owasp authentication script not inputting provided password and username and instead inputting ZAP for both

19 views
Skip to first unread message

janik D

unread,
Jun 27, 2022, 7:10:03 AMJun 27
to OWASP ZAP User Group
hey guys,
I am currently trying to automate a logged in scan of our company website. I recorded a zest script of logging into the website and the recording worked. I have added a user to the session and used forced User mode to ensure it logs in with the user. When then selecting the Get or Post request of the login url it will attempt to login with a custom csrf token every time as needed but both password and username are just changed to ZAP.
Thanks in advance

Simon Bennetts

unread,
Jun 27, 2022, 8:10:43 AMJun 27
to OWASP ZAP User Group

janik D

unread,
Jun 27, 2022, 8:19:42 AMJun 27
to OWASP ZAP User Group
Yes thank you,
i have now found that authentication works if select attack on a context and not on an Url which has been added to a context.
Which has solved this problem

Simon Bennetts

unread,
Jun 27, 2022, 8:21:18 AMJun 27
to OWASP ZAP User Group
Thanks for letting us know!
Reply all
Reply to author
Forward
0 new messages