Authentication Tester - username field failed
51 views
Skip to first unread message
Siddharth Bole
Jun 7, 2024, 10:10:00 AMJun 7
to ZAP User Group
Hi,
Authentication Tester is not working as expected. Error username filed & other fields failed.
Please help,
Dianostic information is
>>>>>
GET https://example0/
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
POST https://example1/ListAccounts
content-type: application/x-www-form-urlencoded
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=utf-8
["token0",[]]
>>>>>
GET https://example2/iJWKBXyIfDnIV7nBrXw.woff2
<<<
HTTP/1.1 200 OK
content-type: font/woff2
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISUQm05qxeQf5lthIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_yG48gYc95InUA==
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISIAlunE71hp83uBIFDTQ30ysSBQ3c5MosIdCkzK_phCFy
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISIAlunE71hp83uBIFDTQ30ysSBQ3c5MosIdCkzK_phCFy
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
OPTIONS https://example4/installations
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISXwmtqnFui8noiRIFDTQ30ysSBQ3c5MosEgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_IUWYR2v_ORNBEiAJbpxO9YafN7gSBQ00N9MrEgUN3OTKLCFFmEdr_zkTQRJRCbTmrF5B_mW2EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_IUWYR2v_ORNB
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
POST https://example4/installations
content-type: application/json
{"fid":"token52","authVersion":"token2","appId":"token3","sdkVersion":"token4"}
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
{"name":"token53","fid":"token52","refreshToken":"token54","authToken":{"token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6MjYyMzc4NzUwNjM6d2ViOmEyYjFjOGY3NzY4YjNkMWRjMTY3NzIiLCJleHAiOjE3MTgzNzM1ODEsImZpZCI6ImZrX04xOWdWeWxMWXRHcmhtbmh5enAiLCJwcm9qZWN0TnVtYmVyIjoyNjIzNzg3NTA2M30.AB2LPV8wRQIgVzGJUzI8bt_WatOR1qScz0T2KVzz1wnsxxihXNpa0JwCIQCW7RstrIJU7-uZuTd4Op6gdQvViPq-fhEmyIURjncrOQ","expiresIn":"604800s"}}
>>>>>
OPTIONS https://example5/firebase:fetch
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
POST https://example5/firebase:fetch
content-type: application/json
{"sdk_version":"token7","app_instance_id":"token52","app_instance_id_token":"token55","app_id":"token3","language_code":"token9"}
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
{"entries":{"crystalEmail":"cry...@tataclassedge.com","crystalPhone":"18002093848","eeEmail":"earl...@tataclassedge.com","eePhone":"18002093848","env":"predev","idealTimeoutSettings":{"timeOut":240,"alert":60},"marksheetModule":"true","teacherConnectMapping":{"sandya.phole":"usr-b8cc0717-e355-4eb2-bae0-4581ca71506c-nala-mah-mum","trisna.dhaduk":"usr-b5cbdc88-d9ba-4b12-938b-c31f42daaac0-nala-mah-mum","ramesh.babu":"usr-51bb4707-d68d-4c5c-bbcd-becdefd1bdc5-nala-mah-mum"}},"state":"token10","templateVersion":"token11"}
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISGQnhEZqN437cBxIFDRUXmhEhas3cl8k6E_s=
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
POST https://example6/v1:GetModels
content-type: application/x-protobuf
<<<
HTTP/1.1 200 OK
content-type: application/x-protobuf
>>>>>
GET https://example2/LDItaoyNOAY6Uewc665JcIzCKsKc_M9flwmPq_HTTw.woff2
<<<
HTTP/1.1 200 OK
content-type: font/woff2
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISGQm4KNV03k57XRIFDQiJrbYhNDgDd3xyesM=
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISZgm_dzBwh6GGxBIFDTQ30ysSBQ3c5MosEgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNU1pHxSGV8anKzjjoahIgCW6cTvWGnze4EgUNNDfTKxIFDdzkyiwhlfGpys446GoSUQm05qxeQf5lthIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_yGV8anKzjjoahIZCeiVY410XYmtEgUNU1pHxSGV8anKzjjoag==
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example7/anchor
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
GET https://example0/
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
POST https://example1/ListAccounts
content-type: application/x-www-form-urlencoded
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=utf-8
["token0",[]]
>>>>>
GET https://example2/iJWKBXyIfDnIV7nBrXw.woff2
<<<
HTTP/1.1 200 OK
content-type: font/woff2
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISUQm05qxeQf5lthIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_yG48gYc95InUA==
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISIAlunE71hp83uBIFDTQ30ysSBQ3c5MosIdCkzK_phCFy
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISIAlunE71hp83uBIFDTQ30ysSBQ3c5MosIdCkzK_phCFy
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
OPTIONS https://example4/installations
