Manually provide headers for authentication

18 views

Skip to first unread message

Tuxlu

unread,

Oct 22, 2025, 12:22:16 PMOct 22

to ZAP User Group

I'm trying to test a website that has quite a complex authentication method (2FA...)

So I want to set up multiple users, and what I'd like is doing a header-based authentication, where I manually provide my headers.

would there be a simple GUI method to say "login root -> header Authorization: Bearer ey..." ?

Right now, I set up a localhost server that provide these headers that I found by inspecting my requests after manually authenticating.

Then I set up in Zap a "json-based authentication" on this server and "header-based authentication" to set the headers with the result of the "login" request.

I guess I could have done the same from inside Zap with a "script-based" authentication" method or something like that, but it was easier for me to do it outside in python.

So it's not ideal, as it require some code to set up.

Thanks in advance for your help.

Simon Bennetts

unread,

Oct 28, 2025, 8:30:37 AM (9 days ago) Oct 28

to ZAP User Group

Hiya,

See https://www.zaproxy.org/docs/getting-further/authentication/handling-auth-yourself/

Cheers,

Simon

Reply all

Reply to author

Forward

0 new messages