dicksnel
commented
2 years ago Hi, it seems there is a space missing after your -z parameter. Also there is an * at the end of your command.
Closed amankumarchagti closed 2 years ago
dicksnel
commented
2 years ago Hi, it seems there is a space missing after your -z parameter. Also there is an * at the end of your command.
amankumarchagti
commented
2 years ago that * is added by mistake..and regarding the space, is it mandatory??
amankumarchagti
commented
2 years ago @dicksnel I've updated the above command..but it is still not working.
dicksnel
commented
2 years ago @amankumarchagti like in the example, if you have a newline you should end it with a slash:
I tested the auth params on an intentionally vulnerable website (altoromutual.com) but there was not any authenticated URL in the report. I used the following command. can someone from the team please re-check the command or if the command is right, can you plz check the issue of why auth params aren't working.
sudo docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j -d -t http://altoromutual.com -J report.json -r report.html --hook=hook.py -z "auth.loginurl=http://altoromutual.com/login.jsp \ auth.username="admin" \ auth.password="admin" \ auth.username_field="uid" \ auth.password_field="passw" \ auth.submit_field="btnSubmit" \ auth.submitaction="Login" \ auth.include=http://altoromutual.com.* \ auth.exclude=http://altoromutual.com/logout.jsp" Thank you