Pass-through on Automation Plan
23 views
Skip to first unread message
Declan McLeman
Oct 20, 2025, 1:36:01 PMOct 20
to ZAP User Group
Due to recent changes in Google’s registration process, ZAP is being flagged as suspicious even when using a certified browser. I discovered that configuring a pass-through under Options → Network → Local Servers for the affected websites allows both the authentication tester and manual explore functions to work correctly.
However, these pass-through settings don’t appear to carry over to the Automation Plan, which still results in a 400 Bad Request response from android.clients.google.com/checkin.
Is there a way to enable or apply these pass-through settings within the automation plan so it can function properly?
Simon Bennetts
Oct 23, 2025, 5:07:29 AMOct 23
to ZAP User Group
Hi Declan,
Thanks for reporting this, we were not aware that it had become a problem.
We'll look into it and see what we can do.
We always aim to handle these sort of problems, but we are limited to the features exposed to us via the browsers and Selenium.
Do you have an example valid request for that URL?
When I access it directly in a browser (without ZAP involved) then I get the error: "SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data"
Cheers,
Simon
thc202
Oct 28, 2025, 3:06:41 PM (9 days ago) Oct 28
to zaprox...@googlegroups.com
See new feature:
https://www.zaproxy.org/docs/desktop/addons/automation-framework/environment/#configs
which allow you to define the configs directly in the plan.
Best regards.
On 23/10/2025 10:07, Simon Bennetts wrote:
> Hi Declan,
>
> Thanks for reporting this, we were not aware that it had become a problem.
> We'll look into it and see what we can do.
> We always aim to handle these sort of problems, but we are limited to the
> features exposed to us via the browsers and Selenium.
>
> Do you have an example valid request for that URL?
> When I access it directly in a browser (without ZAP involved) then I get
> the error: "SyntaxError: JSON.parse: unexpected character at line 1 column
> 1 of the JSON data"
>
> Cheers,
>
> Simon
>
> On Monday, 20 October 2025 at 18:36:01 UTC+1 declan....@gmail.com wrote:
>
>> Due to recent changes in Google’s registration process, ZAP is being
>> flagged as suspicious even when using a certified browser. I discovered
>> that configuring a pass-through under *Options → Network → Local Servers*
>> Plan*, which still results in a 400 Bad Request response from
https://www.zaproxy.org/docs/desktop/addons/automation-framework/environment/#configs
which allow you to define the configs directly in the plan.
Best regards.
On 23/10/2025 10:07, Simon Bennetts wrote:
> Hi Declan,
>
> Thanks for reporting this, we were not aware that it had become a problem.
> We'll look into it and see what we can do.
> We always aim to handle these sort of problems, but we are limited to the
> features exposed to us via the browsers and Selenium.
>
> Do you have an example valid request for that URL?
> When I access it directly in a browser (without ZAP involved) then I get
> the error: "SyntaxError: JSON.parse: unexpected character at line 1 column
> 1 of the JSON data"
>
> Cheers,
>
> Simon
>
> On Monday, 20 October 2025 at 18:36:01 UTC+1 declan....@gmail.com wrote:
>
>> Due to recent changes in Google’s registration process, ZAP is being
>> flagged as suspicious even when using a certified browser. I discovered
>> for the affected websites allows both the authentication tester and manual
>> explore functions to work correctly.
>>
>> However, these pass-through settings don’t appear to carry over to the *Automation
>> explore functions to work correctly.
>>
>> Plan*, which still results in a 400 Bad Request response from
Reply all
Reply to author
Forward
0 new messages