WEBVTT 0:00:04.380000 --> 0:00:07.320000 context and scope in OASP zap. 0:00:07.320000 --> 0:00:13.100000 Now I would be remiss if I did not mention anything about scope with regards 0:00:13.100000 --> 0:00:17.480000 to zap because this is something that is very, very, very important. 0:00:17.480000 --> 0:00:20.740000 I'd obviously covered this when we were talking about the targets and 0:00:20.740000 --> 0:00:22.400000 scope in burp suite. 0:00:22.400000 --> 0:00:27.720000 So in the case of zap, it's typically referred to as the context where 0:00:27.720000 --> 0:00:30.480000 you're able to define a particular scope. 0:00:30.480000 --> 0:00:33.660000 And of course, I'm not going to go over the importance of defining a scope 0:00:33.660000 --> 0:00:37.320000 and working within a scope, because I've already covered that. 0:00:37.320000 --> 0:00:40.360000 I'm just going to be explaining to you how it works in zap. 0:00:40.360000 --> 0:00:42.500000 It's very, very simple to understand. 0:00:42.500000 --> 0:00:46.540000 So I don't want to spend too much time on it because you should be familiar 0:00:46.540000 --> 0:00:53.780000 with the idea or the concept of the actual pen test scope and how to only 0:00:53.780000 --> 0:00:55.740000 focus on sites that are within the scope. 0:00:55.740000 --> 0:00:59.360000 I'm just showing you how to put that into action or how to implement it 0:00:59.360000 --> 0:01:08.720000 into zap. And again, just think of context as the target tab in burp suite, 0:01:08.720000 --> 0:01:13.820000 where you specify your scope and your scope can be as wide and as narrow 0:01:13.820000 --> 0:01:17.420000 as you want it. With that being said, I'm going to switch over into my 0:01:17.420000 --> 0:01:20.600000 Kali Linux system, and I'm going to show you how you can do this. 0:01:20.600000 --> 0:01:22.620000 So I'll see you there. 0:01:22.620000 --> 0:01:27.180000 All right, so I am back on my Kali Linux system. 0:01:27.180000 --> 0:01:30.300000 And in this case, we're going to use a very, very simple example, right? 0:01:30.300000 --> 0:01:31.640000 So I'll start up zap. 0:01:31.640000 --> 0:01:34.480000 And we'll give it a couple of seconds. 0:01:34.480000 --> 0:01:37.500000 And we are going to, first thing we're going to do is we do not want to 0:01:37.500000 --> 0:01:40.940000 persist this, but you can if you want, we're going to set this to protected 0:01:40.940000 --> 0:01:44.680000 mode. All right, I've already explained the differences between the modes, 0:01:44.680000 --> 0:01:46.640000 but that's how it works. 0:01:46.640000 --> 0:01:51.380000 So you can see that right over here within the site tree that we have 0:01:51.380000 --> 0:01:53.720000 context, and then we have sites. 0:01:53.720000 --> 0:01:57.660000 All right, now this may be a little bit confusing when you haven't configured 0:01:57.660000 --> 0:02:01.840000 your context. So the first thing we're going to do is we're going to make 0:02:01.840000 --> 0:02:06.120000 sure that we're not breaking on any requests or intercepting any requests. 0:02:06.120000 --> 0:02:10.160000 I'm going to open up the zap browser here. 0:02:10.160000 --> 0:02:14.020000 And don't worry if it gives you that error, but we have it right over 0:02:14.020000 --> 0:02:16.980000 here. And I'm just going to utilize i Knee dot com. 0:02:16.980000 --> 0:02:21.920000 All right, so we can see that we've made the request and now it's going 0:02:21.920000 --> 0:02:27.440000 to build up a site map based on the URL that we're visited. 0:02:27.440000 --> 0:02:31.440000 Now let's say i Knee dot com, it contracted us to perform a web application 0:02:31.440000 --> 0:02:36.100000 security assessment on just i Knee dot com, no sub domains just on this 0:02:36.100000 --> 0:02:38.220000 website or this domain. 0:02:38.220000 --> 0:02:42.680000 Well, we have all of these sites, are they in scope or out of scope? 