zap - 基于 ZAP 表单的身份验证不起作用 - 如何通过直接在网页上提供用户名/密码来扫描网页

问题描述

如何扫描我们需要使用用户名/密码登录的网站的网页。我使用了基于表单的身份验证，但它不起作用，因为我收到如下的 POST 响应。所以请告诉我如何通过手动提供凭据进行扫描。谢谢！

POST 响应： 消息=%7B%22actions%22%3A%5B%7B%22id%22%3A%22114%3Ba%22%2C%22descriptor%22%3A%22apex%3A%2F%2Fapplauncher.LoginFormController%2FACTION% 24login%22%2C%22callingDescriptor%22%3A%22markup%3A%2F%2FsalesforceIdentity%3AloginForm2%22%2C%22params%22%3A%7B%22username%22%3A%22ZAP%22%2C%22password%22% 3A%22ZAP%22%2C%22startUrl%22%3A%22%2Femployee%2Fs%2F%22%7D%2C%22version%22%3A%2250.0%22%7D%5D%7D&aura.context=%7B%22mode %22%3A%22PROD%22%2C%22fwuid%22%3A%22r9KGPExoo3AsD7hYz77h_Q%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A %2F%2Fsiteforce%3AloginApp2%22%3A%22vnhBtFVfVynX5gzVl_c_-A%22%7D%2C%22dn%22%3A%5B%5D%2C%22globals%22%3A%7B%7D%2C%22uad%22%3Afalse %7D&aura.pageURI=%2Femployee%2Fs%2Flogin%2F%3Fec%3D302%26startURL%3D%252Femployee%252Fs%252F&aura.token=未定义

标签： zap