I need to attack endpoints via OWASP ZAP tool (got 2.5.0 version). I tested endpoints via Postman. I`ve got Authorization with Type: Basic Auth, Username:exampleUserName, Password: examplePass.
Please could you give me any hints, how to set up Basic Auth in OWASP ZAP please?
I set up User for my Context. What esle is needed?
Found solution:
1) Control Panel -> Internet Options -> Connections ->LAN Settings -> check "Use a proxy for etc." -> click OK
2) Send request via Postman with Basic Auth
3) The endpoint is visible in OWASP ZAP tool, in Sites section
4) right click on endpoint, choose Atack action
We have a FAQ for that :) How can ZAP automatically authenticate via forms?
Copied here for reference:
Via the UI:
If the "Forced User Mode disabled - click to enable" button is not enabled then you have not configured enough information for ZAP to authenticate - double check that you have performed all the above steps.
If you have enabled "forced user mode" and are still not logged in when you access your application then look at the requests in the History tab:
If you need to make multiple requests to login then the best option is to record a Zest authentication script and to test this isolated first.
The FAQ also details how to set up authentication via the ZAP API.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.