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISXwmtqnFui8noiRIFDTQ30ysSBQ3c5MosEgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_IUWYR2v_ORNBEiAJbpxO9YafN7gSBQ00N9MrEgUN3OTKLCFFmEdr_zkTQRJRCbTmrF5B_mW2EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_IUWYR2v_ORNB
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
POST https://example4/installations
content-type: application/json
{"fid":"token52","authVersion":"token2","appId":"token3","sdkVersion":"token4"}
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
{"name":"token53","fid":"token52","refreshToken":"token54","authToken":{"token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6MjYyMzc4NzUwNjM6d2ViOmEyYjFjOGY3NzY4YjNkMWRjMTY3NzIiLCJleHAiOjE3MTgzNzM1ODEsImZpZCI6ImZrX04xOWdWeWxMWXRHcmhtbmh5enAiLCJwcm9qZWN0TnVtYmVyIjoyNjIzNzg3NTA2M30.AB2LPV8wRQIgVzGJUzI8bt_WatOR1qScz0T2KVzz1wnsxxihXNpa0JwCIQCW7RstrIJU7-uZuTd4Op6gdQvViPq-fhEmyIURjncrOQ","expiresIn":"604800s"}}
>>>>>
OPTIONS https://example5/firebase:fetch
<<<
HTTP/1.1 200 OK
content-type: text/html
>>>>>
POST https://example5/firebase:fetch
content-type: application/json
{"sdk_version":"token7","app_instance_id":"token52","app_instance_id_token":"token55","app_id":"token3","language_code":"token9"}
<<<
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
{"entries":{"crystalEmail":"cry...@tataclassedge.com","crystalPhone":"18002093848","eeEmail":"earl...@tataclassedge.com","eePhone":"18002093848","env":"predev","idealTimeoutSettings":{"timeOut":240,"alert":60},"marksheetModule":"true","teacherConnectMapping":{"sandya.phole":"usr-b8cc0717-e355-4eb2-bae0-4581ca71506c-nala-mah-mum","trisna.dhaduk":"usr-b5cbdc88-d9ba-4b12-938b-c31f42daaac0-nala-mah-mum","ramesh.babu":"usr-51bb4707-d68d-4c5c-bbcd-becdefd1bdc5-nala-mah-mum"}},"state":"token10","templateVersion":"token11"}
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISGQnhEZqN437cBxIFDRUXmhEhas3cl8k6E_s=
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
POST https://example6/v1:GetModels
content-type: application/x-protobuf
<<<
HTTP/1.1 200 OK
content-type: application/x-protobuf
>>>>>
GET https://example2/LDItaoyNOAY6Uewc665JcIzCKsKc_M9flwmPq_HTTw.woff2
<<<
HTTP/1.1 200 OK
content-type: font/woff2
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISGQm4KNV03k57XRIFDQiJrbYhNDgDd3xyesM=
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
>>>>>
GET https://example3/ChVDaHJvbWUvMTI1LjAuNjQyMi4xNDISZgm_dzBwh6GGxBIFDTQ30ysSBQ3c5MosEgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNU1pHxSGV8anKzjjoahIgCW6cTvWGnze4EgUNNDfTKxIFDdzkyiwhlfGpys446GoSUQm05qxeQf5lthIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_xIFDQbtu_8SBQ0G7bv_EgUNBu27_yGV8anKzjjoahIZCeiVY410XYmtEgUNU1pHxSGV8anKzjjoag==
<<<
HTTP/1.1 200 OK
content-type: text/plain
>>>>>
GET https://example7/anchor
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
>>>>>
GET https://example6/downloads
<<<
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
Siddharth Bole
Jun 24, 2024, 9:03:19 AM (9 days ago) Jun 24
to zaprox...@googlegroups.com
Hi,
Pls help.
Regards,
Siddharth
--
For commercial support options see https://www.zaproxy.org/support/
ZAP is supported by the Crash Override Open Source Fellowship https://crashoverride.com/open-source?zap=user
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/FoxeWZceHkg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/a28995ea-7acb-4262-a1c4-dbe475c16cf6n%40googlegroups.com.
Simon Bennetts
Jun 28, 2024, 4:34:18 AM (5 days ago) Jun 28
to ZAP User Group
Hi Siddharth,
You need to be patient.
I work my way through the user group queries focussing on the oldest unread ones in my email folder.
If you had not asked for an update then I would have got yo your message earlier :)
Thats how I'm handling questions here - other members of the core team may handle them differently.
Can you send a screenshot of the Authentication Tester dialog once you have run the test with valid credentials?
Do you see the browser logging in successfully?
I tried it with the URL you gave, and I could see that the browser successfully submitted a valid looking phone number, but obviously I do not have valid credentials so I could not get any further.
Cheers,
Simon
Siddharth Bole
6:21 AM (17 hours ago) 6:21 AM
to zaprox...@googlegroups.com
Thanks, Simon,
I reset my expectations as per your working style :).
Please find the information below which could help you to help me.
Can you send a screenshot of the Authentication Tester dialog once you have run the test with valid credentials? - Attached
Do you see the browser logging in successfully? - When I tried manually - Yes. But not via ZAP. Also attaching the screenshot for your reference.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/ef564be9-df49-4058-80fe-07457252a3c4n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages