ZAP Testing API endpoint which returns 403 by default

16 views
Skip to first unread message

Jakub Zilinek

unread,
Oct 31, 2024, 12:22:12 PMOct 31
to ZAP User Group
Hi,
We have an api endpoint like /api/foo, which requires auth, we would like to test the JWT Token.

We would like to use https://www.zaproxy.org/blog/2020-09-03-zap-jwt-scanner/.

But I cant start the JWT fuzz without the first request successing with HTTP 200. 

Any idea how to test that ?

Thank you :)

Simon Bennetts

unread,
Oct 31, 2024, 1:20:15 PMOct 31
to ZAP User Group
Hiya,

Have you tried authenticating first, and then running the JWT fuzz on the endpoint which will hopefully have now returned a 200?

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages