Active scan does not redirect my page
56 views
Skip to first unread message
C PQ
Mar 7, 2025, 2:15:01 AM3/7/25
to ZAP User Group
Hi,
I trying to do an active scan on my web application and I notice some of the requests are not redirected to the Location.
Response:
Sent Message for active scan:
it do the POST request to URL and the response is return as shown above. In chrome, the web application did redirect to Whitelist_Profile.jsp
Simon Bennetts
Mar 11, 2025, 5:48:49 AM3/11/25
to ZAP User Group
Hiya,
Can you tell which scan rules are not redirecting?
The scan rules work in different ways, and some will deliberately not follow redirections.
There is, of course, always the chance that some of them are wrong, but we have a lot of scan rules, so we'd need to find which ones are not redirecting in order to investigate further.
Cheers,
Simon
C PQ
Mar 12, 2025, 5:08:30 AM3/12/25
to ZAP User Group
How do I see exactly the request is testing with which exact scan rules? I can only roughly see in scan progress details that it happen on External Redirects rule and SQL Injection (I only tick PostgreSQL) rule.
Simon Bennetts
Mar 17, 2025, 2:03:44 PM3/17/25
to ZAP User Group
Are you asking about how to tell which scan rules send which requests?
There is an option to inject the plugin ID in the header: https://www.zaproxy.org/docs/desktop/ui/dialogs/options/ascan/#inject-plugin-id-in-header-for-all-active-scan-requests
If thats not what you mean then can you explain in more detail?
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages