ZAP Authentication script with redirect 302

309 views
Skip to first unread message

Phùng Quang Trường

unread,
Aug 30, 2023, 6:38:05 AM8/30/23
to ZAP User Group
I'm writing authentication script. The app flow is:
- login form post method:
- response with set-cookie, and redirect to next 2 GET request with cookie
- from the last get request's response, get session key from response body

How can I follow redirect request to get the session key value ? 

psiinon

unread,
Aug 30, 2023, 6:41:00 AM8/30/23
to zaprox...@googlegroups.com
Have you tried the Authentication Tester?
If it works then it will make your life much easier!

Cheers,

Simon

--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/1ee43dbd-7fe9-4bd9-887c-cdaa8f5f29d6n%40googlegroups.com.


--
ZAP Project leader

Phùng Quang Trường

unread,
Aug 30, 2023, 6:50:45 AM8/30/23
to ZAP User Group
It is an API with no GUI so I have to write it to authen manually

psiinon

unread,
Aug 30, 2023, 6:53:14 AM8/30/23
to zaprox...@googlegroups.com
Fair enough :)
How are you making the request?

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8e1ebe09-b10c-488d-a09f-9c4dc6744c75n%40googlegroups.com.


--
ZAP Project leader

Phùng Quang Trường

unread,
Aug 30, 2023, 7:23:53 AM8/30/23
to ZAP User Group
What I'm doing now is after send POST request, I got the response code 302 and Location header. I continue use this Location as URL for the next request after that I got code 200 is when I know the redirect stops.  Is that redirect suppose to work like that in ZAP script?

Simon Bennetts

unread,
Aug 30, 2023, 7:47:28 AM8/30/23
to ZAP User Group
Can you share the code you are using to make the POST request.
You can replace any sensitive information like URLs.

Phùng Quang Trường

unread,
Aug 30, 2023, 8:10:28 AM8/30/23
to ZAP User Group
Screenshot 2023-08-30 190814.png
This is my code to authentication. And this is authentication flow that I use Postman to send login request
Screenshot 2023-08-30 190947.png


Simon Bennetts

unread,
Aug 30, 2023, 8:24:28 AM8/30/23
to ZAP User Group
Use "helper.sendAndReceive(msg, true);"

The second parameter is "followRedirect":
https://javadoc.io/static/org.zaproxy/zap/2.13.0/org/zaproxy/zap/authentication/AuthenticationHelper.html#sendAndReceive(org.parosproxy.paros.network.HttpMessage,boolean)

Cheers,

Simon

Phùng Quang Trường

unread,
Aug 30, 2023, 11:30:53 PM8/30/23
to ZAP User Group
Yaha, I got. It works like a charm. Thankyou sir.

Simon Bennetts

unread,
Aug 31, 2023, 3:24:25 AM8/31/23
to ZAP User Group
Thanks for letting us know!
Reply all
Reply to author
Forward
0 new messages