I am trying to test the sendHarRequest function via the locally provided OWASP ZAP API in order to send a POST Request through ZAP.
I have already tried to encode my request with the ZAP Encoder into other formats, however that wasn't successful either.
{
"request": {
"method": "POST",
"url": "http://service.com/questions/depot?include-backend-answers=false",
"cookies": [],
"headers": [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString": [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
}
I keep getting {"code":"illegal_parameter","message":"Provided parameter has illegal or unrecognized value"} as the response.
On the other hand using the following code within the Request Editor of ZAP works perfectly fine.
POST http://http://service.com/questions/depot?include-backend-answers=false HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 207
Content-Type: application/json
accept: application/json, text/plain, */*
Authorization: Bearer someAuthorizationKey
Host: service.de:12089
{"answerQuestionWrappers":[{"questionId":"QUESTION_BENEFICIARY","answers":[{"optionId":"BENEFICIARY_OPTION_1","groupId":null,"followUp":null,"followUpContainsCheckbox":null,"followUpOnly":null,"value":1}]}]}
I found this post in the OWASP ZAP User-Group https://groups.google.com/forum/#!msg/zaproxy-users/vNfAfWvrCQ0/a73geZ8NBQAJ;context-place=forum/zaproxy-users and I think I have the same problem, however for me there was no clear solution.