Jwt token on headers

[Aron Contini]

Hi everyone I'm new to zap and i'm testing it on an application which requires a jwt token as authentication

I already have the jwt token and i would like to feed it onto the headers to allow authentication.

For example i know a simple curl request does the trick adding headers like this

curl -H 'Accept: application/json' -H "Authorization: Bearer ${TOKEN}" localhost:8088/path/to/something/

I tried using a script to add new headers like in the curl message using the following jython script as a HTTPsender:

headers = dict({"Accept": "application/json",
"Authorization": "Bearer HARD_CODED_TOKEN"});

def sendingRequest(msg, initiator, helper):
for x in list(headers):
msg.getRequestHeader().setHeader(x, headers[x]);


def responseReceived(msg, initiator, helper):
pass;

Which is practically the same i found on the examples, still after i try to do the quick scan i am getting 401 response.

the curl instead retrieves a json response and is correctly authenticated.

Is there something I am missing? What am I doin wrong?

NB the HARD_CODED_TOKEN is a placeholder here in reality i just pasted the token

[Simon Bennetts]

It looks like you are doing the right things.

Have you enabled the script?

And checked that no errors are being logged in the Script Console?

Have a look at one of the requests - can you see the headers being added correctly?

Cheers,

Simon

[Aron Contini]

Thanks!

I completely missed the fact i had to activate it xD

[Aron Contini]

Since pasting into the answer made some indentation errors here is the correct code for the future readers

headers = dict({"Accept": "application/json",

    "Authorization": "Bearer HARD_CODED_TOKEN"});

def sendingRequest(msg, initiator, helper):
    for x in list(headers):
        msg.getRequestHeader().setHeader(x, headers[x]);

def responseReceived(msg, initiator, helper):

    pass;

[Simon Bennetts]

Thanks for the update!