Unable to access ZAP API over HTTPS

Question

Unable to access ZAP API over HTTPS

Opened this issue 7 years ago · 5 comments

The plugin doesn't seem to accept an HTTPS URL for the ZAP API. The "ZAP API URL" field note reads: "The fully qualified domain name (FQDN) with out the protocol. (Eg. zap.example.com)" and attempting to add "https://" as a prefix causes the scan to fail entirely with a network timeout. If the API exposes HTTP as well as HTTPS then it is accessed over tcp/80 only (confirmed in Wireshark).

Is there any way to require HTTPS for the ZAP API URL?

Thanks.

Answer 1 · 2018-05-15T02:08:08.000Z

@604kev At the moment, you are not able to use a HTTPS URL for the ZAP API. This improvement will be made in an up coming update. I'll keep you updated here.

Answer 2 · 2018-05-15T18:15:36.000Z

@kasunkv Thank you for the response, and I'm looking forward to seeing this added.

Answer 3 · 2019-02-05T18:47:02.000Z

Any Updates on when this will be an option

Answer 4 · 2020-04-21T08:49:22.000Z

+1 for this

Answer 5 · 2020-04-21T08:49:59.000Z

@kasunkv - Any idea when this will be possible?