Issue: Failed to attack URL: received a 403 response code

[asif.r...@gmail.com]

There is a wordpress site which I want to attack on, but this is getting fail due to "All in one wp-security" plugin on that site.

Failure displays error: Issue: Failed to attack URL: received a 403 response code

Is there a way to make it work?

[Simon Bennetts]

I'm guessing you are using the "Quick Start" Attack option?
This is a quick way to get started but will not handle things like authentication.
ZAP can scan sites that require authentication but it will take a bit more effort on your part.

Can you proxy your browser through ZAP and explore your application?
Can you identify the HTTP session?
If so you can then try using an "active session" to force the active scanner to use the one you have started with your browser.

There are other options for handling this situation but this is a good place to start.

Cheers,

Simon

[asif.r...@gmail.com]

Yes sure I can. Let me try configuring proxy settings, I hope that work for me.

If you can share any details that will help me in proxy setting then it would be really appreciable. 

Thank you for help Mr. Simon

[Simon Bennetts]

Have a look at the Getting Started Guide that comes with ZAP :)
Its also available online here: https://github.com/zaproxy/zaproxy/releases/download/2.5.0/ZAPGettingStartedGuide-2.5.pdf