are going to use ZAP to explore hackxpert.com
1. Open ZAP, you can pick if you want to persist the session or not (save the project)
2. On the "quick start" section. pick to manually explore the target
4. Open a session to hackxpert.com and launch any browser you'd like. Enable the HUD.
6. You can now click around a little, hackxpert.com should appear in your site map. This will allow you to right-click it and add it to the context.
8. Next start an automated scan by going back to the home screen under "quick start"
10. You can see ZAP will first spider all the URLs and then test them.
11. After a while, you will notice ZAP switches to the scanning tab in the bottom right.
1. This is because ZAP shows you what it thinks is most relevant
2. If you are missing something, check out the
12. Let's right-click and send a request to the repeater
14. Here I would like to highlight several things such as the fact that the user can easily change the request method (From GET to POST for example), body and headers but also toggle the fact that you are accepting cookies, and last but not least, the fact that the send button might be hidden! You just need to enlarge the window and make it wider.
explore hackxpert.com further using ZAP. Can you notice which labs it can not