Captcha handling in ZAP
1,272 views
Skip to first unread message
Zap
Mar 30, 2017, 2:37:02 AM3/30/17
to OWASP ZAP User Group
Hi,
My website has captcha in few forms.
I need to know how to handle captcha fields in these forms.
Please help me.
My website has captcha in few forms.
I need to know how to handle captcha fields in these forms.
Please help me.
Bob
Dec 7, 2017, 3:51:46 AM12/7/17
to OWASP ZAP User Group
I have this problem too, any suggestion regarding to how to deal with the CAPTCHA when scanning?
Best regards,
Bob
kingthorin+owaspzap
Dec 7, 2017, 4:10:03 AM12/7/17
to OWASP ZAP User Group
Is this really a question?
Bob
Dec 7, 2017, 10:23:08 PM12/7/17
to OWASP ZAP User Group
Hi Kingthorin,
Thanks for your reply. I know the CAPTCHA is for apart the human and machine, the CAPTCHA ca prevent CSRF in some extent, and bypassing the CAPTCHA in an automation testing is impossible.
I would like to know that if the web application can't remove the CAPTCHA while testing or create a testing environment without CAPTCHA, is there any way or backdoor to login the web application, so that the scanner's spider can crawl the entire web application which behind (be protected) the login page. I know this seems out of the scope of our topic, but any references or links will be appreciate.
Best regards,
Bob
Reply all
Reply to author
Forward
0 new messages