Advanced Spider Techniques

Form handling represents a crucial Spider capability often requiring manual configuration. The Spider attempts to submit forms with default values, potentially missing functionality requiring specific inputs. Configure form field values through Options > Spider > Form Processing. Common configurations include valid email formats, phone numbers, and dates. Some forms require specific values to proceed, necessitating manual hints for the Spider.

Authentication handling enables spidering of protected application areas. Configure authentication through Context settings before spidering. The Spider uses configured credentials to maintain authenticated sessions while crawling. Session timeout handling requires attention—configure re-authentication scripts if sessions expire during lengthy crawls. For complex authentication flows, record authentication sequences using ZAP's proxy before spidering.

The Ajax Spider requires special configuration for optimal results. Browser selection impacts compatibility and performance—Chrome generally offers the best support for modern applications. Click depth settings control how many user interactions the Ajax Spider attempts. Higher depths discover more content but exponentially increase crawling time. Element exclusions prevent the Spider from clicking logout buttons or destructive actions. Configure these settings based on application complexity and available time.