Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
ZAP User Group
Conversations
About
ZAP Testing API endpoint which returns 403 by default
16 views
Skip to first unread message
Jakub Zilinek
unread,
Oct 31, 2024, 12:22:12 PM
Oct 31
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP User Group
Hi,
We have an api endpoint like /api/foo, which requires auth, we would like to test the JWT Token.
We would like to use
https://www.zaproxy.org/blog/2020-09-03-zap-jwt-scanner/
.
But I cant start the JWT fuzz without the first request successing with HTTP 200.
Any idea how to test that ?
Thank you :)
Simon Bennetts
unread,
Oct 31, 2024, 1:20:15 PM
Oct 31
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP User Group
Hiya,
Have you tried authenticating first, and then running the JWT fuzz on the endpoint which will hopefully have now returned a 200?
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages