first find all the possible links we can click on

next we figure out how we can login and use the logged in session in ZAP

yes you read that right a 🕷️🕸️ - sorry arachnophobes.
Open juice-shop.herokuapp.com/#/

in your browser

at the top right there is a “Account” button that you can click on and then hit that login button as well Image
Since we dont have an account yet we need to create one - use the green link at the bottom of the login portal - “Not yet a customer?”

hit that, enter your hacker persona details and click the “Register” button afterwards Image
You can now login and check out the internal part of the juice shop manually

OR

you let the robots do the work. 🤖🤖🤖
I would recommend doing the following first

Inside ZAP you right click the juice shop url and then use “Include in Context” and “Default Context” to make sure you define your scope

You only want resources on your target - not some random facebook page. Image
Now we spider - click on the url

and then use the “Attack” → “Spider” to crawl all urls on the target (use the default parameters)

and punch that “Start Scan” button

Spider go BRRRRRRRRR ⏩ ImageImage
at the bottom you can now see the urls popping up and either with a green or red light

green = processed
red = ignored (usually because of out of scope)

Search through the urls - you might find a diamond in the rough or some previously unknown resources that are juicy 🧃
Did you spot the one I am talking about?

That FTP link does look interesting, right?!

Shall we see whats behind it? Image
BINGO - that should not be there 😲❤️

You just found your first vulnerability with ZAP.

BAAAM! Image
Can you smell more vulnerabilities heading your way now?

There is a new book by packt publishing - the ZAP Cookbook - this one might have exactly the details you are looking for to get the most out of ZAP.

You can check it out here:

packtpub.com/product/zed-at…

#sponsored #ad

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Maik Ro

Maik Ro Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maikroservice

Jun 12
Day 1️⃣5️⃣ - Road to SOC analyst 💙

Detecting Malicious Binaries in your SIEM: Image
On your Road to becoming a SOC Analyst you will need to detect:

1. malicious behaviour 😈
2. malicious binaries 🦠
3. indicators of compromise ☠️

Last time we talked about - malicious behaviour 😈
and you had one piece of homework

How to detect base64 encoded PowerShell

base64 encoded PowerShell is usually couple with a few flags that give you hints whether or not it is malicious

when you see…
Read 28 tweets
Jun 5
Day 1️⃣4️⃣ - Road to SOC analyst 💙

SIEM Detection Types for Beginners: Image
On your Road to becoming a SOC Analyst you will need to detect:

1. malicious behaviour 😈
2. malicious binaries 🦠
3. indicators of compromise ☠️

First up - malicious behaviour 😈
Whats that?

Usually, this can be defined as an behaviour out of the ordinary BUT there is a catch 🕵️

How do you know what is “normal” ?!

This is where most companies/people have issues…
Read 19 tweets
Jun 1
Day 1️⃣3️⃣ - Becoming a SOC analyst 💙

How to supercharge your AD log collection with sysmon: Image
You have a shiny new toy - a SIEM for your HomeLab 🎉

But some of you wondered, What now?
What do you do with the SIEM and the agents?

Allow me to share:
Generally the @wazuh agents come with some pre-configurations out-of-the-box

You for example have an individual CIS hardening guide for your operating system

find them here: learn.cisecurity.org/benchmarks
Read 23 tweets
May 29
Day 1️⃣2️⃣ - Becoming a SOC analyst 💙

How to install SIEM agents on WIN & LINUX in your HomeLab: Image
In the last thread you installed a SIEM in your HomeLab:

But a SIEM in itself is not really useful without one magic ingredient 🪄

Log files 🗃️
Whats a log file? 🪵

What does wood have to do with CyberSecurity? 🤔

Why do we need logs inside containers 📦?

Let us answer these questions now 👀

+ dive into 🤿 logging & monitoring
Read 25 tweets
May 26
Day 1️⃣1️⃣ - Becoming a SOC analyst 💙

How to build your own SIEM for your HomeLab: Image
What on Earth is a SIEM anyway?

A SIEM is a Monitoring System that collects/aggregates Logs - the abbreviation means:

Security Information and Event Management System

It is a critical component in the security infrastructure of any company.

Ok got it...
But why should you care about SIEM for your HomeLab at all?

That is a very good question and it has 1 simple answer.

In your (current or next) job you will need monitoring for your companies' infrastructure.

How do you learn that?

By building a SIEM for your HomeLab.
Read 18 tweets
May 10
How to get started with Infrastructure as Code & Terraform 💙: Image
After reading this thread you are able to:
• take any Amazon Machine Image (ami)
• deploy it without using the GUI on aws ☁️ 

Ready? Set! GO! 🏁🏎️ Image
As a recap we setup aws CLI


and used Packer to build an Ubuntu AMI


You will need at least the aws CLI to finish today’s tasks 🤓
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(