How to enable "streaming mode" in ZAP? - owasp

I am using zap as a proxy and I can't seem to find a way to allow applications connected to ZAP Proxy to stream content.
In another app, fiddler 4, there is an option to enable streaming mode. By default, fiddler 4 fully buffers content it receives from the server before forwarding to the requesting application. Now this becomes a problem when download sizes are big and the requesting application needs immediate response from the server. Now, the streaming mode in fiddler solves this problem by forwarding pieces of the content to the requesting application. Fiddler is only on windows but I use Linux, and fiddler everywhere still lacks features I need.
Now ZAP has the features but it buffers content.
Is there a way for OWASP ZAP to enable streaming mode?

Not at the moment I'm afraid. But you can approach to the ZAP team and open a new Feature Request so they can keep that need in mind for future releases.

Related

Raspberry Pi and Windows IoT

I am working on an automation project using Raspberry pi and Windows IoT. Is it possible to broadcast to a web page, similar to Server-Send-Event? I am monitoring certain events and instead of calling server every few seconds for updates, I would like server to send the alert to web page direct. Any help would be greatly appreciated.
I think you can use WebSockets. WebSockets are an advanced technology that makes it possible to open an interactive communication session between the user's browser and a server. You can refer to this sample. Or you can use IoTWeb to embed a simple HTTP and WebSocket server into your application.
Update:
WebSockets are a great addition to the HTTP protocol suite, but there are numerous situations where they cannot be used.
Some companies have firewalls that will prevent WebSockets from
working.
If you are deploying software in a shared hosting
environment, you may not be permitted to use WebSockets.
If you are
behind a reverse proxy that isn’t configured or the software doesn’t
support pass-through of WebSocket protocol, WebSockets won’t work.
Another option is long polling,the browser does an XHR request and the server simply doesn’t respond until it has something to send. But in this way, if you want to do 2-way communications with the server, you are effectively using 2 sockets. One is tied up hanging/waiting for the long poll response, and the other is sent by the client to send new information to the server. Long polling is also problematic because the client has to be able to handle XHR errors, some of which are tricky to handle or even impossible to handle. You can search more differences and disadvantages from internet.

How to stop Fiddler 2 from logging requests made from web browsers and other applications?

I would like to use Fiddler 2 to make GET and POST requests and to analyze the responses, but it's made almost impossible because of how many other requests it logs from internet browsers and other applications.
How can I get Fiddler to only show requests that I made inside of it, along with the responses to those requests?
There are many ways to filter traffic by process in Fiddler; a simple search on any major search engine will turn up all of them.
For your needs, however, you simply don't want Fiddler to be the system proxy. Hit F12 or untick File > Capture Traffic; no other client will then send its traffic to Fiddler.
If you only ever care about requests from the Composer, click Tools > Fiddler Options and untick "Act as System Proxy on Startup" on the Connections tab.

Random sessions using Fiddler

all,
I use Fiddler for developing and debugging Web apps, and I find that random stuff shows up in the list of "sessions" after I turn off Capture Traffic. It's perhaps a few items every ten or fifteen minutes. I know this is a really broad question, but is there some way to figure out why these things are showing up and what they are?
Thanks!
The Capture Traffic setting controls whether or not Fiddler is registered as the system's proxy server. Most clients (Internet Explorer, etc) will react to the system proxy setting at runtime, so that when you disable the Capture traffic setting, they'll stop sending traffic to Fiddler.
However, some clients (particularly .NET applications) do not react to proxy setting changes and always use whatever proxy was set when the client was started; they'll continue to send traffic to Fiddler until the client is restarted.
You can examine the Process column in Fiddler to see what client isn't properly reacting to changes in the system's proxy setting.
You likely have web pages open that periodically hit the server from within javascript (ajax calls), fiddler captures that traffic and that's what you're seeing.

Chrome dev tools loses network history

The Network tab in Google Chrome developer tools is great but seems to lose all history on certain form posts.
Is there any way to get it to retain network history?
If not is there another tool I could use?
The "Preserve Log upon Navigation" status bar button in the Network panel should solve the issue:
Is there any way to get it to retain network history?
Yes and No. It may not retain the network history you want. (verified with chrome 62 in 2017-11-22)
If not is there another tool I could use?
https://www.charlesproxy.com/
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
I am using chrome 98 and this worked for me checking this

See what website the user is visiting in a browser independent way

I am trying to build an application that can inform a user about website specific information whenever they are visiting a website that is present in my database. This must be done in a browser independent way so the user will always see the information when visiting a website (no matter what browser or other tool he or she is using to visit the website).
My first (partially successful) approach was by looking at the data packets using the System.Net.Sockets.Socket class etc. Unfortunately I discoverd that this approach only works when the user has administrator rights. And of course, that is not what I want. My goal is that the user can install one relatively simple program that can be used right away.
After this I went looking for alternatives and found a lot about WinPcap and some of it's .NET wrappers (did I tell you I am programming c# .NET already?). But with WinPcap I found out that this must be installed on the user's pc and there is nog way to just reference some dll files and code away. I already looked at including WinPcap as a prerequisite in my installer but that is also to cumbersome.
Well, long story short. I want to know in my application what website my user is visiting at the moment it is happening. I think it must be done by looking at the data packets of the network but can't find a good solution for this. My application is build in C# .NET (4.0).
You could use Fiddler to monitor Internet traffic.
It is
a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
It's scriptable and can be readily used from .NET.
One simple idea: Instead of monitoring the traffic directly, what about installing a browser extension that sends you the current url of the page. Then you can check if that url is in your database and optionally show the user a message using the browser extension.
This is how extensions like Invisible Hand work... It scans the current page and sends relevant data back to the server for processing. If it finds anything, it uses the browser extension framework to communicate those results back to the user. (Using an alert, or a bar across the top of the window, etc.)
for a good start, wireshark will do what you want.
you can specify a filter to isolate and view http streams.
best part is wireshark is open source, and built opon another program api, winpcap which is open source.
I'm guessing this is what you want.
capture network data off the wire
view the tcp traffic of a computer, isolate and save(in part or in hole) http data.
store information about the http connections
number 1 there is easy, you can google for a winpcap tutorial, or just use some of their sample programs to capture the data.
I recomend you study up on the pcap file format, everything with winpcap uses this basic format and its structers.
now you have to learn how to take a tcp stream and turn it into a solid data stream without curoption, or disorginized parts. (sorry for the spelling)
again, a very good example can be found in the wireshark source code.
then with your data stream, you can simple read the http format, and html data, or what ever your dealing with.
Hope that helps
If the user is cooperating, you could have them set their browser(s) to use a proxy service you provide. This would intercept all web traffic, do whatever you want with it (look up in your database, notify the user, etc), and then pass it on to the original location. Run the proxy on the local system, or on a remote system if that fits your case better.
If the user is not cooperating, or you don't want to make them change their browser settings, you could use one of the packet sniffing solutions, such as fiddler.
A simple stright forward way is to change the comupter DNS to point to your application.
this will cause all DNS traffic to pass though your app which can be sniffed and then redirected to the real DNS server.
it will also save you the hussel of filtering out emule/torrent traffic as it normally work with pure IP address (which also might be a problem as it can be circumvented by using IP address to browse).
-How to change windows DNS Servers
-DNS resolver
Another simple way is to configure (programmaticly) the browsers proxy to pass through your server this will make your life easier but will be more obvious to users.
How to create a simple proxy in C#?