Query on Authenticating Multi-Field TOTP in Browser-Based Authentication

8 views

Skip to first unread message

ashish Rajanand

unread,

Dec 15, 2025, 4:08:06 AM (yesterday) Dec 15

to ZAP User Group

Hi Team,

I am currently using Browser-Based Authentication and exploring TOTP-based authentication with the ZAP tool.

For TOTP authentication, I understand that we need to pass the TOTP_FIELD variable, similar to the approach described here:
https://github.com/zapbot/zap-mgmt-scripts/blob/master/scans/auth/plans_and_scripts/authtesttotp/bbaplus.yaml

While exploring the application, I came across a scenario where the TOTP is implemented as multiple single-character input fields, with one input box per digit of the OTP, instead of a single input field.

For example, the authentication form contains six separate numeric input fields, each corresponding to one character of the OTP.

I would like to understand:

How can this type of multi-field TOTP input be handled using ZAP Browser-Based Authentication?
Is there a recommended way to map or split the generated TOTP value across multiple input fields during authentication?

Any guidance or best practices for handling this scenario would be greatly appreciated.

Environment Details:

ZAP Version: [2.16.1]

Thank you for your support.

Best regards,
Ashish

Reply all

Reply to author

Forward

0 new messages