{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我只想做你的唯一 的问题《Automate OAuth access token for Zed Attack Proxy S》','https://www.manongdao.com/q-1138794.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to run security scans for few REST APIs. These APIs use OAuth and are divided into two sets each using different Grant Type.
I want to run security scan using ZAP tool and I am not able to automate the process of getting OAuth Token used by the requests.
I am using SoapUI to record the APIs in ZAP which works very fine. But when the token expires, I have to re-record or edit token manually after retrieving it using SoapUI or PostMan.
A kind request to provide steps in little bit detail.
Please let me know if more details are required.
Any help will be really appreciated
I was able to find the solution for this. Posting the solution here as well, please refer following URL:
https://groups.google.com/forum/#!searchin/zaproxy-users/Sam%7Csort:relevance/zaproxy-users/HJZ8gxk17M8/5WQuD7t3AAAJ