How to provide username and password for a dynamic application in OWASP ZAP.pls help..
4,126 views
Skip to first unread message
rajesh sn
Feb 22, 2016, 12:21:20 AM2/22/16
to OWASP ZAP User Group
I am new to testing, I have installed the OWASP ZAP, but when i try to attack my application its only scanning the login page beyond that it requires username and password.. so pls help me to solve this issue..
Simon Bennetts
Feb 22, 2016, 5:17:00 AM2/22/16
to OWASP ZAP User Group
If you are performing manual testing then you can proxy your browser through ZAP and authenticate manually. ie by just logging into the app.
You can then re-use the session you've established using the Sessions tab: https://github.com/zaproxy/zap-core-help/wiki/HelpUiTabsHttpsessions
If you want to automated this then you'll need to configure ZAP to understand your applications authentication: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
Note that while that FAQ focusses on form based authentication ZAP is very flexible and should be able to cope with whatever your application needs.
Also see the February newsletter which covers Contexts and authentication: http://zaproxy.blogspot.co.uk/2016/02/zap-newsletter-2016-february.html
Cheers,
Simon
You can then re-use the session you've established using the Sessions tab: https://github.com/zaproxy/zap-core-help/wiki/HelpUiTabsHttpsessions
If you want to automated this then you'll need to configure ZAP to understand your applications authentication: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
Note that while that FAQ focusses on form based authentication ZAP is very flexible and should be able to cope with whatever your application needs.
Also see the February newsletter which covers Contexts and authentication: http://zaproxy.blogspot.co.uk/2016/02/zap-newsletter-2016-february.html
Cheers,
Simon
rajesh sn
Feb 22, 2016, 11:47:00 PM2/22/16
to zaprox...@googlegroups.com
HI simon,
Thanks for your kind reply..But the content in the provided link says "While proxying the zap i have to login my app".So in quickstart i have given the URL in quickstart tab..and scaned it..so sites tab got some content..Then i followed from step 3..
But now its giving 504-gateway timeout error..also it gets hanged.
pls check the attachments
Sorry if i am wrong. I am
Pls help--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/fpN_eccPWGQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
kingthorin+owaspzap
Feb 23, 2016, 2:34:14 AM2/23/16
to OWASP ZAP User Group
ZAP is the proxy it is referring to. (ZAP == Zed Attack Proxy)
Quick Scan is just that, a quick scan that doesn't leverage any config info other than a starting point.
Quick Scan is just that, a quick scan that doesn't leverage any config info other than a starting point.
LSTV Jhen Butawan
Feb 11, 2022, 9:59:05 AM2/11/22
to OWASP ZAP User Group
Hello , good day! how to authenticate login page with 3 credentials needed.. i have proxied zap to selenium and used the form-based auth first , still i have no luck to use ajax spider, Pls advise with thanks...
Reply all
Reply to author
Forward
0 new messages