api.spider.scan - add local storage?

46 views
Skip to first unread message

JWeb Dev

unread,
Apr 13, 2024, 6:25:10 AMApr 13
to ZAP User Group
Hello,

I need to add local storage to api.spider.scan(endpoint.getUrl(), null, "true", contextName, "true") before scanning starts.

Is this possible? I found almost nothing on the Internet. I seem to have figured out how to connect the script.
api.script.load(...)


But I don’t understand what URL I need to insert instead of http://localhost:3000 so that Owasp Zap adds local storage to the URL when it scans?
Or does it not work like that?

Thanks for the help.

Simon Bennetts

unread,
Apr 16, 2024, 9:16:50 AMApr 16
to ZAP User Group
Hiya,

The traditional spider does not use a browser and so doesnt have any way to access local storage.
If you need to use local storage then you will need to use the AJAX Spider.

If you are actually trying to run an authenticated spider then see https://www.zaproxy.org/docs/authentication/ -
Using browser based auth is usually a better option (when it works) than writing youw own authentication scripts.

Cheers,

Simon

JWeb Dev

unread,
Apr 23, 2024, 4:28:43 AMApr 23
to ZAP User Group
Thanks Simon. "Auth using selenium" is very interesting article. I haven't seen it before. I'll read it and take a look to the source code.
Reply all
Reply to author
Forward
0 new messages