Access to websites containing cognito with owasp zap

25 views
Skip to first unread message

vel

unread,
Jun 30, 2022, 10:41:09 AMJun 30
to OWASP ZAP User Group
Hello.

I have found another issue that I would like to post.
Currently we want to connect from owasp zap to a website where aws cognito is configured.
I have set the login screen URL to "Login from Target URL" and "URL to GET Login Page" in configure Authentication Method. However, we could not confirm the log of the successful connection.

We apologize for the lack of information, but we would appreciate it if you could provide us with some guidance.

Simon Bennetts

unread,
Jun 30, 2022, 10:45:25 AMJun 30
to OWASP ZAP User Group
See https://www.zaproxy.org/docs/authentication/ particularly the part about not using SSO if you can help it :)

It should be possible to configure ZAP to handle it but it wont be easy.
Its not something I've tried or am planing to try anytime soon I'm afraid.

Has anyone else looked into this?

Cheers,

Simon

vel

unread,
Jul 1, 2022, 10:01:18 AMJul 1
to OWASP ZAP User Group
Hello.

Thank you for your answer.
I shared the answer with the members and we have decided not to implement it at this time. Thanks for the very useful information.

Thank you.

2022年6月30日木曜日 23:45:25 UTC+9 psi...@gmail.com:
Reply all
Reply to author
Forward
0 new messages