In this blog post I will explain how to configure Ruby httpclient gem in order to redirect its http traffic through OWASP ZAP http proxy.


When you are testing REST API functions of some web application, you also have to check the correctness of your testing scripts. In order to observe actual http traffic that is generated by your testing scripts that use httpclient gem, you have to redirect your traffic through  some HTTP proxy. Her I will explain how to redirect http traffic through OWASP ZAP proxy.

First, start OWASP ZAP proxy. Go to Tools->Options and get/set local proxy value. Default is localhost:8080. Set http_proxy environment variable. On unix run in terminal

export http_proxy=http://localhost:8080

For ssl proxing, first get ZAP certificate. Go to Tools->Options->Dynamic SSL Certificate and save certificate with pem extension to your repository root folder and with some descriptive file name (e.g. owasp_zap_root_ca.pem). Add following line of Ruby code in your httpclient configuration class:

@web_client = HTTPClient.new

@web_client.ssl_config.set_trust_ca ‘./owasp_zap_root_ca.pem’

Note: this is only code snippet and I would not work without additional code. For setting trusted certificates, second line is important.
Now run your testing scripts. As I am using rspec, my run command line is rspec spec/script_name.rb. In ZAP history tab you will see details for generated http traffic.