-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add more features to Access Control Add-on #8356
Comments
Tracker'ified 😀 |
That would require the user to ensure (somehow) that the session/cookie didn't invalidate as ZAP would have no way to re-auth. If you have actual examples of auth ZAP can't handle please provide them in other tickets. |
Yes, this doesnt hurt much tbh, while testing I start getting 403 or 302 to login page which shows cookie has expired so I just replace it in autorize. This can be an optional feature on top of current working of auth.
I dont know if its ZAP not handling auth well or me not handling ZAP well, but nevertheless I am struggling with it and has already posted at https://groups.google.com/g/zaproxy-users/c/33ZGm6r-k-8 |
Added a few more tasks. |
Added one more task |
It's already possible to test with unauthenticated user. |
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
As discussed in https://groups.google.com/g/zaproxy-users/c/OzrzuhEWmHc new features need to be added to Access Control add-on to make it more useful in RBAC testing.
https://github.com/zaproxy/zap-extensions/blob/6a4f8bc7de3381c08f976d85da1518561ec71d5b/addOns/accessControl/src/main/java/org/zaproxy/zap/extension/accessControl/view/AccessControlStatusPanel.java#L124 ➡ Specifically sets 11pt
https://github.com/zaproxy/zap-extensions/blob/6a4f8bc7de3381c08f976d85da1518561ec71d5b/addOns/accessControl/src/main/java/org/zaproxy/zap/extension/accessControl/view/AccessControlStatusPanel.java#L148 ➡ Specifically sets 11pt
Describe alternatives you've considered
Autorize, Autorepeater Burp Extensions
Screenshots
No response
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: