I want to perform security test an mobile application, both Android and Studio. For that I am considering to use OWASP ZAP. But I don't know how can we perform the test with real device. So, anyone knowing this, please let me know. Thanx!
CodePudding user response:
By using "proxy server":
- Open ZAP
- Go to Tools
- Click in option then click in dynamic SSL certificate and generate the new and save it.
- Then you need to send that certificate to you device make sure you name the file as "ZAP"
- In the local proxy, set the address "empty"
Then you need to configure your android/ios application network configuration you can do that by following steps.
- Go to advance setting of the network
- Click in proxy and set it as 'manual"
- Then, you to enter the proxy server to your computer IP address and port to proxy set in the ZAP.
After these steps, you need to be able to perform the test.