HTTP sender script don't processes active scan request after re-auth

13 views
Skip to first unread message

Asker

unread,
Nov 6, 2024, 8:07:35 AMNov 6
to ZAP User Group
I would like to point out that HTTP sender script don't processes active  scan request after re-auth.

I  have automatic plan with active scan and script auth and check session strategy with checking every response, and http sender script that check and replace headers auth token.

When active scanner send request with response contained trigger to re auth, active scan was stopping.
Auth script works done.
HTTP sender script get a new global variable with autn token to set it in header.
And active scan was go on, with request that triggered response with re-auth regex.

But in this request, that was sends second time, auth header dont replaced. It mean that http sender script dont processed this request.

Because of this I have response with re-auth trigger and endless loop of authentication.

How it can be fixed?

The obvious solution is a strategy for poll a specific URL.
But I would like to understand whether it is possible to do it by checking each response.

Simon Bennetts

unread,
Nov 6, 2024, 9:32:05 AMNov 6
to ZAP User Group
I would like to point out that HTTP sender script don't processes active  scan request after re-auth.

Can you double check this?
HTTP sender scripts should be run on all rquests and responses.

Cheers,

Simon

thc...@gmail.com

unread,
Nov 6, 2024, 11:49:57 AMNov 6
to zaprox...@googlegroups.com
And they get disabled when the script has an error (which would explain
why some requests no longer have the expected changes).

Best regards.
Reply all
Reply to author
Forward
0 new messages