ZAP CLI Authentication
10 views
Skip to first unread message
Soumya Naidu
Nov 7, 2025, 1:33:48 AM (4 days ago) Nov 7
to ZAP Developer Group
Hello everyone,
I want to start zap in daemon mode in zap cli but the authentication is not working , in zap cli it is not going into the url and logging in properly , how to do that?
Md Zia
Nov 7, 2025, 3:29:08 AM (4 days ago) Nov 7
to zaproxy...@googlegroups.com
Hi Soumya,
Regarding your issue with ZAP CLI authentication in daemon mode, it seems the problem was likely due to incorrectly configured form-based authentication and a login request lacking proper placeholders for credentials (and potentially CSRF tokens).
Here's a step-by-step solution to configure ZAP CLI for authentication in daemon mode:
1. **Start ZAP in daemon mode:**
`zap-cli start --daemon`
2. **Include the target URL in the context:**
`zap-cli context include-url DefaultContext [http://example.com](http://example.com)`
3. **Set credentials with placeholders:**
`zap-cli set-credentials --context-name DefaultContext --username <username> --password <password> --login-url [http://example.com/login](http://example.com/login) --login-request-body "username={%username%}&password={%password%}"`
4. **Open login page:**
`zap-cli open-url [http://example.com/login](http://example.com/login)`
5. **Run spider and active scan:**
`zap-cli spider [http://example.com](http://example.com)`
`zap-cli active-scan [http://example.com](http://example.com)`
Remember to include any extra form fields or CSRF tokens if your application's authentication requires them for a successful login. This approach ensures that ZAP correctly handles the authentication process within your automated scans.
Best regards,
Md Zia
Regarding your issue with ZAP CLI authentication in daemon mode, it seems the problem was likely due to incorrectly configured form-based authentication and a login request lacking proper placeholders for credentials (and potentially CSRF tokens).
Here's a step-by-step solution to configure ZAP CLI for authentication in daemon mode:
1. **Start ZAP in daemon mode:**
`zap-cli start --daemon`
2. **Include the target URL in the context:**
`zap-cli context include-url DefaultContext [http://example.com](http://example.com)`
3. **Set credentials with placeholders:**
`zap-cli set-credentials --context-name DefaultContext --username <username> --password <password> --login-url [http://example.com/login](http://example.com/login) --login-request-body "username={%username%}&password={%password%}"`
4. **Open login page:**
`zap-cli open-url [http://example.com/login](http://example.com/login)`
5. **Run spider and active scan:**
`zap-cli spider [http://example.com](http://example.com)`
`zap-cli active-scan [http://example.com](http://example.com)`
Remember to include any extra form fields or CSRF tokens if your application's authentication requires them for a successful login. This approach ensures that ZAP correctly handles the authentication process within your automated scans.
Best regards,
Md Zia
On Fri, 7 Nov, 2025, 12:03 Soumya Naidu, <soumyan...@gmail.com> wrote:
Hello everyone,I want to start zap in daemon mode in zap cli but the authentication is not working , in zap cli it is not going into the url and logging in properly , how to do that?
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/zaproxy-develop/63e2b9eb-8895-41e0-a7bf-77e53949833cn%40googlegroups.com.
psiinon
Nov 7, 2025, 4:06:16 AM (4 days ago) Nov 7
to ZAP Developer Group
This group is for developing ZAP, ie anything related to the code.
For questions about using ZAP please use the ZAP User Group: https://groups.google.com/group/zaproxy-users
Oh, and you may want to check these docs: https://www.zaproxy.org/docs/authentication/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages