LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

To observe encrypted OAuth traffic, you import an intercepting proxy's (e.g. ZAP's) Root CA certificate into the browser. What does this accomplish, and what attack does it mimic?

It makes the browser trust certificates the proxy generates on the fly, so ZAP can decrypt and re-encrypt HTTPS traffic — i.e. you deliberately run a Man-in-the-Middle (MitM) attack on yourself.

With ZAP's Root CA trusted, the browser's TLS is answered by a forged cert; ZAP decrypts and re-encrypts.

* ZAP TLS intercept: a trusted Root CA lets the proxy MITM HTTPS. *

HTTPS normally stops anyone in the middle from reading traffic. An intercepting proxy like OWASP ZAP defeats this for analysis by:

  1. Terminating the browser's TLS connection itself, presenting a certificate it forged for, say, auth0.com.
  2. Opening its own TLS connection onward to the real server.

The browser would normally scream "untrusted certificate" — unless the proxy's Root CA is in its trust store. By importing ZAP's Root CA, you tell the browser "trust anything this CA signs," so the forged certs are accepted silently.

That's textbook MitM: ZAP sits between you and the server, seeing everything in cleartext.

Tip: Firefox keeps its own certificate store, but Edge and Chrome use the Windows certificate store — that's why the WebAuthn part imports the CA via certmgr.msc instead of the browser settings.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 05, 2026