1. Documentation
2. The ZAP Desktop User Guide
3. Add-ons
4. Authentication Helper

Authentication Helper

This add-on helps identify and set up authentication handling in ZAP.

The add-on can be used in 2 ways:

• To passively detect authentication features.
• To automatically configure ZAP to handle the authentication features discovered.

The features currently supported are:

• Authentication Tester
• Authentication Request Identification
• Auto-Detect Authentication
• Browser Based Authentication
• Session Management Identification
• Auto-Detect Session Management
• Header Based Session Management
• Verification Identification

This add-on does not currently perform any exploring on its own - it relies upon requests being proxied through ZAP (e.g. via a browser being manually controlled, or integration tests) or requests being generated by ZAP (e.g. via the traditional or AJAX spiders).

You can use the Authentication Tester dialog to see if ZAP can automatically configure authentication handling for you target application(s).

You can also configure ZAP to handle authentication automatically via the Automation Framework by supplying just the login URL and the user credentials in the environment:

env:
  contexts:
  - name: "target"
    urls:
    - https://example.com
    includePaths: []
    excludePaths: []
    authentication:
      method: "browser"
      parameters: 
        loginPageUrl: "https://example.com/login"
      verification:
        method: "autodetect"
    sessionManagement:
      method: "autodetect"
    users:
    - name: "[email protected]"
      credentials:
        username: "[email protected]"
        password: "password123"

Links