OWASP ZAP or ZAProxy is a great tool. Unfortunately after I installed it via snap it was not at the latest version. So I decided to do it manually and document my progress. So here we go, manually installing OWASP Zap on Linux
I am using Ubuntu, but the process will work for any modern Linux System. Before I get to manually installing OWASP Zap there are a few steps to consider.
If you are not really a reading type of person, then this is your lucky day. I created a video.
Getting the software
To begin we have to install java (openjdk). The very latest version of openjdk can be used.
In the terminal type
sudo apt update apt-cache search openjdk-.*-jdk"
The results from apt-cache search openjdk will list all the versions of jdk available. In my case the latest version was “openjdk-19-jdk, so lets install it.
sudo apt install openjdk-19-jdk
Its my experience that the repos do not always have the latest version of the ZAProxy software so I recommend going to the source and downloading it. Grab the latest version from the ZAProxy website.
For this I downloaded the “Linux Package”. Once download you can extract the archive into a folder of your choice. I used a directory called “zaproxy” in my home folder.
Once downloaded, right click and select “Open with Archive Manager”
Select the ZAP folder and click the Extract button
Choose the destination folder and click the extract button.
You should get the below message. Click on the “Show the Files”
The file browser will open and you will see the ZAP folder.
Double click it and you will see the files.
Now you have ZAProxy extracted you can run it from this folder all the time. Either from the file Browser or from the command line.
ZAProxy First run
The important file here is the file called “zap.sh”. This will launch the software. So select and right click it to open the context menu. Then click “Run as Program”
A terminal will open and ZAProxy will launch.
For now Select “No, I do not want to persist this session at this moment in time”. Then click start.
ZAProxy automatically checks the status of its plugins on launch and if this is the first run then quite a few of them will be out of date. You will be presented with the “Manage Add-ons” page. Just click “Update All” to proceed with the latest version of the plugins.
The ZAProxy interface.
So now we have our first run of OWASP Zap we have a few more things to do before we can fully use it into our work flow.
- Enable OWASP Zap in the Ubuntu menu.
- Get chromium working with OWASP Zap
- Create your first Session
I hope you got some value from manually installing Zap on Linux and if you need to leave me some feed back you can find me on twitter.
Comments are closed.