how to perform mobile security test on real devices using OWASP ZAP

1.9k views Asked by At

I want to perform security test an mobile application, both Android and Studio. For that I am considering to use OWASP ZAP. But I don't know how can we perform the test with real device. So, anyone knowing this, please let me know. Thanx!

1

There are 1 answers

0
AudioBubble On BEST ANSWER

Yes,you can perform the test simply by using "proxy server". First you need to install the certificate in your mobile device for ZAP to record it. You can do that by following steps:

  1. Open ZAP
  2. Go to Tools
  3. Click in Options then click in Dynamic SSL Certificate and generate the new and save it.
  4. Then you need to send that certificate to your device, make sure you name the file as "zap"
    1. In the local proxy, set the address "empty"

Then, you need to configure your android/ios application network configuration You can do that by following steps:

  1. Go to advance setting of the network
  2. Click in proxy and set it as "manual"
  3. Then, you need to enter the proxy server to your computer IP address and port to proxy set in the ZAP.

After these steps, you need to be able to perform the test.

Hope it works! Thanx!