自动执行Zed攻击代理扫描的OAuth访问令牌 [英] Automate OAuth access token for Zed Attack Proxy Scans
问题描述
我想为几个REST API运行安全扫描. 这些API使用OAuth,并分为两组,每个组使用不同的Grant Type.
I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type.
我想使用ZAP工具运行安全扫描,但无法自动执行获取请求所使用的OAuth令牌的过程.
I want to run security scan using ZAP tool and I am not able to automate the process of getting OAuth Token used by the requests.
我正在使用SoapUI在ZAP中记录API,效果很好.但是,当令牌过期时,在使用SoapUI或PostMan检索令牌后,我必须手动重新记录或编辑令牌.
I am using SoapUI to record the APIs in ZAP which works very fine. But when the token expires, I have to re-record or edit token manually after retrieving it using SoapUI or PostMan.
一种要求提供一些详细步骤的请求.
A kind request to provide steps in little bit detail.
如果需要更多详细信息,请告诉我.
Please let me know if more details are required.
任何帮助将不胜感激
推荐答案
我能够找到解决方案.同样在此处发布解决方案,请参考以下URL:
I was able to find the solution for this. Posting the solution here as well, please refer following URL:
这篇关于自动执行Zed攻击代理扫描的OAuth访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!