zaproxy · psiinon · Aug 21, 2025 · Aug 21, 2025
diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md
@@ -13,7 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Support for min wait for time in Client Script Authentication.
 
 ## Changed
-- Now depends on minimum Common Library version 1.35.0.
+- Now depends on minimum Common Library version 1.35.0 and Zest version 48.9.0.
 - Send the referer header on verification if set on the original request.
 - Removed requirement to set at least one header in the GUI for Header-Based Session Management.
 - Include step for errors in the authentication diagnostics.
@@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Do not fail the authentication on diagnostic errors.
 - Do not configure poll authentication verification without logged in indicator.
 - Handle errors collecting the browser storage diagnostics.
+- Fix proxy errors during authentication with Client Script Based Authentication.
 
 ## [0.27.0] - 2025-07-03
 ### Added

diff --git a/addOns/authhelper/authhelper.gradle.kts b/addOns/authhelper/authhelper.gradle.kts
@@ -71,7 +71,7 @@ zapAddOn {
                     version.set("15.*")
                 }
                 register("zest") {
-                    version.set(">=48.8.0")
+                    version.set(">=48.9.0")
                 }
             }
         }

diff --git a/...src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java b/...src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java
@@ -450,6 +450,7 @@ public WebSession authenticate(
                             return null;
                         }
 
+                        zestRunner.setAutoCloseProxy(false);
                         zestRunner.registerHandler(getHandler(user));
                         zestScript.add(
                                 new ZestActionSleep(TimeUnit.SECONDS.toMillis(getLoginPageWait())));
@@ -597,6 +598,7 @@ public WebSession authenticate(
                                             // Ignore
                                         }
                                     });
+                    zestRunner.closeProxy();
                 }
             }
         }

diff --git a/addOns/zest/CHANGELOG.md b/addOns/zest/CHANGELOG.md
@@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
-
+### Changed
+- Allow to keep auhtenticator's proxy running after the authentication.
 
 ## [48.8.0] - 2025-07-03
 

diff --git a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java
@@ -68,6 +68,9 @@ public class ZestAuthenticationRunner extends ZestZapRunner implements Authentic
     private ZestScriptWrapper script = null;
     private AuthenticationHelper helper;
 
+    private boolean autoCloseProxy;
+    private Server proxyServer;
+
     public ZestAuthenticationRunner(
             ExtensionZest extension, ExtensionNetwork extensionNetwork, ZestScriptWrapper script) {
         super(extension, extensionNetwork, script);
@@ -76,6 +79,7 @@ public ZestAuthenticationRunner(
                 script.getZestScript().getParameters().getTokenStart()
                         + TOTP_VAR_NAME
                         + script.getZestScript().getParameters().getTokenEnd();
+        autoCloseProxy = true;
     }
 
     @Override
@@ -127,10 +131,9 @@ public HttpMessage authenticate(
             Map<String, String> paramsValues,
             GenericAuthenticationCredentials credentials)
             throws ScriptException {
-
+        closeProxy();
         this.helper = helper;
 
-        Server proxyServer = null;
         try {
             if (hasClientStatements()) {
                 proxyServer =
@@ -174,13 +177,41 @@ public HttpMessage authenticate(
         } catch (Exception e) {
             throw new ScriptException(e);
         } finally {
-            if (proxyServer != null) {
-                try {
-                    proxyServer.close();
-                } catch (IOException e) {
-                    LOGGER.debug("An error occurred while stopping the proxy.", e);
-                }
+            if (autoCloseProxy) {
+                closeProxy();
+            }
+        }
+    }
+
+    /**
+     * Sets whether or not the proxy created for the authentication should be automatically closed
+     * after the authentication, true by default.
+     *
+     * <p>Allows to use the browser after the authentication has finished, callers should close the
+     * proxy once no longer needed.
+     *
+     * @param autoCloseProxy {@code true} to auto close the proxy, {@code false} otherwise.
+     * @since 48.9.0
+     * @see #closeProxy()
+     */
+    public void setAutoCloseProxy(boolean autoCloseProxy) {
+        this.autoCloseProxy = autoCloseProxy;
+    }
+
+    /**
+     * Closes the proxy.
+     *
+     * @since 48.9.0
+     * @see #setAutoCloseProxy(boolean)
+     */
+    public void closeProxy() {
+        if (proxyServer != null) {
+            try {
+                proxyServer.close();
+            } catch (IOException e) {
+                LOGGER.debug("An error occurred while stopping the proxy.", e);
             }
+            proxyServer = null;
         }
     }