Quite old question but here it goes.
The most simple way to do this is setting your browser to Proxy through ZAP.
On Firefox you can go to:
Options -> Advanced -> Network -> Settings.
Select Manual Proxy Configuration and fill the HTTP Host with the address of the machine running ZAP (most probably localhost) and the configured ZAP port.
You can check and configure ZAP port opening ZAP and accessing:
Tools -> Options -> Local Proxy.
Then open your web browser and login to your application.
Now go to ZAP, in the Sites tab (left side of ZAP), select your site, right click on it and select:
Include in Context -> Default Context
Now open the HTTP Sessions tab right click on the session and "Set as Active".
(HTTP Sessions Tab: View -> Show Tab -> HTTP Sessions)
Now you can perform ZAP Spider, Active Scan and so with an logged in session.
If this is not your scenario, please provide more info about which authentication method your application is using.
Hope it still helps you or someone searching for similar questions.
Thanks,
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
