regex to exclude login/logout urls from context
116 views
Skip to first unread message
SimsHere
Mar 15, 2023, 7:17:34 AM3/15/23
to OWASP ZAP User Group
Hi team,
I want to exclude login/logout urls from context for all applications scanned by zap and in trying to do do, I want to add the regex in the option "URLS which will be excluded from context".
For example, I want to exclude any url which contains the following keywords: signin, signout, login, logout.
Can I define regular expressions like below in " "URLS which will be excluded from context" :
\Qlogin\E
\Qlogout\E
\QSignin\E
\Qsignout\E
Thanks,
Kamalpreet
Simon Bennetts
Mar 15, 2023, 7:27:38 AM3/15/23
to OWASP ZAP User Group
Hi Kamalpreet,
Try it in the ZAP desktop and see :)
All of the Site tree noted that are inscope have a target icon on them.
You can test your regexs like this even if you plan to automated ZAP.
Cheers,
Simon
SimsHere
Mar 16, 2023, 4:49:31 AM3/16/23
to OWASP ZAP User Group
Thanks Simon. Will try it.
Can I use the java based regular expressions to define these exclude conditions:
Thanks,
Kamalpreet
Simon Bennetts
Mar 16, 2023, 5:03:35 AM3/16/23
to OWASP ZAP User Group
Yes.
But you can also just right click the relevant URLs in the Sites tree or History and select the option to exclude them from the context.
Reply all
Reply to author
Forward
0 new messages