Tom Bola
Reputation: 115
OWASP ZAP: Active scanning manual explored Actions
I started, with an automatic scan of my site under test. Then I have explored it manually to test actions, not found by the automatic scan. These Actions are visible in the History Tab.
I stored the session.
How can I re-run those manually added actions? I didn't find them as executed, when running an active scan again.
Upvotes: 0
Views: 918
Answers (2)
Abhishek Surpur
Reputation: 21
Quite late to the party, but if still someone needs this, here is what you can do.
- Explore all the sites manually which ZAP couldn't detect using spider
- Save a session by clicking on "Snapshot session as"
- Reopen same session and start scanning next time.
Upvotes: 0
Simon Bennetts
Reputation: 6234
You can explore your app in a variety of ways using ZAP:
- Manual exploring - very effective but no good for automation
- Traditional Spider - fast but doesnt handle modernapp which use JS
- Ajax Spider - slower but handles modern apps
- Proxying unit tests - good it you have them
- Importing definitions such as OpenAPI, SOAP, GraphQL
- Proxying a program/script which makes those requests for you
For more details see the vidoes taged 'explore' on https://www.zaproxy.org/videos-list/
Upvotes: 1
Related Questions
- How to login and scan with OWASP Zap
- OWASP/ZAP dangling when trying to scan
- Run a active scan from OWASP ZAP through Ubuntu command line using Open API Definition
- Is there a way to add custom passive scans to zap's active scan?
- How to analyze OWASP ZAP scan results effectively
- Passive Scan in OWASP ZAP Authentication
- OWASP ZAP: Active Scanner in Continuos Integration
- Passive Scan in OWASP ZAP
- OWASP ZAP Passive scan script
- Restrict ZAP scanner