Reputation: 61
I'm Unable to spider the web page after form-based authentication using Zap-Cli
I'm using Zap-Cli, a command line tool for Owasp ZAP. I'm successful in creating a context for the web page but unable to spider the web page after authentication. It's being done with the GUI tool, but me and my team are working on automating the process from command line. We are stuck at this point. Providing some important links for your convenience.
https://github.com/Grunny/zap-cli https://gist.github.com/kvkvenugopal/1428626e0201a746e390e03880356376
Waiting for help/suggestions. We are trying for 2 weeks now. Everything upto this point is working from the command line. We are able to open the URL, and create a context for authentication. After this point, if we are running spider from the GUI then it is working, but not from the command line.
If required, kindly ask for further details. My team thinks there's some issue with the current ZAP API which is not allowing for spider after authentication from command line.
Any expert suggestion/advice will be helpful.
Thank You.
Upvotes: 1
Views: 630
Answers (1)
Reputation: 6242
The ZAP API does support authentication, but you'll need to set it up as per https://github.com/zaproxy/zaproxy/wiki/FAQformauth I'm afraid I dont know if the Zap-Cli supports this - have you raised an issue on that tool?
Simon (ZAP Project Lead)
Upvotes: 2
Related Questions
- Why is it common to put CSRF prevention tokens in cookies?
- How to perform ZAP active scan (spider, ajaxspider, websocket and active scan) using Azure CI pipeline without docker or via command prompt
- How to run ZAP scan in command line?
- Read OTP from DataBase for OWASP ZAP authentication
- How to perform form based authentication in ZAP docker instead headless scanning
- How to authenticate with OWASP ZAP baseline scan
- Form Based Authentication OWASP ZAP for HTTPS application
- ZAP Authentication using API calls