Cloud Security -

Video walkthrough of setting up ZAP tool for iOS devices:

  1. Installation
  1. Download ZAP from here.
  2. Install and open ZAP        

  1. Installing certificate

Since all requests and responses are proxied by ZAP, the certificate verification will fail for sites using SSL (HTTPS) and the connection will be terminated. To prevent this from happening, ZAP generates an SSL certificate for each host, signed by its own Certificate Authority (CA) certificate. This CA certificate is generated the first time ZAP is run, and is stored locally. To use the ZAP Proxy with these websites, you will need to install ZAP’s CA certificate as a trusted root in your device.

  1. Go to Tools>Options>Dynamic SSL Certificate. Click Generate and then click Save.
  2. Save the certificate in the desired location. Make sure the file has a .cer extension
  3. Send the certificate to the apple device (This can be done via email)
  4. Upon receiving the certificate, click on it to open the certificate and follow the steps below

  1. Configuring Proxy

  1. Connect your laptop/PC to a known Wifi network (This works best on a dedicated router.)
  2. In the ZAP UI, go to Tools>Options>Local Proxy
  3. Set the Address to Blank
  4. Set the port number to a port of your choosing (preferably 8080)

  1. Find out the IP address of your laptop/PC (Use ipconfig in command line for windows, ifconfig in terminal for mac/linux)
  2. On your Apple device go to Settings>Wifi>(select the same network used by your laptop)
  3. In the bottom you will find “HTTP Proxy”. Select manual.
  4. Type your computer’s IP address in the Server field, and enter the Port number selected earlier (8080). Authentication can be OFF.

  1. Click Back.
  2. Open any SSL website in the browser of your iPhone/iPad and make sure the site shows up below Sites list in ZAP

Next: Running the Scan