Intercepting WebSocket using Zap Manual Explore

[Basanth ...]

Hi,

I'm trying to use ZAP to intercept WebSockets, when I tried to launch a URL which triggers WebSocket connection I could see an error.

1. Launch https://websocket-echo.stackblitz.io/ in Chrome I am seeing an error in browser.

{"error":{"code":401,"message":"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.","errors":[{"message":"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.","domain":"global","reason":"unauthorized"}],"status":"UNAUTHENTICATED"}}

2. The Zap shows entries in WebSockets tab and I could fuzz it.

When we navigate to https://websocket-echo.stackblitz.io/ in Chrome no error thrown but when launched from Zap it shows above mentioned error.

Please if anyone faced similar issue?

[Basanth ...]

Zap was overwriting the token as I had an env variable set ZAP_AUTH_HEADER_VALUE 

After removing that all good.