Hi ZAP Community,
I'm following information for a docker scan from here:
The application has some Form Based Authentication but appears that the application requires some HTTP Headers (cookie values) to be set otherwise it returns a 403 response.
I am having trouble working out how to get the ZAP docker scan to detect these cookies and include them in the POST request.
My thought was to try adding these custom cookie names to the ZAP Options "HTTP Sessions" within the docker file, so that maybe they are included in the login POST request configured. Is there a way to add them via command line?
It does appear the docker scan is performing the authentication, but missing these cookie headers.
Is there any way to configure the Authentication to include either these know cookie values in the request? The values are generated in the Application response on the initial GET request to the login page.
Thanks,
Andrew.