堆栈内存溢出
  简体   繁体   English

Zed攻击代理身份验证错误(401)-守护程序模式

[英]Zed Attack Proxy Authentication error(401) - daemon mode

 原文  2016-04-27 10:20:57       authentication/ owasp/ zap

问题描述

I have a local website hosted on IIS and I am trying to scan my application with ZAP tool executed in daemon mode. 我有一个本地网站托管在IIS上,我试图用在守护程序模式下执行的ZAP工具扫描我的应用程序。 Everything works fine until I disable the "Anonymous Authentication" method from IIS and the only method enabled is "Basic Authentication". 一切正常,直到我从IIS禁用了“匿名身份验证”方法,并且启用的唯一方法是“基本身份验证”。 The error I get is "Failed to attack the URL: received a 401 response code". 我收到的错误是“无法攻击URL:收到401响应代码”。

Is there any possibility to send the login credentials from daemon mode? 是否有可能从守护程序模式发送登录凭证?

The command looks like this: zap.bat -quickurl "urlToTest" -quickprogress -daemon -cmd. 该命令如下所示:zap.bat -quickurl“ urlToTest” -quickprogress -daemon -cmd。

1 个解决方案

解决方案1
 0 已采纳  2016-04-27 10:47:25

The -cmd option puts ZAP into commandline / inline mode. -cmd选项将ZAP置于命令行/内联模式。 Use the -daemon mode to put ZAP into daemon mode, at which point you'll need to use the ZAP API to interact with it. 使用-daemon模式将ZAP置于守护程序模式,此时您需要使用ZAP API与其进行交互。 To handle authentication you will have to add your application to a Context and then specify the authentication. 要处理身份验证,您将必须将应用程序添加到Context中,然后指定身份验证。 We have a FAQ for Form Based authentication: https://github.com/zaproxy/zaproxy/wiki/FAQformauth You'll need to do something similar but specify 'HTTP/NTLM Authentication' : https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication I'd recommend testing this using the ZAP UI first - you can also then export to Context to reuse in daemon mode. 我们有一个基于表单的身份验证的常见问题解答: https : //github.com/zaproxy/zaproxy/wiki/FAQformauth您需要做一些类似的事情,但要指定“ HTTP / NTLM Authentication”: https : //github.com/zaproxy / zap-core-help / wiki / HelpStartConceptsAuthentication我建议您首先使用ZAP UI进行测试-您还可以将其导出到Context,以在守护程序模式下重用。 Any problems then its probably best to head over to the ZAP User Group: http://groups.google.com/group/zaproxy-users 如果有任何问题,那么最好转到ZAP用户组: http : //groups.google.com/group/zaproxy-users

Simon (ZAP Project Lead) Simon(ZAP项目负责人)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 spotipy 身份验证错误,错误 401 - error with spotipy authentication, error 401 代理验证失败错误 - Proxy Authentication Failed error Grails代理身份验证错误 - Grails Proxy Authentication Error 代理身份验证错误-Python - Proxy authentication error - python 用于R身份验证的twitteR软件包:错误401 - twitteR package for R authentication: error 401 Azure通知中心GCM身份验证错误401 - Azure Notification Hub GCM Authentication Error 401 自定义身份验证筛选器的Spring Security 401错误 - Spring Security 401 error with custom authentication filter 401错误 - 使用AFNetworking AFHTTPClient和Tastypie进行基本身份验证 - 401 error - Basic Authentication with AFNetworking AFHTTPClient & Tastypie 成功进行IMC身份验证后,Worklight身份验证错误401 - Worklight authentication error 401 after successfully IMC authentication 在加速器模式下使用自定义身份验证帮助程序配置鱿鱼(反向代理) - Configuring squid with custom authentication helper in accelerator mode (reverse proxy)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM