How to use a custom csrf token name in ZAP-CLI?
dizzersee opened this issue · 1 comments
dizzersee commented
My CSRF-token is named _token
. In ZAP GUI I can include it via the options -> Client Cert menu.
I think I need the -start-options '-config XYZ'
flag. Which key-value pair do I need for the extra token name?
dizzersee commented
I figured it out:
-start-options '-config anticsrf.tokens.token\(0\).enabled=true -config anticsrf.tokens.token\(0\).name=\_token'