Handle browser extension-based authentication in dApp (web3)

Wayna Runa

unread,

Jul 14, 2025, 12:17:04 PM7/14/25

to ZAP User Group

Hi there,
I'm able to scan a dApp (webapp that interacts with blockchain networks), however, many of these webapp use Metamask to get authenticated and thus be able to perform certain actions. In this case, ZAP can not trigger the extension to authenticate the webapp.

These dApps are SPA and use JS / TS technology. There are many dApps examples online out there. This is one I use for testing.
* An example: https://metamask.github.io/test-dapp/

The Metamask extensions are:
- https://addons.mozilla.org/firefox/addon/ether-metamask/
- https://chromewebstore.google.com/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn

Any recommendation to automate Metamask-based authentication from ZAP?
I appreciate your helps with this.
Regards.

- WR

Simon Bennetts

unread,

Jul 14, 2025, 12:44:02 PM7/14/25

to ZAP User Group

Hiya WR,

For manual testing you can either manually configure your browser to proxy through ZAP, or you can configure ZAP to install the relevant extension when it launches browsers: https://www.zaproxy.org/docs/desktop/addons/selenium/options/#browser-extensions

If via automation then we'd need more info, I've not come across Metamask before so have no idea how it works.

Cheers,

Simon

Wayna Runa

unread,

Jul 15, 2025, 2:39:12 AM7/15/25

to ZAP User Group

Thanks Simon for sharing this info. I'll try that and I'll come back to here.
Cheers.

Reply all

Reply to author

Forward