Web应用程序漏洞挖掘代理 - ZAProxy

Zed Attack Proxy (ZAP)是一个易于使用交互式的用于web应用程序漏洞挖掘的渗透测试工具。ZAP即可以用于安全专家、开发人员、功能测试任何甚至是渗透测试入门人员。ZAP除了提供了自动扫描工具还提供了一些用于手动挖掘安全漏洞的工具。目前ZAP更新之1.3.2版，新版本主要改变如下：

    * Issue 53 : Scan Policy configuration bug
    * Issue 62 : The “Export all urls to File” does not seem to work
    * Issue 87 : SSL not working with Dynamic SSL Certificate generator (with Chrome on Mac OS)
    * Issue 95 : NullPointerException when dropping requests in proxy
    * Issue 106 : Cannot display HTTP gzipped contents
    * Issue 107 : The last intercepted request/response remains in the Break window
    * Issue 131 : Right click on Mac without mouse doesn’t work
    * Issue 138 : Broken end of stream detection causes endless loop and threads not ending
    * Issue 143 : Help button: Options –> Language
    * Issue 145 : Crash at start up
    * Issue 147 : Session save and request/response data
    * Issue 151 : Incorrect language used by ZAP

    * Issue 152 : Check for updates not working

工具下载：http://code.google.com/p/zaproxy/downloads/list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.