Forum Discussion
Bronze IIIntroduction to OWASP ZAP
So, your mistake is that you assume the "/checkout" page is the draft checkout page you are looking for but its not
In order to find the correct page, you are expected to perform a ZAP spider attack. Authentication configurations should be there because only then ZAP will be able to fully crawl the website. After that if you look at the resources ZAP finds carefully, the correct URL should be there
Regarding configuring the ZAP for this Briefing section should guide you
Bronze IIMaybe I'm getting all this wrong, but I think that the problem is that the requested page does not exists at all
Let me elaborate this a little bit more... in the lab tasks we have two pages to investigate:
/useful_admin_stuff
/chekout
You suggests that this is a problem of authentication, in this case I would get a 302 or 308, like is happening with the /useful_admin_stuff, where I can circumvent once the authentication is solved
But for /checkout
I'm just getting a 404 error like if the page doesn't exists
So? Is still something that I'm doing wrong or is the lab missing a page that should be there?
Bronze IIISo, your mistake is that you assume the "/checkout" page is the draft checkout page you are looking for but its not
In order to find the correct page, you are expected to perform a ZAP spider attack. Authentication configurations should be there because only then ZAP will be able to fully crawl the website. After that if you look at the resources ZAP finds carefully, the correct URL should be there
Regarding configuring the ZAP for this Briefing section should guide you
