How to attack POST/PUT/DELETE calls in ZAP

195 views
Skip to first unread message

Mahendra Aitha

unread,
Oct 16, 2015, 8:20:24 AM10/16/15
to OWASP ZAP User Group
After manual crawling if I start attack on particular node (my REST API node) its attacking with only GET calls. Kindly suggest how to attack all POST/PUT/DELETE calls.

Thanks

kingthorin+owaspzap

unread,
Oct 16, 2015, 8:25:30 AM10/16/15
to OWASP ZAP User Group
When you say "manual crawl" is that meant to imply that ZAP has seen the necessary POST/PUT/DELETE requests?

Do you have "POST Data" selected as an injectable target?
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscaninput

Mahendra Aitha

unread,
Oct 16, 2015, 1:05:37 PM10/16/15
to zaprox...@googlegroups.com

Yes, when I crawl manually all requests get tracked by ZAP, when I do attacks entire node instead of all requests it's attacking only GET requests, even I configured properly what you suggested.

Thanks
Mahi

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/hNnt9qvCBLU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages