Questions regarding the AJAXSpider & OpenAPI jobs
25 views
Skip to first unread message
Alexis N.
Nov 26, 2025, 8:36:03 AMNov 26
to ZAP User Group
Hello everyone,
I’ve been doing some tests with the Automation Framework in ZAP Desktop. While running my automation plan, I noticed that the AJAX Spider was filling in every form in my application. Isn’t that a strange behavior? If I’m not mistaken, the AJAX Spider should only interact with JavaScript and not try to inject anything. I haven’t configured any active scans in my automation plan, so I was quite surprised by this behavior. If anyone can explain why this happens, that would be very helpful! :)
Also, has anyone already performed an OpenAPI scan while authenticated? It doesn’t seem to work well on my side, and I’d be very interested in learning how it works. I’ve checked the ZAP chat series and read the documentation, but I’m still struggling, unfortunately.
Also, has anyone already performed an OpenAPI scan while authenticated? It doesn’t seem to work well on my side, and I’d be very interested in learning how it works. I’ve checked the ZAP chat series and read the documentation, but I’m still struggling, unfortunately.
Thanks in advance for your answers and your help !
Best Regards,
Alexis
Simon Bennetts
Dec 1, 2025, 10:32:47 AMDec 1
to ZAP User Group
Hi Alexis,
The AJAX Spider is designed to explore web apps via a browser.
It will attempt to fill in forms in order to try to explore the application as effectively as possible.
In order to import an OpenAPI definition while authenticated then you will need to have configured ZAP to ahndle authentication correctly.
This can be tricky.
A good starting point is https://www.zaproxy.org/docs/authentication/
Can you explain what you have done so far, what you are seeing, and explain why you think it is not working?
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages