Bad request/SSL error when setting up authentication on Flask app
18 views
Skip to first unread message
Arya
May 20, 2026, 11:22:28 PM (12 days ago) May 20
to ZAP User Group
Hello.I've been pentesting a Flask app running locally, and when following the Authentication Decision Tree I get unrecognized SSL message errors. Time of occurrence is at the 'set up automation plan with requestor' step.
Unfortunately the decision tree simply assumes the automation plan works and does not provide troubleshooting at this step. Is this a sign that my application is safe or is it a misconfigured zaproxy?
Thanks
thc202
May 21, 2026, 3:19:28 AM (12 days ago) May 21
to zaprox...@googlegroups.com
Hi,
It seems like your test server is not using SSL/TLS, try changing your
URLs to HTTP.
Best regards.
On 21/05/2026 04:01, Arya wrote:
> [image: Screenshot 2026-05-21 095852.png]
> [image: Screenshot 2026-05-21 100041.png]Hello.
>
> I've been pentesting a Flask app running locally, and when following the Authentication
> Decision Tree <https://www.zaproxy.org/docs/authentication/> I get
It seems like your test server is not using SSL/TLS, try changing your
URLs to HTTP.
Best regards.
On 21/05/2026 04:01, Arya wrote:
> [image: Screenshot 2026-05-21 095852.png]
> [image: Screenshot 2026-05-21 100041.png]Hello.
>
> I've been pentesting a Flask app running locally, and when following the Authentication
Arya
May 21, 2026, 9:35:22 AM (11 days ago) May 21
to ZAP User Group
Thanks, fixed the SSL errors.
But now the requester isn't trying to login at all. The decision tree page says there should be some requests with source 'auth' but there are none, the admin page is still 401 UNAUTHORIZED (the context is an admin account) and the requestor job finishes instantly, neither does it open the browser.
Thanks
Reply all
Reply to author
Forward
0 new messages