what you'll learn
Anyone who has used burp suite pro but wants a free alternative
If you've never used a MiTM proxy
If you want to intercept traffic from your browser to the server
If you want to automatically scan your application for vulnerabilities
OWASP Zed Attack Proxy AKA ZAP is a great tool for pen-testers and bug bounty hunters alike. Everyone needs a MitM proxy if they are investigating application traffic and while there are many to pick from, ZAP has distinct advantages over all of them.
Compared to burp suite pro, OWASP ZAP includes the same features but is free.
Compared to Charles proxy, ZAP includes more interactivity.
ZAP has context-dependent UI screens, meaning they only show you what is relevant at that time to avoid screen clutter.
ZAP works with a server/database system, allowing you to easily make and restore snapshots.
We can keep on going on forever about it's clear this is an essential tool for any hacker who takes themselves even the least bit serious. While it may be a bit harder to learn since everyone is used to burp suite, this tutorial aims to guide you through the basics in video format. You can follow along with the instructor and even perform the automated scans on labs that are created by the author.