How to use OWASP ZAP proxy with httpclient Ruby gem

In this blog post I will explain how to configure Ruby httpclient gem in order to redirect its http traffic through OWASP ZAP http proxy.

When you are testing REST API functions of some web application, you also have to check the correctness of your testing scripts. In order to observe actual http traffic that is generated by your testing scripts that use httpclient gem, you have to redirect your traffic through some HTTP proxy. Her I will explain how to redirect http traffic through OWASP ZAP proxy.

First, start OWASP ZAP proxy. Go to Tools->Options and get/set local proxy value. Default is localhost:8080. Set http_proxy environment variable. On unix run in terminal

export http_proxy=http://localhost:8080

For ssl proxing, first get ZAP certificate. Go to Tools->Options->Dynamic SSL Certificate and save certificate with pem extension to your repository root folder and with some descriptive file name (e.g. owasp_zap_root_ca.pem). Add following line of Ruby code in your httpclient configuration class:

@web_client = HTTPClient.new

@web_client.ssl_config.set_trust_ca ‘./owasp_zap_root_ca.pem’

Note: this is only code snippet and I would not work without additional code. For setting trusted certificates, second line is important.
Now run your testing scripts. As I am using rspec, my run command line is rspec spec/script_name.rb. In ZAP history tab you will see details for generated http traffic.

Recent Posts

Recent Comments

Archives

Categories

About Us

Newsletter Sign-Up

Membership

Positions

Tester Training

Resources

Testing Events

Governance & Policies