Authentication Helper

This add-on helps identify and set up authentication handling in ZAP.

The add-on can be used in 2 ways:

  • To passively detect authentication features.
  • To automatically configure ZAP to handle the authentication features discovered.

The features currently supported are:

This add-on does not currently perform any exploring on its own - it relies upon requests being proxied through ZAP (e.g. via a browser being manually controlled, or integration tests) or requests being generated by ZAP (e.g. via the traditional or AJAX spiders).

You can use the Authentication Tester dialog to see if ZAP can automatically configure authentication handling for you target application(s).

You can also configure ZAP to handle authentication automatically via the Automation Framework by supplying just the login URL and the user credentials in the environment:

env:
  contexts:
  - name: "target"
    urls:
    - https://example.com
    includePaths: []
    excludePaths: []
    authentication:
      method: "browser"
      parameters: 
        loginPageUrl: "https://example.com/login"
      verification:
        method: "autodetect"
    sessionManagement:
      method: "autodetect"
    users:
    - name: "[email protected]"
      credentials:
        username: "[email protected]"
        password: "password123"
ZAP Blog Post: Authentication Help
ZAP Blog Post: Authentication Tester Dialog