Session Contexts dialogs

These screens allows you manage contexts.

There is a set of screens for each context you define.

Top screen

This allows you to set the context name and description.

Include in context

This allows you to manage the URLs which will be included in the context.
URLs which dont match any of the regexs will not be included in the context.

Exclude from context

This allows you to manage the URLs which will be excluded from the context.
You only need to specify regexs for URLs that you do not want to include but which match one or more of the 'include' regexes.

Tecnología

This allows you to specify the technologies used in the context, if known.
By default all technologies are included.
If you exclude technologies that you know are not used then this may speed up active scanning as rules specific to the excluded technologies can be skipped.

Autenticación

This allows you to manage the way in which Autenticación is being done for the Context. Note that changing the authentication method after Users have been defined will cause them to be deleted, as the type of user credentials needs to match the authentication scheme. After selecting the Authentication Method type, the options that need to be configured depend on the Authentication Method.

Manual Authentication

No configuration is needed for this authentication method. Read more...

Form-Based Authentication

To configure this authentication method, you need to supply the login url, to which the login request is performed, the request body (POST data), if needed, and identify the parameters used to supply the 'username' and 'password'. If no request body is supplied, the login request is performed as a HTTP GET, otherwise an HTTP POST is used. The credentials themselves are configured in the Users tab. Read more...

HTTP/NTLM Authentication

To configure this authentication method, you need to supply the hostname and the port of the server the authentication is done with and the realm the credentials apply to. The credentials themselves are configured in the Users tab. Read more...

Script-Based Authentication

To use this authentication method, you first need to write (and save) an Authentication Script using the Scripts tab (see the provided examples and templates for this script type in the Scripts tab). Then you need to supply the name of the script in the dropdown list. After selecting the script, you need to press the Load button, loading all the requirements of the script. Any parameters that you have specified as required or optional in the script will be shown in the interface to be defined. Their values are available to be used in the script, during the authentication, as seen in the provided examples for Authentication Scripts. Make sure that after doing any changes to the parameters required by the Authentication script you re-load the script. Otherwise, the parameters shown in the interface might not be the ones used during the authentication and errors might occur. Se mostrará la credentials used for each User during the authentication processed can be also specified in the Authentication Script and are configured in the Users tab. Read more...

Session Management

This allows you to manage the way in which Session Management is being done for the Context. After selecting the Session Management Method type, the options that need to be configured depend on the Session Management Method.

Cookie-Based Session Management

No configuration is needed for this session management method. Read more...

Users

This allows you to configure a set of Users that may be used for various other actions throughout the application.

The credentials section of the Users depends on the Authentication Method configured for the Context.

URL regexs

In the Include in *, Exclude from * panels and the Logged in/out indicators of the Autenticación panel, you can enter regular expressions to define excluded URLs. While you can escape a single meta-character with a backslash, you can also use the \Q...\E escape sequence. All the characters between the \Q and the \E are interpreted as literal characters. E.g. \Q*\d+*\E matches the literal text *\d+*. This escape sequence is used in ZAP when you exclude URLs via some context menus.
Note: If your URL contains a "\E", then you have to do the following steps when using the \Q...\E escape sequence:
Example: https://subdomain.example.com/path?a=\E&moredata=2 should appear as \Qhttps://subdomain.example.com/path?a=\E\\E\Q&moredata=2\E

Acceso vía

     Top level File menu'Properties...' menu item

Vease también

     UI OverviewPara una vista general sobre la interfaz de usuario
     Dialogsfor details of the dialogs or popups
     Autenticaciónfor an overview of Authentication
     Session Managementfor an overview of Session Management