i don't know how use cookie on zap scanning website, right click on domain attack>active scan subtree.
i have tried after doing request website valid cookie (i logged), in case zap takes last cookie, apparently doesn't, result have scanned login, not have accessed when logged.
thank much.
i found needed, context, doesn't work providing cookie (which too) login credentials
https://github.com/zaproxy/zap-core-help/wiki/helpstartconceptsauthentication#formbased
Comments
Post a Comment