Enable Session Tracking (Cookie) feature
228 views
Skip to first unread message
Antoine
May 26, 2016, 5:57:56 AM5/26/16
to OWASP ZAP User Group
Hello,
I use ZAP 2.4.3.
I read different posts in this group, viewed the tutorial video of Cosmin Stefan about authentication in ZAP https://www.youtube.com/watch?v=cR4gw-cPZOA, and performed different tests using ZAP authentication and session management methods.
I saw that we can define session properties for a context (session management, authentication and users), which can be used to automatically scan a specific site as a user (through Spider, Active scan...).
We can also set an existing session as active in the "Http sessions" tab, in order to manually scan the site with a specific session.
Then, my questions are: What is "Enable Session Tracking" in the Edit menu used for ? Does it provide another feature than the ones above or is it still present for historical reason ? Because it seems that ZAP automatically identify session cookies and automatically flag these params as "session" in the "Params" tab when visiting the site, so it seems that session tracking is already automatically performed within ZAP.
Best regards,
--
Antoine
I use ZAP 2.4.3.
I read different posts in this group, viewed the tutorial video of Cosmin Stefan about authentication in ZAP https://www.youtube.com/watch?v=cR4gw-cPZOA, and performed different tests using ZAP authentication and session management methods.
I saw that we can define session properties for a context (session management, authentication and users), which can be used to automatically scan a specific site as a user (through Spider, Active scan...).
We can also set an existing session as active in the "Http sessions" tab, in order to manually scan the site with a specific session.
Then, my questions are: What is "Enable Session Tracking" in the Edit menu used for ? Does it provide another feature than the ones above or is it still present for historical reason ? Because it seems that ZAP automatically identify session cookies and automatically flag these params as "session" in the "Params" tab when visiting the site, so it seems that session tracking is already automatically performed within ZAP.
Best regards,
--
Antoine
Antoine
Jun 16, 2016, 8:41:34 AM6/16/16
to OWASP ZAP User Group
Up :)
Reply all
Reply to author
Forward
0 new messages