0:02:42.680000 --> 0:02:47.200000 Well, in this particular context, these are all third party solutions 0:02:47.200000 --> 0:02:51.920000 that come in the form of libraries, whether they be JavaScript libraries, 0:02:51.920000 --> 0:02:55.560000 style sheets, APIs, etc, etc. 0:02:55.560000 --> 0:02:59.320000 What that means is that they're not within the scope, but this may be 0:02:59.320000 --> 0:03:01.260000 very, very confusing. 0:03:01.260000 --> 0:03:06.660000 So what you want to do ideally is identify the site that is in scope or 0:03:06.660000 --> 0:03:10.360000 that you know, you're you've been hired to perform the assessment on, 0:03:10.360000 --> 0:03:16.680000 you want to right click on it, and you want to include it in a particular 0:03:16.680000 --> 0:03:20.380000 context. So you can use the default context or you can create your own. 0:03:20.380000 --> 0:03:25.660000 So think of context as little silos with where you have different sites. 0:03:25.660000 --> 0:03:29.540000 So it's sort of a way of breaking down and organizing your scope, especially 0:03:29.540000 --> 0:03:31.260000 for larger web applications. 0:03:31.260000 --> 0:03:32.280000 That's very useful. 0:03:32.280000 --> 0:03:34.420000 But we can use the default context. 0:03:34.420000 --> 0:03:39.460000 And you can see that right over here under the default context, the sites 0:03:39.460000 --> 0:03:42.740000 to include in the context are just iNi.com. 0:03:42.740000 --> 0:03:48.440000 You can also exclude specific subdomains or URLs that you don't want to 0:03:48.440000 --> 0:03:52.040000 be in that particular context explicitly. 0:03:52.040000 --> 0:03:56.060000 So once you've done that, you pretty much just need to say, okay, now 0:03:56.060000 --> 0:03:59.580000 you may be saying, well, we've added it to the context, but I can't see 0:03:59.580000 --> 0:04:04.660000 it. And I'm still seeing all of these other sites or, you know, all of 0:04:04.660000 --> 0:04:09.700000 these other third party websites, you know, API is libraries, etc. 0:04:09.700000 --> 0:04:14.000000 Because most of them look like, you know, JavaScript libraries, etc. 0:04:14.000000 --> 0:04:18.860000 Well, that's because we haven't clicked or enabled the bullseye option 0:04:18.860000 --> 0:04:21.200000 here, which will only show the URLs in scope. 0:04:21.200000 --> 0:04:23.720000 So once we do that, there we are. 0:04:23.720000 --> 0:04:25.200000 So we have the context. 0:04:25.200000 --> 0:04:28.820000 And if you click on a particular context, it's important to note that 0:04:28.820000 --> 0:04:34.160000 you can add multiple URLs into a context or multiple sites into a context. 0:04:34.160000 --> 0:04:39.240000 And you never want to directly run a scan on a context level. 0:04:39.240000 --> 0:04:43.140000 But if we double click on the context here, you'll be able to see, you 0:04:43.140000 --> 0:04:46.580000 know, the sites included within the context and view some general information 0:04:46.580000 --> 0:04:49.840000 regarding it and regarding the session. 0:04:49.840000 --> 0:04:55.740000 But yeah, we now have that limited exactly to our, to our scope, which 0:04:55.740000 --> 0:04:57.080000 is just iNi.com. 0:04:57.080000 --> 0:04:59.140000 So again, very, very simple. 0:04:59.140000 --> 0:05:02.860000 And in this case, everything is going to be limited just to this site. 0:05:02.860000 --> 0:05:05.180000 And you know, we can now right click on it. 0:05:05.180000 --> 0:05:07.880000 And it's already included in the default context. 0:05:07.880000 --> 0:05:09.200000 So that's going to be grayed out. 0:05:09.200000 --> 0:05:15.020000 But we can, in essence, begin, you know, performing various types of assessments, 0:05:15.020000 --> 0:05:19.780000 whether it's a scan, whether we want to perform spidering, so on and so 0:05:19.780000 --> 0:05:26.200000 forth. So another thing to note here is if we take a look at, let's see, 0:05:26.200000 --> 0:05:27.920000 is this highlighted here? 0:05:27.920000 --> 0:05:31.660000 One second. So we take a look at that particular request. 0:05:31.660000 --> 0:05:37.780000 Does that provide us with the ability to, if we say go to attack? 