How to use OWASP ZAP for MiTM attack on Android?

Question

I know that I have not handled MiTM in my Android application and it might be vulnerable. I want to test scenario by connecting my Android phone via proxy (my laptop) and using any possible tools to check for MiTM attack.

Answer 1

You'll need to:

1. Install the ZAP root CA cert as a trusted root CA cert on your device
2. Set up ZAP on a computer and set the host it uses as blank so that it listens on all IP addresses
3. Configure your device to proxy through that computer

Theres a video + description whith more details here: https://security.secure.force.com/security/tools/webapp/zapandroidsetup