How to use a custom csrf token name in ZAP-CLI?

Question

dizzersee opened this issue 5 years ago · 1 comments

My CSRF-token is named _token. In ZAP GUI I can include it via the options -> Client Cert menu.

I think I need the -start-options '-config XYZ' flag. Which key-value pair do I need for the extra token name?

Answer 1 · 2020-02-21T14:33:46.000Z

I figured it out:

-start-options '-config anticsrf.tokens.token\(0\).enabled=true -config anticsrf.tokens.token\(0\).name=\_token'