[Solved] How to configure the user_token of Damn Vulnerable Web Application within CSRF field while Script based authentication using ZAP?
The modified script within the documentation of Script Based Authentication section for Damn Vulnerable Web Application using ZAP seems incomplete. The complete script is available at Setting up ZAP to Test Damn Vulnerable Web App (DVWA) which is as follows: function authenticate(helper, paramsValues, credentials) { var loginUrl = paramsValues.get(“Login URL”); var csrfTokenName = paramsValues.get(“CSRF Field”); … Read more