Trying to get OWASP ZAP to work with Tor

Hey all, first timer here, heard of the forum on reddit.

I’m on latest Kali 2 and trying to get OWASP ZAP to go through Tor and haven’t been able to get it work after trying pretty much everything I’ve found on the internet. Here’s my situation:

Fresh Kali install
Installed tor and proxychains
tor running correctly and proxychaining curl works fine

web browser proxy settings are 127.0.0.1 port 8080

With ZAP connection setting on “use outgoing proxy server” set at 127.0.0.1 port 9050

Use web browser to check at tor project gives the following error.

This is a SOCKs proxy, not an HTTP proxy.

It appears you have configured your web browser to use this Tor port as an HTTP proxy.

This is not correct: This port is configured as a SOCKS proxy, not an HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPort configuration option in place of, or in addition to, SOCKSPort. Please configure your client accordingly.

See torproject.org/documentation.html for more information.

In ZAP sending a manual http request to check at torproject returns same error.

Changing ZAP connection options to remove “connect to outgoing proxy” and restarting ZAP does …

Web browser check torproject loads but says not connected to Tor.

Manual http request in ZAP to same URL returns same error.

Hello, and welcome to 0x00sec. Since this post is a question, I moved it to the “Support” category.

As for your question, I think @pry0cc can help.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.