Script based authentication POST method not accepting JSON request body
118 views
Skip to first unread message
Venkataramanan Sekar
Jul 25, 2023, 3:24:12 PM7/25/23
to OWASP ZAP User Group
Hi,
Using the Script based authentication I'm trying to automate the OKTA login. I created a script using the script engine ECMAScript: Oracle Nashorn. Refer to the callPost function in this article (https://augment1security.com/authentication/oauth2-authorization-code-flow-authentication-using-owasp-zap-part-1/) and I'm sending a JSON request body {password:"xxxx", username:"xxxx"} but it was not working getting the below response. I tried the same in Postman and curl command it was working as expected.
{"errorCode":"E0000003","errorSummary":"The request body was not well-formed.","errorLink":"E0000003","errorId":"oaeas7-pvADTkmhgwQYcNdnoQ","errorCauses":[]}
thc...@gmail.com
Jul 25, 2023, 3:32:28 PM7/25/23
to zaprox...@googlegroups.com
Hi,
I'd suggest proxy curl or postman through ZAP and verify that the
request sent by your auth script is the same as those.
Best regards.
I'd suggest proxy curl or postman through ZAP and verify that the
request sent by your auth script is the same as those.
Best regards.
Venkataramanan Sekar
Jul 25, 2023, 4:01:26 PM7/25/23
to OWASP ZAP User Group
Hi,
As per your suggestion, I compared the script request and the postman request in Zap. I missed setting the content length in the request header. After the content length, it is working. thanks for your help.
Beset regards,
Venkat
Reply all
Reply to author
Forward
0 new messages