ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Advanced Active Scan doesn't use selected User #1560

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. I recorded URL with User 1
2. Then declared Session Properties like context, users, authentication
3. Now I selected Advanced active scan as I wanted to do scan with user 
mentioned in step2.
4. started scan

Actual: when I see request for login from active scan , it shows credentials 
for user1 not the one mentioned in step2

Expected: Scan should happed with user of Step 2

Windows 6
version 2.3.1

Original issue reported on code.google.com by kumarnip...@gmail.com on 11 Mar 2015 at 1:02

GoogleCodeExporter commented 9 years ago
What form of authentication and session management are you using?
Can you provide a suitably sanitized version of the exported Context?

Original comment by psii...@gmail.com on 11 Mar 2015 at 1:52

GoogleCodeExporter commented 9 years ago
1. Authentication is Form Based and Session mgmt is cookie based
2. While I recorded request became as 

"name=vin3%40mailinator.com&pass=123456&form_build_id=form-xxxxxxx&form_id=user_
login&captcha_sid=xxxxxx&captcha_token=xxxxxxxxxcaptcha_response=xxxxx&op=Log+in
"

and I added a user with different credentials let say my email id.
and when U run Advanced active scan I exepect that request should contain new 
added user's login , but it has old one only

Original comment by kumarnip...@gmail.com on 11 Mar 2015 at 4:40

GoogleCodeExporter commented 9 years ago
I think I got things working.
I am able to see selected user name in Responses of other URLs or Page.

Does it mean BODY of request for Login will not contain new user credentials 
but response will?

If it is so, plz confirm 

Original comment by kumarnip...@gmail.com on 12 Mar 2015 at 11:31

GoogleCodeExporter commented 9 years ago
ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18