Include Bearer token in ZAP Scanning
197 views
Skip to first unread message
Baljit Singh
Feb 20, 2025, 12:15:49 PMFeb 20
to ZAP User Group
Hello,
I'm working on a python script that helps extract the JWT Token after login.Once that part is done, every scan request made by ZAP should use the Authentication header with the Bearer token.
However, I'm not able to figure out how to set the token for the current session. I've looked into contexts and authentication but I wasn't able to find the right way to do it.
Any help on this will be appreciated.
Thank you!
Simon Bennetts
Feb 20, 2025, 12:49:40 PMFeb 20
to ZAP User Group
Hiya,
Does you app have a login screen?
If so have you tried the ZAP Authentication Tester?
Cheers,
Simon
Baljit Singh
Feb 20, 2025, 1:43:50 PMFeb 20
to ZAP User Group
We don't use a login/password authentication.
The script that I have uses a custom token that is used to generate a Bearer token. This Bearer token is what should be injected into every request made by ZAP
Simon Bennetts
Feb 21, 2025, 12:22:40 PMFeb 21
to ZAP User Group
As long as your python script runs in ZAP you can just get it to set a Global Variable: https://www.zaproxy.org/docs/desktop/addons/script-console/#global-variables
You can check this variable in an httpsender script and then set that for every request.
Does that help?
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages