Hi , I'm using zap proxy but i am not able to brute force like in burpsuite as there is no modes for brute forcing here in zap proxy . I mean , there is no options for pitchfork, clusterbomb and such attacks. I don't find any options for them . Although, it works perfectly fine and it is very fast but the thing is i can't have my job done. I am currently solving the portswigger lab no. 4 where the ip address is blocked if 4 invalid username or password is sent over it also for solving the lab one must use pitchfork mode of bruteforcing . But in zap proxy , when i brute-force the X-Forwarded-Option header with the value of 1-100 and then, the username value with the provided payload by portswigger acedemy lab . And start the fuzzer , then it inputs the first payload combined with all the others payloads of the second payload wordlist and then, it start the second payload form the first payload wordlists . I can't acheive the behaviour of if as the first payload from the first payload worlists combined with first payload of the second payload wordlist , second payload of the first payload wordlist and the second payload of the second payload wordlist combined , likewise the third payload of the first payload wordlist combined with the third payload of the second payload wordlist and so on. Also , there seems limitation on the zap proxy , if i want to same payload on the multiple parameter or multiple field , this behaviour cannot be acheived by zap as per me .
If you are able to make it possible with zap ? Please help me ! I need your techniques to solve the lab here.