Browser based authentication

230 views
Skip to first unread message

psiinon

unread,
Mar 17, 2023, 7:51:32 AM3/17/23
to zaprox...@googlegroups.com
Earlie this week the AuthHelper add-on was updated.
It now includes support from Browser Based Authentication: https://www.zaproxy.org/docs/desktop/addons/authentication-helper/browser-auth/

If you use browser based auth then you can just specify the URL of the login page and the credentials.
It will attempt to submit the form using a browser which means you do not have to specify the exact request or set of requests.
This is known to work with some SSO provides.
It will not work with Google SSO as that blocks any browser controlled by software.

To start with the auth method will only support forms with the username and password both visible.
The plan is to support forms where you have to fill in the user name, submit the form and then fill in the password.

This is all part of the plan to improve authentication support in ZAP https://www.zaproxy.org/blog/2023-01-19-authentication-help/ and is sponsored by our Platinum sponsor Jit.

If you'd like to learn more about sponsoring ZAP then please see https://www.zaproxy.org/sponsor/

Cheers,

Simon
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages