I am doing a CTF image now, and I need to upload a .zip file to execute using the php wrapper zip:// using this PHP ZIP Wrapper LFI vulnerability
The problem is that the only way to upload is with a POST form, so I would like to intercept the POST, submit and change the text I added for the binary data of the zip file.
I have tried to cat the *.zip file and paste it before continuing the POST but it did not work.
Some people suggested using Burp but I would like to know how to do this with Zap proxy.
Ok well is not exactly what I wanted but in zap if you go to the url with the form.. then intercept and instead of injecting I was able to select the post, then use one of the build in scripts in ZAP to convert to curl and from curl I was able to just add the filename and inject..
External links referenced by this document: