自动执行Zed攻击代理扫描的OAuth访问令牌 [英] Automate OAuth access token for Zed Attack Proxy Scans

问题描述

我想为几个REST API运行安全扫描. 这些API使用OAuth，并分为两组，每个组使用不同的Grant Type.

I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type.

我想使用ZAP工具运行安全扫描，但无法自动执行获取请求所使用的OAuth令牌的过程.

I want to run security scan using ZAP tool and I am not able to automate the process of getting OAuth Token used by the requests.

我正在使用SoapUI在ZAP中记录API，效果很好.但是，当令牌过期时，在使用SoapUI或PostMan检索令牌后，我必须手动重新记录或编辑令牌.

I am using SoapUI to record the APIs in ZAP which works very fine. But when the token expires, I have to re-record or edit token manually after retrieving it using SoapUI or PostMan.

一种要求提供一些详细步骤的请求.

A kind request to provide steps in little bit detail.

如果需要更多详细信息，请告诉我.

Please let me know if more details are required.

任何帮助将不胜感激

推荐答案

我能够找到解决方案.同样在此处发布解决方案，请参考以下URL:

I was able to find the solution for this. Posting the solution here as well, please refer following URL:

https ://groups.google.com/forum/#！searchin/zaproxy-users/Sam％7Csort:relevance/zaproxy-users/HJZ8gxk17M8/5WQuD7t3AAAJ

这篇关于自动执行Zed攻击代理扫描的OAuth访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！