diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png b/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png index 76ba1a12b..fd3967972 100644 Binary files a/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png and b/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png differ diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-local-proxy-8090.png b/webgoat-lessons/http-proxies/src/main/resources/images/zap-local-proxy-8090.png new file mode 100644 index 000000000..4001bce6a Binary files /dev/null and b/webgoat-lessons/http-proxies/src/main/resources/images/zap-local-proxy-8090.png differ diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc index bce555d3b..3970da773 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc +++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc @@ -17,3 +17,19 @@ When ZAP starts, you will be presented with a dialog such as the one below ... image::images/zap-start.png[ZAP Start,548,256,style="lesson-image"] +=== Set ZAP's port (if running WebGoat locally) + +*NOTE*: The following proxy set up is only needed if you are running WebGoat locally. If it's on a remote server, or you are running on +WebGoat (or any application) that is not using port 8080 locally, you can leave ZAP at it's default. and use 8080, instead of +8090 when setting up your browser to proxy (next page). + +If you are setting up ZAP while running WebGoat locally ... + +* Open ZAP +* Go to Tools >> Options in the menu +* Select 'Local Proxy' on the left +* Input 8090 for the 'Port' + +*Remember*: If you are not running WebGoat locally, leave this setting along, skip to the next page and use 8080 instead of 8090 + +image::images/zap-local-proxy-8090.png[ZAP Proxy Config,750,587,style="lesson-image"] \ No newline at end of file diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc index 4adcecc5f..2926daed2 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc +++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc @@ -11,7 +11,7 @@ This will send all of your traffic to the proxy. Since we haven't set up a trust . Click _Settings_ . Select _Manual proxy configuration_ .. input *127.0.0.1* as the Proxy -.. input *8080* as the port +.. input *8090* as the port if running WebGoat locally and you updated ZAP to 8090 (otherwise, use *8080*) .. check the _Use this proxy server for all protocols_ checkbox image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesson-image"] @@ -23,7 +23,7 @@ image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesso . Click the _Change proxy settings_ button . Select the _proxies_ tab . Select Web Proxy (HTTP) -. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8080 is what used earlier) in the second box (to the right) +. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8090 if running WebGoat locally, otherwise 8080) in the second box (to the right) . You may also want to clear the _Bypass proxy settings for these Hosts & Domains_ text input at the bottom, but shouldn't need to @@ -37,6 +37,8 @@ image::images/chrome-manual-proxy-win.png[Chrome Proxy, 394,346,style="lesson-im (Win config image above) +*Remember*: If running WebGoat locally, you can use ZAP's default port of 8080 instead of 8090 (or whatever number you prefer to use) + === Other Proxy Configuration Options If you don't want to manage the proxy manually, there are extensions or plugins that can help you to do so without digging through as much config,