Is there an API to set "Enable Session Tracking (Cookie)" programatically
95 views
Skip to first unread message
martin...@jpower8.cz
Dec 20, 2016, 3:53:56 AM12/20/16
to OWASP ZAP User Group
Hi, for our project, we need to use Session Tracking, and we need to use ZAP proxy in daemon mode (no GUI, just client API). Is there a way to have set Session tracking on, or to have it switched on by default?
Thanks.
Martin
thc...@gmail.com
Dec 20, 2016, 4:32:52 AM12/20/16
to zaprox...@googlegroups.com
Hi.
That option is not exposed through the ZAP API, but the same (and more)
can be achieved by using HTTP Sessions. [1] It's possible to create a
HTTP Session with the required cookie names, once enabled ZAP will
manage those cookies when accessing the target site.
[1] https://github.com/zaproxy/zaproxy/wiki/ApiGen_httpSessions
Best regards.
That option is not exposed through the ZAP API, but the same (and more)
can be achieved by using HTTP Sessions. [1] It's possible to create a
HTTP Session with the required cookie names, once enabled ZAP will
manage those cookies when accessing the target site.
[1] https://github.com/zaproxy/zaproxy/wiki/ApiGen_httpSessions
Best regards.
Timo Etzold
Jun 9, 2017, 9:53:21 AM6/9/17
to OWASP ZAP User Group
Will this never be exposed through the API?
Because without this option the spider never finishes in my case.
I manually followed your steps from this post (https://groups.google.com/forum/#!topic/zaproxy-develop/q56_g2g1t38) but it does not work somehow...
Thanks in advance!
Because without this option the spider never finishes in my case.
I manually followed your steps from this post (https://groups.google.com/forum/#!topic/zaproxy-develop/q56_g2g1t38) but it does not work somehow...
Thanks in advance!
thc...@gmail.com
Jun 9, 2017, 11:08:04 AM6/9/17
to zaprox...@googlegroups.com
Hi.
The linked topic is 4 years old, the recommend way now would be to setup
the context authentication:
https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
The option is exposed through the ZAP API, it can be enabled with:
http://zap/JSON/core/action/setOptionHttpStateEnabled/?Boolean=true
> Because without this option the spider never finishes in my case.
Could you provide more details about this? Does the spider continue
finding new pages?
Best regards.
The linked topic is 4 years old, the recommend way now would be to setup
the context authentication:
https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
The option is exposed through the ZAP API, it can be enabled with:
http://zap/JSON/core/action/setOptionHttpStateEnabled/?Boolean=true
> Because without this option the spider never finishes in my case.
finding new pages?
Best regards.
Timo Etzold
Jun 12, 2017, 2:48:23 AM6/12/17
to OWASP ZAP User Group
The option is exposed through the ZAP API, it can be enabled with:
http://zap/JSON/core/action/setOptionHttpStateEnabled/?Boolean=true
Great, thanks. I tried this on friday but somehow it didn't work. Maybe I tried too many settings at the same time :D
> Because without this option the spider never finishes in my case.
Could you provide more details about this? Does the spider continue
finding new pages?
Yes, in my case the spider never stops finding new pages. So the percentage goes always back and forth.
Anyways, the HttpStateEnabled solved my problem.
Thanks again!
Reply all
Reply to author
Forward
0 new messages