Closed GoogleCodeExporter closed 9 years ago
In step 1, the regular expression should include all the pages of interest. For
example, to match all pages under https://iportal.sharepoint.com/ it can be
used the following regular expression:
\Qhttps://iportal.sharepoint.com\E.*
Otherwise sub-pages will not be in the defined context and no authentication is
attempted.
In step 3, the username shouldn't need the domain, so you should also try
without it.
Did you enable "Forced User" mode [1] before step 6?
Would you mind updating the regular expression and give it another try? It it
keeps failing try send a manual request [1] to the provided attack URL with
forced user mode enabled and check the status code of the response. The quick
start requires 200 status code.
[1]
https://code.google.com/p/zaproxy/wiki/HelpUiTltoolbar#/_Force_User_Mode_On_/_Of
f
[2] https://code.google.com/p/zaproxy/wiki/HelpUiDialogsMan_req
Original comment by THC...@gmail.com
on 16 Apr 2015 at 2:05
ZAP has been migrated to github
This issue will be on github issues with the same ID:
https://github.com/zaproxy/zaproxy/issues
Original comment by psii...@gmail.com
on 5 Jun 2015 at 9:18
Original issue reported on code.google.com by
kanki...@gmail.com
on 16 Apr 2015 at 7:09