I’ve been asked to look at Penetration testing Strapi and I’m using OWASP ZAP with Foxyproxy to try and intercept requests to inspect them in order to tick off various security issues.
I believe I have this all set up to intercept on localhost:8080 in foxyproxy and in ZAP, but it does not detect requests when navigating around the CMS (it should be picking up various GET requests and POST if I create new entries etc). It is detecting requests made to analytics.strapi so that suggests its not far off from working. How come it doesn’t detect these internal requests?
This topic has been created from a Discord post (1299390291710578730) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord