Authentication Failure

[Haro Haroon]

Hi Simon,

I’m currently using the attached ZAP automation plan, but I’m running into issues with authentication when executing it in Docker. The plan runs, but the authentication step keeps failing, which causes the scans (spider/Ajax spider/active scan) to not run as expected.

Could you please take a look and let me know if I’m missing something in the configuration or if there’s a step I should be doing differently for browser-based authentication inside Docker?

Thanks for your help!

Best regards,
Haroon

[Simon Bennetts]

Hi Haroon,

Have you tested this plan in the ZAP desktop?

If not then I'd recommend doing that, it will make debugging much easier.

The loggedInRegex of \Q\E is not right - that will effectively match everything.

Try using the ZAP Authentication Tester: https://www.zaproxy.org/blog/2023-05-23-authentication-tester/

As an aside, I dont recommend using such a low pollFrequency with pollUnits = requests.

I've seen ZAP send more than 17,000 requests in one second, so I usually use "seconds" for the pollUnits :D

Cheer,

Simon