Set cookies on cmd-scans
90 views
Skip to first unread message
Asker
Jul 17, 2023, 12:21:44 PM7/17/23
to OWASP ZAP User Group
Hello!
Can you please tell me how to start scanning by cmd command using cookies?
Can i run it in cmd? Or do I need to run ZAP first and define the context? What options do I need to enable?
Can i run it in cmd? Or do I need to run ZAP first and define the context? What options do I need to enable?
I want to automate scanning with ZAP in an authorized zone.
I have two-factor authentication on the target site. I log in and save cookies. This action I can do with a Python script.
After that, I want to get this Cookie in the cmd-command to start the ZAP scan.
How can i do this?
I have two-factor authentication on the target site. I log in and save cookies. This action I can do with a Python script.
After that, I want to get this Cookie in the cmd-command to start the ZAP scan.
How can i do this?
psiinon
Jul 17, 2023, 12:23:29 PM7/17/23
to zaprox...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/9eaf9f84-367d-4857-889f-d3bbbac2b68cn%40googlegroups.com.
--
OWASP ZAP Project leader
Asker
Jul 17, 2023, 2:52:19 PM7/17/23
to OWASP ZAP User Group
Thanks for the answer!
But I don't understand how to use this method with cmd command. Do I need to set up a context or configuration before running a cmd scan? Or can you immediately run cmd with the cookie setting? And do you have a tutorial with full cmd options (like cookies)?
But I don't understand how to use this method with cmd command. Do I need to set up a context or configuration before running a cmd scan? Or can you immediately run cmd with the cookie setting? And do you have a tutorial with full cmd options (like cookies)?
понедельник, 17 июля 2023 г. в 19:23:29 UTC+3, psi...@gmail.com:
thc...@gmail.com
Jul 17, 2023, 3:03:23 PM7/17/23
to zaprox...@googlegroups.com
The options for your use case are in:
https://www.zaproxy.org/docs/authentication/handling-auth-yourself/
Env vars might be the easiest otherwise a Replacer rule to add the
cookie header for your target.
Best regards.
>>> <https://groups.google.com/d/msgid/zaproxy-users/9eaf9f84-367d-4857-889f-d3bbbac2b68cn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.zaproxy.org/> Project leader
>>
>
https://www.zaproxy.org/docs/authentication/handling-auth-yourself/
Env vars might be the easiest otherwise a Replacer rule to add the
cookie header for your target.
Best regards.
>>> .
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.zaproxy.org/> Project leader
>>
>
Asker
Jul 18, 2023, 6:43:15 AM7/18/23
to OWASP ZAP User Group
Thank You!
Can you give me a link to a complete list of cmd scan options?
понедельник, 17 июля 2023 г. в 22:03:23 UTC+3, thc202:
thc...@gmail.com
Jul 18, 2023, 11:16:02 AM7/18/23
to zaprox...@googlegroups.com
The active scanner can't be configured just through the command line,
maybe Automation Framework would be more flexible for your case.
https://www.zaproxy.org/docs/desktop/addons/automation-framework/
Best regards.
maybe Automation Framework would be more flexible for your case.
https://www.zaproxy.org/docs/desktop/addons/automation-framework/
Best regards.
Reply all
Reply to author
Forward
0 new messages