Some questions about how Zap works

[Lucas Sacramento]

Hello, I am developing a project using Zap and I have three questions, but I couldn't find any satisfactory answers in the documentation.

Can elements in the request header be used like message regex for authentication?

Does the scan with Zap work on applications built with the Flutter framework?

How does Zap, through the graphical interface, correctly select the URL with the .* regex? I am trying to automate some processes via the API and couldn't find a native way in the API to do this. Could you recommend some study material so I can reproduce this method?

[Simon Bennetts]

Hiya,

Answers inline:

Hello, I am developing a project using Zap and I have three questions, but I couldn't find any satisfactory answers in the documentation.

Can elements in the request header be used like message regex for authentication?

Doesnt that depend on the target app?

For details of how to handle authentication in ZAP see https://www.zaproxy.org/docs/authentication/

 

Does the scan with Zap work on applications built with the Flutter framework?

ZAP works with web apps, it should not matter how they were created.

How does Zap, through the graphical interface, correctly select the URL with the .* regex? I am trying to automate some processes via the API and couldn't find a native way in the API to do this. Could you recommend some study material so I can reproduce this method?

You can use the Search tab to find requests using regexes, you can even specify if these should match the URL, the request, response, header etc.

https://www.zaproxy.org/docs/desktop/ui/tabs/search/

Can you explain what result you are trying to achieve?

There are lots of ways of doing things in ZAP, including using scripts, which will be more suitable for many purposes.

Cheers,

Simon