ERROR LOGIN CSRF _token Laravel
98 views
Skip to first unread message
José Borges
Jul 6, 2021, 11:29:17 PM7/6/21
to OWASP ZAP User Group
I'm trying to authenticate myself in an application in laravel with csrf _token configured, however I only give authentication error, I'm using Oracle Nashorn script
Can someone help me ?
Simon Bennetts
Jul 7, 2021, 3:23:29 AM7/7/21
to OWASP ZAP User Group
No, we dont have access to your application.
But we can help you to help yourself :)
You need to understand how your apps authentication works - if you cant do that then you cant configure ZAP to understand it.
So authenticate to you app manually while proxying through ZAP, then try to configure ZAP to authenticate and then go through all of the relevant requests and responses and see whats different.
There are a load of authentication videos on https://www.zaproxy.org/videos-list/ which should help you understand ZAPs authentication support better.
Cheers,
Simon
thc...@gmail.com
Jul 7, 2021, 4:43:26 AM7/7/21
to zaprox...@googlegroups.com
Hi.
The form-based auth handles anti-csrf tokens (if they are defined in the
options).
Unless you have other requirements it's probably easier to use that
instead of script auth.
Best regards.
The form-based auth handles anti-csrf tokens (if they are defined in the
options).
Unless you have other requirements it's probably easier to use that
instead of script auth.
Best regards.
Message has been deleted
José Borges
Jul 7, 2021, 12:12:14 PM7/7/21
to OWASP ZAP User Group
Authentication of the same is similar to this, I believe that if I can access this same system I can solve my problem.
Login: superadmin
Senha: primo868
As I mentioned, I'm using the script.
Reply all
Reply to author
Forward
0 new messages