ZAP Form based Authentication not working for REST API based application

198 views

Skip to first unread message

Goutam Panda

unread,

Aug 16, 2018, 2:14:53 AM8/16/18

to OWASP ZAP User Group

Hi,

ZAP Form based Authentication not working for REST API based application and UI are HTML5.

ZAP Version 2.7.0

JDK 1.8

My Application URL is: https://172.18.228.230:8445/omnistore-ec/

After login it lands on Home Page, Home page URL: https://172.18.228.230:8445/omnistore-ec/#/home

The authentication request details is attached in the screenshot. Other configurations are also attached as screenshots. I have added the users, exclude context, include context forced user. But the authentication is not properly happening and subsequent testing is properly not happening. What could I be missing?

Regards

ActiveScan.png

AuthenticationRequest.png

AuthenticationRequestDetails.png

ExcludeContext.png

IncludeContext.png

Users.png

Simon Bennetts

unread,

Aug 16, 2018, 3:16:20 AM8/16/18

to OWASP ZAP User Group

Have a look at the 'Diagnosing Problems' section of this FAQ: https://github.com/zaproxy/zaproxy/wiki/FAQformauth#diagnosing-problems

Cheers,

Simon

Reply all

Reply to author

Forward

0 new messages