how to add anti CSRF token via restful api in ZAP?
147 views
Skip to first unread message
Tauhidul Islam
Jan 24, 2013, 9:18:20 AM1/24/13
to zaprox...@googlegroups.com
To add anti CSRF token, I am using http://zap/JSON/acsrf/other/genForm/?hrefId="token" restful API , but getting following error message:
{"code":"bad_format","message":"Bad Format","detail":"hrefId"}
any clue?
Simon Bennetts
Jan 24, 2013, 9:23:57 AM1/24/13
to zaprox...@googlegroups.com
Hi Tauhidul,
That operation is for generating a form for testing for CSRF vulnerabilities, and takes an integer as an argument. I realise we need to document the API calls better ;)
The API doesnt currently support adding anti CSRF tokens, but it shouldnt be difficult to do - I'll try and do that before we release ZAP 2.0!
Cheers,
Simon
That operation is for generating a form for testing for CSRF vulnerabilities, and takes an integer as an argument. I realise we need to document the API calls better ;)
The API doesnt currently support adding anti CSRF tokens, but it shouldnt be difficult to do - I'll try and do that before we release ZAP 2.0!
Cheers,
Simon
Simon Bennetts
Jan 24, 2013, 12:24:21 PM1/24/13
to zaprox...@googlegroups.com
Yes, it was pretty straight-forward - committed as http://code.google.com/p/zaproxy/issues/detail?id=469
Cheers,
Simon
Cheers,
Simon
Tauhidul Islam
Jan 25, 2013, 1:02:18 AM1/25/13
to zaprox...@googlegroups.com
Hi Simon,
Cool! Hopefully will get the feature in the next weekly dev build :)
Thanks again!
Cool! Hopefully will get the feature in the next weekly dev build :)
Thanks again!
Reply all
Reply to author
Forward
0 new messages