Automated Scan with context?

97 views
Skip to first unread message

zinw elzl

unread,
Sep 9, 2023, 4:46:35 AM9/9/23
to ZAP User Group
Tools - Auth Tester test user/pass and then create new Context.
How to select that context (with tested user/pass, etc) in Automated Scan?
Only URL for selection?

Simon Bennetts

unread,
Sep 9, 2023, 5:33:18 AM9/9/23
to ZAP User Group
How are you running the automated scan?
If you are using the Automation Framework then you can select the context that was created when you create the plan in the desktop.
Of if you are creating a plan "by hand" then you can use this as the basis: https://www.zaproxy.org/blog/2023-05-02-authentication-auto-detection/#an-example-automation-plan

Cheers,

Simon

zinw elzl

unread,
Sep 9, 2023, 5:38:27 AM9/9/23
to ZAP User Group

psiinon

unread,
Sep 9, 2023, 8:03:49 AM9/9/23
to zaprox...@googlegroups.com
That's "Getting Started", which does not involve authenticationđŸ˜‰
You need to move beyond that if you want to authenticate...
Have a look at the Automation Framework...

--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/1cee5999-63a8-408d-80ee-dc81d7a2b9fdn%40googlegroups.com.

zinw elzl

unread,
Sep 10, 2023, 3:50:49 AM9/10/23
to ZAP User Group
Automation Framework show only report, can't find data to do manual testing that report.

Simon Bennetts

unread,
Sep 11, 2023, 3:27:55 AM9/11/23
to ZAP User Group
I mention the Automation Framework because your title says "Automated Scan" :)
If you are controlling ZAP manually then you can run whichever tools you want when you want them.
To include manual findings in a report generated by ZAP then you need to manually create ZAP alerts.
If you can give us more details on what you are trying to achieve then we should be able to help you get further.

Cheers,

Simon

zinw elzl

unread,
Sep 12, 2023, 5:43:53 AM9/12/23
to ZAP User Group
everything it tested.
Now, I have all data to test it more.
Does Automation Framework save somewhere data like Automated Scan does in Sites Tree?

Simon Bennetts

unread,
Sep 12, 2023, 7:02:28 AM9/12/23
to ZAP User Group
The Automation Framework doesnt change how ZAP works, its just another interface to ZAP.
ZAP works in the same underlying way whether you control ZAP manually, use the Packaged Scans, the Automation Framework, or the API.
So yes, the AF saves data in the Site Tree, which is ZAP's representation of your application(s).

Cheers,

Simon

zinw elzl

unread,
Sep 13, 2023, 5:04:01 AM9/13/23
to ZAP User Group
I run AF in GUI, but don't see anything new in Site Tree.
What I'm doing wrong? 

Simon Bennetts

unread,
Sep 13, 2023, 5:52:14 AM9/13/23
to ZAP User Group
Unfortunately I'm not telepathic :P
What output are you seeing in the Automation / Output tab?
Feel free to obfuscate anything sensitive...

It may be worth starting a new ZAP session before running the plan, that way the Sites tree will show the URLS found by the AF plan.

Cheers,

Simon

zinw elzl

unread,
Sep 14, 2023, 5:30:48 AM9/14/23
to ZAP User Group
Test script make error, removing script AF works.
Reply all
Reply to author
Forward
0 new messages