A proxy is an application that acts as an intermediary between a client and a server or a group of servers providing different services. The client requests a service from the proxy and this has the ability to forward the request to the appropriate server and get the response back from the client.

When we configure our browser to use ZAP as a proxy, it doesn't send the requests directly to the server that hosts the pages we want to see but rather to the address we defined. In this case the one where ZAP is listening. Then, ZAP forwards the request to the server but not without registering and analyzing the information we sent.

ZAP's Forced Browse works the same way that DirBuster does; it takes the dictionary we configured and sends requests to the server, as if it were trying to browse to the files in the list. If the files exist, the server will respond accordingly; if they don't exist or aren't accessible by our current user, the server will return an error.