Scan Modern Web Apps with Manual Authentication

195 views
Skip to first unread message

Akhmad Syarifurrahman

unread,
Apr 1, 2024, 8:21:56 AM4/1/24
to ZAP User Group
Hi,

Currently I working  on the projects to scan modern web apps (frontend using angularjs, and backend using rest api), and in the login page this web apps has implement security feature like ReCaptcha and MFA, i can't using common authentication technique to handle this web. 

Is it possible like this?

1. Add authentication header manually because I have the code and key.
2. Add manually frontend information to browser local storage.

If it possible, how do i do it ?

Thanks.

thc...@gmail.com

unread,
Apr 1, 2024, 10:22:44 AM4/1/24
to zaprox...@googlegroups.com
Hi,

Have you gone through https://www.zaproxy.org/docs/authentication/ ?

1. Use one of
https://www.zaproxy.org/docs/authentication/handling-auth-yourself/
2. Use a Selenium script, but see
https://www.zaproxy.org/docs/authentication/session-handling/#client-side-session-management


Best regards.

Akhmad Syarifurrahman

unread,
Apr 2, 2024, 8:14:08 PM4/2/24
to ZAP User Group
Hi,

Thank you, I am slightly enlightened. And now  I got an error message from the Selenium script like this :

Screenshot_4.png

what's wrong if I got this error message?

Thanks.

Akhmad Syarifurrahman

unread,
Apr 3, 2024, 2:02:10 AM4/3/24
to ZAP User Group
Hi,

Oh sorry, this error message appears if I want to save a lot data to localStorage.

Screenshot_5.png
Is this related to Selenium driver capabilities, If true how to configure this capability?

Thanks.

Akhmad Syarifurrahman

unread,
Apr 3, 2024, 11:35:42 PM4/3/24
to ZAP User Group
Hi,

Current status I solved the selenium issue.

Thanks
Message has been deleted

Simon Bennetts

unread,
Apr 9, 2024, 4:25:38 AM4/9/24
to ZAP User Group
Cool.
Do you get enverything else working?

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages