USING WEB PROXIES ZAP Scanner

0xchilli · May 7, 2025, 6:11pm

for future readers.

you probably ran spider scan then ajax spider scan, if you didn’t… do that .
then run active scan with

recurse mode on
, and on the same site and port and it will run for a while then it will show you a certain high alert that was already shown inside the module. copy that payload and modify it for flag.txt.

I guess I didn’t add a single word that destroys the try harder solution hopefully

but please see why the HUD doesn’t work for you and try to make it work, it is a must coupled with burp suite community.

RexX · May 9, 2025, 11:15am

I’ve worked with ZAP before, and for quick vulnerabilities, you might want to focus on things like open redirects or weak HTTP headers (like missing security headers). These are pretty common and don’t usually require a ton of work to identify. Try checking for misconfigurations in the proxy setup too.

Topic		Replies	Views
Zap Web Scanner within the Bug Bounty Hunting Cert Tutorials	0	109	August 22, 2024
Using Web Proxies - Zap Scanner HUD does not work HTB Content proxy , academy , academy-help	2	1526	November 19, 2024
Using Web Proxies - Module HTB Content	0	226	November 22, 2022
Firewall and IDS/IPS Evasion - Hard Lab Machines academy	46	19705	November 24, 2024
Using Web proxies Skill Assessment Question #1 Academy	4	1484	October 3, 2022

USING WEB PROXIES ZAP Scanner

Related topics