Proxy converts HTTP POST to GET when the HUD is enabled #1192
Labels
Comments
|
Moved to the HUD repo, most likely caused by the HTTPS upgrade done by the HUD. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
If ZAP is used to proxy requests from another application to a web server, and the ZAP HUD is enabled, then when the application issues an HTTP POST request, it is forwarded to the web server as a GET request. Note that this does not affect HTTPS requests.
Steps to reproduce the behavior
Save the attachment as "post.html".
Open it in a web browser (I used Firefox 109.0.1).
Set the browser's proxy to the ZAP proxy at localhost:8080.
Use the ZAP toolbar button to enable the HUD.
Press the "post" button on the form.
The ZAP HTML history windows shows a new HTTP GET request to http://httpbin.org/post.
The browser displays "405 Method Not Allowed".
Expected behavior
ZAP should show a POST request to "http://httpbin.org/post" and the web browser should show the header and contents of the POST request. This behavior is observed when the ZAP HUD is disabled.
Software versions
Version: 2.12.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
post.html.txt
The text was updated successfully, but these errors were encountered: