Unable to scan POST api through ZAP

24 views
Skip to first unread message

Dhirendra Pratap Singh

unread,
Jul 26, 2022, 10:52:53 PMJul 26
to OWASP ZAP Developer Group
Hello,
I am unable to perform ZAP scan for my POST api url. Can anyone help me regarding this.?
I need it to generate ZAP scan report and submit it to salesforce for security review.
I am doing following steps-
1. Install ZAP
2.Installing Certificate
   (refer cert.png)
Import generated certificate on certmgr.msc.
3. Configuring Proxy
(refer Local_Proxy_in_ZAP.jpg and Prox_in_LANSettings.jpg)

After that I am able to see target urls in ZAP sites
(refer sites.jpg) but unable to hit post api call through postman after doing configuring proxy step(refer postapierrorinpostman.jpg).
postapierrorinpostman.jpg
Prox_in_LANSettings.jpg
cert.png
sites.jpg
Local_Proxy_in_ZAP.jpg

kingthorin+owaspzap

unread,
Jul 27, 2022, 4:47:29 PMJul 27
to OWASP ZAP Developer Group
Do you have any Scripts enabled or Replacer rules?

Dhirendra Pratap Singh

unread,
Jul 27, 2022, 11:36:41 PMJul 27
to OWASP ZAP Developer Group

Hello, I am new to ZAP, I haven't enabled scripts or using any Replacer Rules. I need ZAP scanner report for my REST api to submit salesforce security Review. Can you help me where I am going wrong or which steps should I take to generate report for my POST api.  Any thoughts you have will be greatly appreciated.

psiinon

unread,
Jul 28, 2022, 3:21:11 AMJul 28
to OWASP ZAP Developer Group
ZAP does not change POSTs into GETs by default, so right now we do not know whats going wrong or how to fix it.

What happens if you send the same post request to your app using curl, proxied through ZAP?

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages