ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
Please be aware that you should only attack applications that you have been specifically been given permission to test.
To use ZAP effectively it is recommended that you configure your browser to proxy via ZAP.
The easiest way to do this is to launch your browser from ZAP via the "Quick Start / Manual Explore" panel - it will be configured to proxy via ZAP and ignore any certificate warnings.
Alternatively you can configure your browser manually or use the generated PAC file.
To avoid HTTPS Warnings download and install CA root Certificate in your Mobile device or computer.