I am using ZAP API calls to test a site using command line. But I have a problem with the user authentication even though I am following the correct steps. But I still can't manage to pass the login page when spider as a user. Below are the steps that I am follwing.
1.Include in the context (context/includeContext)
2.Change Authentication Method to formBased. (authentication/setAutenticationMethod) Here I only pass contextID,authMethodName and in authMethodConfigParams only the logiunUrl. Not the loginrequestData. I tried to pass authMethodConfigParams as
loginUrl=**********************&loginRequestData=username={%username%}&password={%password%}
but the field doen't fills up when I use this.
3.Set the login Indicator (authentication/setLoggedInIndicator)
4.Enable auto Reauthentication (auth/autoReauthON)
5.Add a new user (users/nweUser)
6.Set credentials for user ( users/setAuthenticationCredentials)
7.Enable user (users/setUserEnabled)
8.Spider as the new user (spider/scanAsUser)
But in spidering it cannot get pass the log in page. When I Open the UI application all the API calls have been worked and all the settings have been configured on the session properties. But when I check the POST request it is as below.
username=ZAP&password=ZAP&rememberMe=true
I think this is the problem. Why doesn't it take the new users credentials??
Thanks in advance
