Pan conPan
Reputation: 15
Basic Authorization in Zapproxy API
I have this curl to call an api:
curl -X POST -u user:password /to/the/end/point
And if i get the request with zapproxy i can send this and do an active attack, but i am trying this calling to the python api. I cant authenticate using basic authorization (base64 or user:password). I am trying creating a context with the gui and export and using it with zap-api-scan.py, but it dont work.
I have already read these post:
https://zaproxy.blogspot.com/2017/06/scanning-apis-with-zap.html
Basic Authorization in OWASP ZAP
But I have not found the solution.
Please can you help me?
Thanks.
I have this but dont work, dont import the context:
#!/usr/bin/env python
from zapv2 import ZAPv2
target = 'https://target/to/api'
zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8888', 'https': 'http://127.0.0.1:8888'})
zap.context.import_context("/file/context")
print 'Accessing target %s' % target
zap.urlopen(target)
time.sleep(2)
print 'Spidering target %s' % target
scanid = zap.spider.scan(target)
time.sleep(2)
print 'Spider completed'
time.sleep(5)
print 'Scanning target %s' % target
scanid = zap.ascan.scan(target)
print 'Scan completed'
Upvotes: 0
Views: 1072
Answers (0)
Related Questions
- OWASP ZAP, how to authenticate using Form-based Auth Login context and POST request
- Create ZAP context using ZAP-CLI
- Authenticate to an API with OWASP ZAP without using OpenAPI or Swagger specs
- Basic Authorization in OWASP ZAP
- ZAP Authentication for recorded api calls
- How to set up authentication method as json based POST request Data in zap API client?
- ZEST script authentication using OWASP ZAP
- basic http auth in zappier code
- ZAP API session authentication
- ZAP Authentication using API calls