How to use ZAP_AUTH_HEADER_VALUE with AF to pass basic auth?

unread,

May 6, 2022, 12:43:48 AM5/6/22

to OWASP ZAP User Group

I am using Automation Framework (AF) to scan my website which has basic authentication.

I read an article about Authentication Header Environmental Variables.

Then, I thought I would pass basic authentication if I put `ZAP_AUTH_HEADER_VALUE` on the env section of AF.

However, it does not work as I expected.

If I run AF with the env, spider section returns 401 response which means that AF failed to pass basic authentication.

is there any mistake about usage of `ZAP_AUTH_HEADER_VALUE`?

Best Regards.

Koyo

unread,

May 6, 2022, 4:07:36 AM5/6/22

to OWASP ZAP User Group

Hiya Koyo,

ZAP supports a set of Authentication Header Environmental Variables - these will be applied by ZAP if they are defined however ZAP is run, including via the Automation Framework.

These environmental variables must be defined at the system level - if they are defined in the environment env section then they will be ignored.

So you need to set them in your OS before calling ZAP.

Cheers,

Simon

unread,

May 6, 2022, 6:59:14 AM5/6/22

to OWASP ZAP User Group

Hello, Simon.

Thank you for your prompt reply.

I am working on zap with Mac OS.

So, I need to set ZAP_AUTH_HEADER_VALUE on zshrc or bashrc.

Am I correct?

Best Regards.

Koyo

2022年5月6日金曜日 17:07:36 UTC+9 psi...@gmail.com:

unread,

May 6, 2022, 7:02:23 AM5/6/22

to OWASP ZAP User Group

Yes, via whichever shell you are using.

Cheers,

Simon

Reply all

Reply to author

Forward