OWASP Zap (or zaproxy) is a great program, but getting the latest and greatest version up and running requires a bit of effort. But it’s time well spend. Following on from my post on how to set up Chromium for OWASP, here you will find how I set up Firefox with OWASP Zap. Which in my opinion, works a bit better than Chromium.
Sometimes it’s easier to just watch a Video.
Software Required
Lets take a look at the software needed to proceed.
Linux
I am using Ubuntu, but the process will work for any modern Linux System.
Firefox
Although nearly all modern Linux distributions come with Firefox installed, it is best to avoid using your system install. With Ubuntu it comes usually packaged with snap and that can bring its own issues. I find it best to us a separate install of Firefox just for Zap.
Head on over to the Linux download site for Firefox and download it now.
Once downloaded open the file in the Archive manager.
Then click the Extract button. It will ask you where you want to extract it too. I have a folder in my home drive called zaproxy. Which I already placed the software for Zap and Chromium into. So I will use that. You can put it anywhere you like.
Once done you will be presented with the below screen.
Double Click the firefox folder to browse it. Find the file called “firefox” and right click to select “Run”
All going well, Firefox should launch
If you have any issues with this step, make sure your system is patched to the latest version of your OS and do it again.
Integrate Firefox into OWASP Zap
Zap uses selenium to control web browers. Selenium uses a tool called a WebDriver to send commands to browers. You have to be sure that are using the correct WebDriver version with the correct browser. If there any any issues zaproxy usually tells you in an not so subtle way. Lucky for us Zap has Selenium plugin installed by default that will have the latest WebDriver set up for us. Just make sure you keep your plugins updated.
Lets start, go to the options page for ZAProxy, by going to Tools -> Options
Once on the options page you can go to Selenium section.
Under “Binaries” in the “Firefox” section. Click “Select” and browse to where you extracted Firefox. In my case it was in my home directory in a folder called “zaproxy”.
Click ok and you will go back to Zap.
Launching Firefox
Go back to the main ZAP screen and on the “Quick Start” menu select “Manual Explore”
From the “Manual Explore” page put in a web site into the “URL to explore:” section, and change the browser to Firefox. Then click Launch.
This should Launch Firefox and open the URL to explore.
When working with OWASP Zap, this is the best way to manage browsers as it takes care of the ssl integration automatically and does’t effect your System Firefox install.
Wrap Up
I hope you got some value from this post on how to Set up Firefox with OWASP Zap. Please leave a comment or you can find me on twitter.