Authentication (Cognito/NextAuth) simulation via session/cookie
32 views
Skip to first unread message
Maxb_dev
Sep 11, 2025, 4:11:27 PM (12 days ago) Sep 11
to ZAP User Group
Hi,
I'm trying to found how i can make the ZAP to log my user in based on Cognito login (it have MFA) so i thought about extracting the cookie session from another browser login page but i don't found how to achieve that.
Basically my app login flow is :
/login -> cognito redirection (Username+password +MFA) -> redirect back on my app with nextauth and set session/cookie.
/login -> cognito redirection (Username+password +MFA) -> redirect back on my app with nextauth and set session/cookie.
Currently i'm stuck finding a way to achieve that authentication with the ZAP tools.
If anyone done that and can assist.
Thanks
Simon Bennetts
Sep 15, 2025, 7:07:37 AM (8 days ago) Sep 15
to ZAP User Group
Hiya,
For anything related to authentication see https://www.zaproxy.org/docs/authentication/
ZAP can handle TOTP fields, but we do recommend that you try to make your life easier :)
Cheers,
Simon
Maxb_dev
Sep 15, 2025, 5:29:58 PM (8 days ago) Sep 15
to ZAP User Group
Thanks,
i'll give it a try without MFA.
But can ZAP handle a redirection authentication to cognito and set username/password on another site than the requested page site initially ?
Best regards,
Simon Bennetts
Sep 16, 2025, 8:51:36 AM (7 days ago) Sep 16
to ZAP User Group
Reply all
Reply to author
Forward
0 new messages