Extract all rest api with payload.

[Anand M R]

Hi,

I have a web app that uses rest api. It uses jwt token for api authentication. I want to extract all api details with payloads used in web app automatically. I don't want to do active scan. Is it possible using zaproxy.

Thanks

[Naveen Rajamannar]

--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/CA%2BY9zv7gNwRyxFHkPhSXvgyGipe7Y%2B7r9PZLumJsbJV6idzF5w%40mail.gmail.com.

[Simon Bennetts]

Hiya,

ZAP is very flexible, and will only do what you tell it to do.

If you dont want to active scan then dont tell ZAP to do it!

You will however need to explore your web app effectively in order to trigger as many of the API calls as possible.

See https://www.zaproxy.org/docs/getting-further/automation/exploring-your-app/

Cheers,

Simon