![]() A screenshot of the plug-in's description page is shown below. To find it, go to Tools -> Add-ons, search for "cookie managers," and select Advanced Cookie Manager for installation to Firefox. The examples in this document use the Advanced Cookie Manager plug-in for Firefox. A cookie editor can be used to examine and modify an application's cookies, and these capabilities are utilized by the test procedures for authentication cookies and cookie handling, covered in Section E5 Authentication Token and Cookie Handling. The use of cookies allows Web services to maintain the "state" of a session so that previous interactions can be taken into account when new requests arrive. The browser saves the cookie values and includes them with subsequent http requests to the same application or domain. If an application opens new browser tabs or views as the user interacts with it, it may be necessary or more straightforward to observe the traffic in an external proxy (such as ZAP, described below).Ĭ3 Installing and Using Advanced Cookie ManagerĬookies are small text strings sent by servers to browsers in http responses as the user interacts with a Web service. Firebug is a useful tool for initial examinations of Web pages, as it can be used to detect basic issues that merit additional testing. The descriptions of individual tests in the testing scenarios give more details on how to find the important parts of the request and response in the Firebug display for the test in question. Image Caption: Using Firebug to get detailed information about a transaction A screenshot of the plug-in's description page (to ensure you are getting the correct plug-in) is shown below. To install Firebug, go to Tools -> Add-ons, search for "Firebug," and select it for installation to Firefox. This rest of this section describes setting up the proxy and related testing tools and how to use these tools to perform the tests in this primer.Ĭ2 Installing and Using Firebug to Observe HTTP and HTTPS Traffic ZAP downloads and documentation are available at the OWASP ZAP project page. It provides more advanced features than Firebug and can be used to monitor the network traffic of mobile devices, as well as programs or browsers running on any host on the tester's local network. OWASP Zed Attack Proxy, or ZAP, is a freely available, cross-platform, and open-source proxy program developed and maintained by OWASP (Open Web App Security Project). More information about the Advanced Cookie Manager is available at. The Advanced Cookie Manager plug-in is a tool that lets us manipulate, inspect, and delete individual cookies. More information about Firebug can be found at. Because of its straightforward setup and integration with the browser, it is a good choice for tests that do not require the extra features of an external proxy such as OWASP ZAP. It can monitor both http and https traffic. ![]() įirebug is a browser extension that enables observation of the network requests and responses for Firefox browsing sessions. C4.5 Observing WebSockets Traffic Using ZAP ProxyĪll of the tests documented in the primer are run using:įirefox is a free, open-source browser and can be downloaded here.C4.4 Installing Proxy SSL Certificate on Browser and Mobile Devices.C4.3 Setup for Testing Mobile Devices and/or Web Browsers on a Different Computer from the Proxy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |