In this blog post I will explain how to configure Ruby httpclient gem in order to redirect its http traffic through OWASP ZAP http proxy.
First, start OWASP ZAP proxy. Go to Tools->Options and get/set local proxy value. Default is localhost:8080. Set http_proxy environment variable. On unix run in terminal
export http_proxy=http://localhost:8080
For ssl proxing, first get ZAP certificate. Go to Tools->Options->Dynamic SSL Certificate and save certificate with pem extension to your repository root folder and with some descriptive file name (e.g. owasp_zap_root_ca.pem). Add following line of Ruby code in your httpclient configuration class:
@web_client = HTTPClient.new
@web_client.ssl_config.set_trust_ca ‘./owasp_zap_root_ca.pem’
Note: this is only code snippet and I would not work without additional code. For setting trusted certificates, second line is important.
Now run your testing scripts. As I am using rspec, my run command line is rspec spec/script_name.rb. In ZAP history tab you will see details for generated http traffic.
