This is SSL termination plugin for OWASP Zed Attack Proxy (ZAP).
- ZAP 2.4.2+
- Java 8
- open ZAP
- File -> Load Add-on file...
- browse for
sniTerminator-*.zap
file
General configuration
- configure SSL port: ZAP -> Tools -> Options... -> SNI Terminator
- configure browser to use proxy or use it as transparent proxy
Root certificate:
- Generate root certificate: ZAP -> Tools -> Options -> Dynamic SSL Certificates -> Generate
- Export root certificate: ZAP -> Tools -> Options -> Dynamic SSL Certificates -> Save ->
owasp_zap_root_ca.cer
Import certificate in Firefox:
- open about:preferences#advanced
- follow Certificates -> View Certificates -> Authorities -> Import ...
- browse for exported certificate, e.g.,
owasp_zap_root_ca.cer
Install dependencies
./libs/install.sh
Build package
mvn package
After successful build, plugin will available in: sni-terminator-plugin/target/
directory
If you are using ZAP up till 2.4.0, then use official "SNI Terminator" plugin from Add-on Marketplace.