A question about CSRF token

17 views

Skip to first unread message

Robert Chiang

unread,

Jun 21, 2024, 8:05:12 AM (12 days ago) Jun 21

to ZAP User Group

For my web application, the login REST API will set new cookie named "csrfToken" in response header. And all subsequent REST API calls must add "csrfToken" in request header. How can I achieve this in ZAP? Must I use script?

I've checked Anti-CSRF Tokens add on, but only form param tokens are supported. Seemed it will not help in my case.

Simon Bennetts

unread,

Jun 27, 2024, 11:54:07 AM (5 days ago) Jun 27

to ZAP User Group

How are you handling authentication?

If you have correctly configured ZAP to handle it then it should maintain the cookies for you.

If you are handling it yourself then yes, you will probably have to use scripts.

Cheers,

Simon

Reply all

Reply to author

Forward

0 new messages