I am trying to perform ajax spider attack in owasp zap. I have set a proxy server in firefox to record. But i have two sites, one normal page and another is API request. Now,when I perform ajax spider in the normal page, only home page is shown but login action is not performed, because it's recorded in site 2. How can I integrate both of the sites to work at the same time? Please provide me guidance on how can do it!
Also asked (and answered) on the ZAP User Group: https://groups.google.com/d/msg/zaproxy-users/jo9_tyy7XLM/180INyTTAQAJ
In this case you need to AJAX Spider a Context with the authentication configured (i.e. include in context "localhost:3000" and authenticate against "localhost:4000"). [1] Having the "login URL" in another server is not a problem.
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
I encountered the same problem and I have asked the question ZAP in user group. When you have two sites for one single application, you need to configure your default context as 1st site, i.e., in your case, localhost:3000 and then use the 2nd site, i.e., your localhost:4000 in authentication section found in default context and perform your test. Hope this helps!
