Good afternoon dear community,
I have an issue with owasp zap scanner. Summary: authentication script not executed before run active scan or crawling.
Here more details: The context authentication use script-based authentication method: session.png
In order to authenticate script contain 4 API calls, all of them depends on each other. auth_script.png
So, basically zap need to execute this script (all four API calls), get a cookies and use it for the further active scan. Only one way to do so - it's to runt the script which contain 4 API calls for authentication OR run selenium script which will do the same but on UI side. For now I trying with script approach (which is looks easier).
But, when I start my active scan owasp zap don't run the script, but just start running the attack against the urls from 'Sites'. active_scan.png
Can someone bring the clarity why that happens and how to setup the context/application/etc to run auth script before run the scan itself?
Until that the server return 403 for all requests because all of them not authenticated.
I hope that someone can help me, I waste already a lot of time to figure out, but still can't find the solution..
The copy of this question also here: https://groups.google.com/forum/#!topic/zaproxy-users/Fs9EoasHycI