ZAP is an easy-to–use, integrated Penetration Testing tool for finding the vulnerabilities in web applications. We provided a brief overview of how to use ZAP in Chapter 3 regarding scanning a target for possible vulnerabilities. Let's revisit ZAP for identifying and exploiting cross-site scripting (commonly referred to as XSS) vulnerabilities.

ZAP comes built into Kali Linux 1.0, and can be found under Sniffing/Spoofing | Web Sniffers and selecting Owasp - ZAP, or simply opening a terminal window and typing in zap, as shown in the following example:


Here is a summary of setting up ZAP with Firefox, as explained in Chapter 3:

  1. Accept the ...

Get Web Penetration Testing with Kali Linux now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.