I have an issue in ZAP scripts.
I tried to create a login script using Zest. Most of the requests work except two of them. I found something was fishy when re-sending the request worked as expected (status code is 200) so i proxy chained Zap and saw that on the script request, there is multiple cookie header.
Original :
Cookie: cookie_1
Cookie: cookie_2
Cookie: cookie_3
[...]
Cookie: cookie_n
Resent:
Cookie: cookie_1;cookie_2;cookie_3;[...];cookie_n
The first request doesn't comply with RFC 6265
5.4. The Cookie Header
The user agent includes stored cookies in the Cookie HTTP request header.
When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field.
In my case, the server enforce this and only the first cookie is parsed.
So, my question, is there a way in ZAP to fold cookies into a single one when the cookie are added by zap during a zest script?