Improve Ajax Spider's integration for sites requiring HTTP authentication

[GoogleCodeExporter]

I tried to use the Ajax Spider to crawl a site using a form login.

Even if I was already logged in (a session was active), have enabled the 
session tracking option, have defined a context with a login url and required 
credentials, the spider remained stuck on the login form trying to inject 
random data ... 

I also tried with basic auth. and I got the popup to enter credential manually 
instead of using the one I defined in the authentication parameters of ZAP.

--> 

The idea of the improvement is to improve the Ajax Spider in order to reuse:

- an existing (active) session 
- the login url (if defined in a corresponding context)
- authentication parameters (if defined)
- ...

Original issue reported on code.google.com by patrick....@gmail.com on 3 Apr 2013 at 10:55

[GoogleCodeExporter]

The "Ajax Spider" is already using the session set as active in the "Http 
Sessions" tab and it's also authenticating when the option "Automatic 
re-authentication" is enabled.

The only missing feature is the HTTP authentication ("Options" > 
"Authentication").

The authentication issues that you're seeing are related to issues with the 
authentication extensions not with "Ajax Spider" add-on.

Original comment by THC...@gmail.com on 5 Nov 2013 at 4:25

• Changed title: Improve Ajax Spider's integration for sites requiring HTTP authentication
• Changed state: Started

[GoogleCodeExporter]

Issue 906 has been merged into this issue.

Original comment by THC...@gmail.com on 17 Nov 2013 at 3:21

[GoogleCodeExporter]

https://code.google.com/p/zap-extensions/source/detail?r=842

Original comment by THC...@gmail.com on 14 Dec 2013 at 10:37

• Changed state: Committed

[GoogleCodeExporter]

Included in Ajax Spider v9 release

Original comment by psii...@gmail.com on 16 Dec 2013 at 10:32

• Changed state: Fixed