Is there a way to make Spider use custom Authorization headers with every request?
84 views
Skip to first unread message
Marty
Aug 2, 2022, 10:52:01 AM8/2/22
to OWASP ZAP User Group
Hello there,
After reading the documentation, I'm still having issues making Spider use custom Authorization headers. There are mainly two questions regarding this:
1) In the documentation, it is mentioned that ZAP_AUTH_HEADER_VALUE global variable can be used to pass custom Authorization headers to Spider. However, I was not able to find where this global variable should be used in order to make Spider use it for all requests sent, maybe there's some piece of information that I've missed?
2) If the 1st option will not work, is there any way to make Spider use a string from a Python script as a custom Authorization header value?
Thanks in advance for your help!
1) In the documentation, it is mentioned that ZAP_AUTH_HEADER_VALUE global variable can be used to pass custom Authorization headers to Spider. However, I was not able to find where this global variable should be used in order to make Spider use it for all requests sent, maybe there's some piece of information that I've missed?
2) If the 1st option will not work, is there any way to make Spider use a string from a Python script as a custom Authorization header value?
Thanks in advance for your help!
kingthorin+owaspzap
Aug 2, 2022, 2:06:21 PM8/2/22
to OWASP ZAP User Group
#1 that refers to an environment variable (ex: set at the OS level).
#2 You could use an HTTP Sender script.
Other: You could use a Replacer rule.
Reply all
Reply to author
Forward
0 new messages