In this step, we will define the HTTP POST request for login to the vulnerable website. Here is key information of the HTTP POST request for the login. It's assumed that the username is user1 and the password is pass1 in this example. The information can be acquired by using browser network inspector (F12), as follows:

Request URL:  http://demo.testfire.net/bank/login.aspx
Request Method: POST
Request Data: uid=user1&passw=pass1&btnSubmit=Login

To configure JMeter to send the HTTP POST login request, we need to create a Threat Group and the HTTP Request for the test plan. Under the HTTP request, define the values as shown in the following screenshot:

In addition, we would like to send the HTTP request through the ZAP proxy. Define the JMeter proxy in the Advanced tab. In our environment, we are running ZAP listening port 8090: