Authentication for forms/application using MFA
217 views
Skip to first unread message
PS
May 25, 2022, 10:27:52 PM5/25/22
to OWASP ZAP User Group
Hi, I'm trying to test a web application have MFA. First the authentication using username password and then with the onetime security code sent to the email. Is there a way to automate this using zap?
Thanks in advance
P S
kingthorin+owaspzap
May 25, 2022, 10:39:24 PM5/25/22
to OWASP ZAP User Group
You can script basically anything with ZAP.
So no there isn't an out of the box way to do it. But sure you can use scripting to access the mailbox, open the message, extract the value and pass it to ZAP.
Simon Bennetts
May 26, 2022, 4:23:26 AM5/26/22
to OWASP ZAP User Group
ya juzi
May 26, 2022, 5:53:38 AM5/26/22
to zaprox...@googlegroups.com
Hello, is there a way we can capture browser cookies from a hsts site using zap?
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/c3053924-d231-458f-bc49-890198cdab3cn%40googlegroups.com.
Simon Bennetts
May 26, 2022, 6:47:53 AM5/26/22
to OWASP ZAP User Group
Can you ask that question in a new thread? This one is about MFA tokens :)
ya juzi
May 26, 2022, 6:48:38 AM5/26/22
to zaprox...@googlegroups.com
okay
sorry!
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/6f5cb1ba-4585-4bdf-85bf-b50a45e403b9n%40googlegroups.com.
sonawan...@gmail.com
May 27, 2022, 9:57:38 AM5/27/22
to OWASP ZAP User Group
Hello PS
I also encountered with same problem statement - i have used onetimepass python library to sync OTP token with authenticator app
it worked
(Posted just to help someone if needed)
Reply all
Reply to author
Forward
0 new messages