forked from zaproxy/zaproxy
-
Notifications
You must be signed in to change notification settings - Fork 2
FAQlocalhost
kingthorin edited this page Sep 24, 2019
·
6 revisions
FAQ: How do you configure ZAP to test an application on localhost?
ZAP has no problems scanning applications running on localhost, however there are a couple of things you need to be aware of.
By default ZAP listens on port 8080. If your app also listens on 8080 then you'll need to change one of them to listen on a different port - its probably easier to change ZAP using the Options Local Proxies screen, remember to change your browser's proxy settings as well: Configuring Proxies.
You also need to check that you have not configured your browser to ignore your configured proxy (ZAP) for localhost (as is the default for many modern browsers).
Note:
- To proxy
localhost(and related addresses) with newer Firefox versions (>= 67) the preferencenetwork.proxy.allow_hijacking_localhost(accessible through theabout:configpage) must be set totrue. - To proxy
localhost(and related addresses) with newer Chrome versions (>= 72) the command line argument--proxy-bypass-list=<-loopback>must be provided.