问题
I have configured ZAP 2.6 so that it is acting as a proxy for requests from an Android app to a web service over HTTPS. The authentication mechanism is OAuth 2, and so in my login response I get an access token which is then sent in all subsequent request headers as follows
Authorization: Bearer my_long_and_encoded_access_token
Is it possible to get ZAP to recognise this token and use it in tests initiated from the ZAP UI?
I have looked at Automate OAuth access token for Zed Attack Proxy Scans but don't believe this covers my situation.
Thanks.
回答1:
Yes, you can create a script which extracts this token and then uses it in future requests. If you need help with such a script then asking on the ZAP User Group might be a better option than asking here ;)
来源:https://stackoverflow.com/questions/44930565/zed-attack-proxy-automated-scanning-of-webapi-with-oauth