ZAP Authentication using API calls

Question

I am using ZAP API calls to test a site using command line. But I have a problem with the user authentication even though I am following the correct steps. But I still can't manage to pass the login page when spider as a user. Below are the steps that I am follwing.

1.Include in the context (context/includeContext)

2.Change Authentication Method to formBased. (authentication/setAutenticationMethod) Here I only pass contextID,authMethodName and in authMethodConfigParams only the logiunUrl. Not the loginrequestData. I tried to pass authMethodConfigParams as

loginUrl=**********************&loginRequestData=username={%username%}&password={%password%}

but the field doen't fills up when I use this.

3.Set the login Indicator (authentication/setLoggedInIndicator)

4.Enable auto Reauthentication (auth/autoReauthON)

5.Add a new user (users/nweUser)

6.Set credentials for user ( users/setAuthenticationCredentials)

7.Enable user (users/setUserEnabled)

8.Spider as the new user (spider/scanAsUser)

But in spidering it cannot get pass the log in page. When I Open the UI application all the API calls have been worked and all the settings have been configured on the session properties. But when I check the POST request it is as below.

username=ZAP&password=ZAP&rememberMe=true

I think this is the problem. Why doesn't it take the new users credentials??

Thanks in advance

Answer 1

The problem in my question was that the way I use to pass authMethodConfigParams was wrong. authMethodConfigParams are expected to be "x-www-form-urlencoded" , not in the normal form. So I used http://www.url-encode-decode.com/ to convert my authMethodConfigParams and passed it on the API. Also when passing scanAsUser I have to pass in "x-www-form-urlencoded" format. So this was my solution