Web App does not redirect in ZAP browser

[njmulsqb]

Describe the bug

I have a web app whose URL is https://portal.smartlox.io/nyckel/ when you open this in regular browser it redirects to the login page after few seconds, but this is not happening in ZAP browser (tested both on Chrome and Firefox). Plus I have tested this in Burp browser as well and its working fine there too.

Steps to reproduce the behavior

Open https://portal.smartlox.io/nyckel/ in ZAP browser

Expected behavior

It should redirect without any issue

Software versions

ZAP
Version: 2.14.0

Installed Add-ons: [[id=accessControl, version=10.0.0],
[id=alertFilters, version=20.0.0], [id=ascanrules,
version=65.0.0], [id=authhelper, version=0.12.0],
[id=automation, version=0.38.0], [id=bruteforce,
version=15.0.0], [id=callhome, version=0.11.0],
[id=commonlib, version=1.24.0], [id=custompayloads,
version=0.13.0], [id=database, version=0.3.0], [id=diff,
version=14.0.0], [id=directorylistv1, version=7.0.0],
[id=domxss, version=18.0.0], [id=encoder, version=1.4.0],
[id=exim, version=0.8.0], [id=formhandler, version=6.5.0],
[id=fuzz, version=13.12.0], [id=gettingStarted,
version=16.0.0], [id=graaljs, version=0.6.0], [id=graphql,
version=0.23.0], [id=help, version=17.0.0], [id=hud,
version=0.18.0], [id=invoke, version=14.0.0], [id=network,
version=0.15.0], [id=oast, version=0.17.0], [id=onlineMenu,
version=12.0.0], [id=openapi, version=39.0.0], [id=postman,
version=0.3.0], [id=pscanrules, version=57.0.0],
[id=quickstart, version=45.0.0], [id=replacer,
version=16.0.0], [id=reports, version=0.31.0],
[id=requester, version=7.5.0], [id=retest, version=0.8.0],
[id=retire, version=0.34.0], [id=reveal, version=7.0.0],
[id=scripts, version=45.2.0], [id=selenium,
version=15.21.0], [id=soap, version=22.0.0], [id=spider,
version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips,
version=12.0.0], [id=wappalyzer, version=21.34.0],
[id=webdrivermacos, version=79.0.0], [id=websocket,
version=30.0.0], [id=zest, version=44.0.0]]

Operating System: Mac OS X
Architecture: aarch64
Java Version: Eclipse Adoptium 11.0.20.1
System's Locale: en_PK
Display Locale: en_GB
Format Locale: en_PK
Default Charset: UTF-8
ZAP Home Directory: /Users/administrator/Library/Application Support/ZAP/
ZAP Installation Directory: /Applications/ZAP.app/Contents/Java/./
Look and Feel: Mac OS X (com.apple.laf.AquaLookAndFeel)

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

• Yes

[kingthorin]

Probably their use of ReCAPTCHA, hard to say. I'd suggest working with your client/customer to figure it out.

[njmulsqb]

Yeah I had a chat with them but since this is only happening on browsers linked with ZAP so they can't do much about it.

Website working fine with Burp proxied browser or any other non-proxied browser so definitely something is happening with ZAP.

[psiinon]

Interesting. I can reproduce it here, and there are no obvious errors logged in the browser console.
Anyone interested in diving into this? I'd like to but dont have the time :/
One of the things I'd try is to trust the ZAP root CA - for testing I just used browsers launched from ZAP. These ignore cert errors rather than importing and trusting the browser cert..