Hi [,
I’m currently working on automating security scans using the ZAP SDK in Java and have encountered a challenge with handling authentication for certain types of URLs. Specifically, I’m trying to perform authentication scanning on endpoints that require OTP (One-Time Password) verification or Two-Factor Authentication (2FA). These URLs don’t follow the traditional username and password fields typically managed with JSON-based authentication.
Issue DetailsUsing JSON-based authentication is straightforward for URLs that involve username and password fields. However, for URLs requiring OTP or 2FA:
I understand that ZAP supports Script-based Authentication, which allows for customization in handling multi-step authentication. I would like guidance on setting up this type of authentication using the ZAP SDK.
Assistance NeededCould you please provide information on:
private void createOrLoadContext(String target,ClientApi clientApi) throws ClientApiException {
ApiResponse contextIdResponse = clientApi.context.newContext(contextName);
CONTEXT_ID = ((ApiResponseElement) contextIdResponse).getValue(); // This gives the context ID
log.info("Created context with ID: " + CONTEXT_ID);
try {
// Include the URL in the context
clientApi.context.includeInContext(contextName, target);
clientApi.context.includeInContext(contextName, target + ".*"); // You can also include a wildcard URL
log.info("Included URL in context: " + target);
} catch (ClientApiException e) {
log.error("Failed to include URL in context: " + e.getMessage());
throw e;
}
try { Thread.sleep(2000); } catch (InterruptedException e) { e.printStackTrace(); }
verifyUrlsInContext(clientApi);
}
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/d68cef92-ddab-4404-bddf-fc81e2050ff9n%40googlegroups.com.