0:05:37.780000 --> 0:05:39.380000 Yeah, that looks like it works. 0:05:39.380000 --> 0:05:43.980000 So active scan forced browse site, forced browse directory, forced browse 0:05:43.980000 --> 0:05:48.320000 directory and children, the Ajax spider, the spider and the fuzzer. 0:05:48.320000 --> 0:05:51.480000 So of course, we know the fuzz is the intruder and we have the repeater 0:05:51.480000 --> 0:05:53.200000 here. So there we are. 0:05:53.200000 --> 0:05:54.480000 Very, very simple. 0:05:54.480000 --> 0:05:59.820000 And because, you know, the passive crawling is enabled, if we go to manual 0:05:59.820000 --> 0:06:04.480000 explore, in this particular case, URLs to explore, we can just specify 0:06:04.480000 --> 0:06:09.360000 the sites here. So I and E, so select that them. 0:06:09.360000 --> 0:06:11.300000 And we already doing that. 0:06:11.300000 --> 0:06:12.600000 So we don't need to do it. 0:06:12.600000 --> 0:06:15.760000 What that means is that we know we just start exploring that here. 0:06:15.760000 --> 0:06:23.040000 And we should start to subdomains. 0:06:23.040000 --> 0:06:24.720000 And that can also be modified. 0:06:24.720000 --> 0:06:28.360000 So if we go back into the context and modified by double clicking it, 0:06:28.360000 --> 0:06:32.680000 we can utilize rejects to say, you know, HTTPS. 0:06:32.680000 --> 0:06:36.700000 And in this case, we can say, I need calm as well. 0:06:36.700000 --> 0:06:39.320000 So I'll add that there, hit OK. 0:06:39.320000 --> 0:06:45.180000 And we will go back into our browser and reload this here. 0:06:45.180000 --> 0:06:48.420000 And let's see, that should be added. 0:06:48.420000 --> 0:06:56.020000 We added that did we add that to our open this up here, we can see we 0:06:56.020000 --> 0:06:57.720000 added subdomains. 0:06:57.720000 --> 0:07:02.260000 And we are going to find that particular subdomain here. 0:07:02.260000 --> 0:07:07.160000 So let's see if we can find it that in this particular case is going to 0:07:07.160000 --> 0:07:10.440000 point towards my.ini.com. 0:07:10.440000 --> 0:07:12.940000 Was that actually profiled here? 0:07:12.940000 --> 0:07:15.500000 So there we are, we can include this in the context. 0:07:15.500000 --> 0:07:18.980000 So default context, there we are as a subdomain. 0:07:18.980000 --> 0:07:24.720000 But by default, that should include all subdomains there. 0:07:24.720000 --> 0:07:31.060000 So if I just limit it there, that should actually limit it. 0:07:31.060000 --> 0:07:37.280000 If we refresh the sites tree, just by right clicking, that should be added. 0:07:37.280000 --> 0:07:40.400000 In this case, we would need to add it explicitly. 0:07:40.400000 --> 0:07:44.880000 But yeah, that's essentially the process of adding sites to, you know, 0:07:44.880000 --> 0:07:48.300000 your context or your scope, if you will, in this particular case. 0:07:48.300000 --> 0:07:52.820000 And that way, you keep your your session clean of any other traffic that 0:07:52.820000 --> 0:07:57.040000 may not be within your scope, or that you may not be interested in. 0:07:57.040000 --> 0:08:02.040000 And with regards to what else you can do for the context, just to highlight 0:08:02.040000 --> 0:08:06.480000 this here, I'd mentioned this earlier on, and that is authentication. 0:08:06.480000 --> 0:08:11.560000 So you have the ability to also specify credentials so that you can log 0:08:11.560000 --> 0:08:15.460000 in automatically, also that ZAP can log in automatically when performing 0:08:15.460000 --> 0:08:20.320000 scans. But directly from this particular case in protected mode, this 0:08:20.320000 --> 0:08:25.340000 is the point from which we can actually begin all types of other activities 0:08:25.340000 --> 0:08:36.980000 like performing an active scan, a forced browse site, forced browse directory, 0:08:36.980000 --> 0:08:40.400000 you know, forced that is going to conclude the practical demonstration 0:08:40.400000 --> 0:08:41.820000 side of this video.