zap-cli icon indicating copy to clipboard operation
zap-cli copied to clipboard

Published 20 hours ago verified publisher icon Grunny

Scanning of POST requests

Open lmtc668800 opened this issue 5 years ago • 2 comments

Hello!

I'm trying use zap-cli to scan our application and I succeed to do it on URL which using GET method. However, I met a problem on scanning POST request, since the parameters were not included in the URL, and what I want to check is whether there is any security in those parameters. (In GUI the parameters are also recorded in the tree so that active-scan works)

May I know whether there is anyway to deal with POST requests?

lmtc668800 avatar Mar 15 '19 08:03 lmtc668800

Any update? How does one send POST commands from zap-cli?

gnirlos avatar Mar 10 '20 18:03 gnirlos

It's possible in an expedient way, so I'll share it 😊

  1. Boot ZAP
  2. Call this API for change attack mode
/JSON/core/action/setMode/?mode=attack
  1. Include POST URL in sitetree
  2. run quick-scan! now, when quick-scan is performed, the result of POST has already been scanned in attack mode and the result appears together.

hahwul avatar Nov 12 '21 05:11 hahwul