Active scan does not redirect my page

[C PQ]

Hi,

I trying to do an active scan on my web application and I notice some of the requests are not redirected to the Location.

Response:

Sent Message for active scan:

it do the POST request to URL and the response is return as shown above. In chrome, the web application did redirect to Whitelist_Profile.jsp

[Simon Bennetts]

Hiya,

Can you tell which scan rules are not redirecting?

The scan rules work in different ways, and some will deliberately not follow redirections.

There is, of course, always the chance that some of them are wrong, but we have a lot of scan rules, so we'd need to find which ones are not redirecting in order to investigate further.

Cheers,

Simon

[C PQ]

How do I see exactly the request is testing with which exact scan rules? I can only roughly see in scan progress details that it happen on External Redirects rule and SQL Injection (I only tick PostgreSQL) rule.

[Simon Bennetts]

Are you asking about how to tell which scan rules send which requests?

There is an option to inject the plugin ID in the header: https://www.zaproxy.org/docs/desktop/ui/dialogs/options/ascan/#inject-plugin-id-in-header-for-all-active-scan-requests

If thats not what you mean then can you explain in more detail?

Cheers,

Simon