Authenticated Scans with Manual Authentication using ZAP Desktop
Enc
I'm relatively new to using ZAP and I'm facing some challenges with setting up authenticated scans for a website I'm testing. My main issue revolves around automating the authentication part of the scan, which seems to be quite complex due to the oauth authentication mechanism used by the website.
I was wondering if it's possible to perform the authentication step manually and then let ZAP handle the crawling and scanning of the website post-authentication. Here’s what I’ve understood and attempted so far:
- I manually log into the website through a browser that's configured to use ZAP as its proxy, which I believe allows ZAP to capture the necessary authentication cookies and session information.
- I’m unsure how to properly configure ZAP to utilize the captured session information for maintaining an authenticated state during the scanning process.
Could anyone provide guidance or point me towards resources on how to set up ZAP for authenticated scans with manual authentication steps (videos is possible)? Also, any tips for a beginner on configuring session management in ZAP would be greatly appreciated.
psiinon
--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/4f9a1f2f-8b8b-430e-8be0-7e7fb6753e3dn%40googlegroups.com.