SSL Connection Issues
569 views
Skip to first unread message
Daniel Billing
Feb 4, 2021, 2:12:20 PM2/4/21
to OWASP ZAP User Group
Hi, I'm currently having issues trying to connect to an application running on localhost via Docker.
This is specifically happening when using the HUD, as part of a demo for a training video.
After initial connection, and being able to run a few transactions, the following error is exposed. It is now happening consistently.
An exception occurred while attempting to connect to: https://localhost:3000/rest/user/login
The exception was:
Unsupported or unrecognized SSL message
Root cause:
SSLException: Unsupported or unrecognized SSL message
The following document may be of assistance in resolving this failure:
https://www.zaproxy.org/faq/how-to-connect-to-an-https-site-that-reports-a-handshake-failure/
I have followed the advice on the error message, but to no avail. Restarting ZAP usually clears the problem, but only for a short time.
Any other suggestions or thoughts?
Simon Bennetts
Feb 5, 2021, 4:50:03 AM2/5/21
to OWASP ZAP User Group
Is it always on the same page(s)?
Is it an app we can try ourselves?
ZAP upgrades HTTP sites to HTTPS when you use the HUD, so its quite possibly a bug in this process.
Cheers,
Simon
Daniel Billing
Feb 5, 2021, 5:26:07 AM2/5/21
to zaprox...@googlegroups.com
Yes, I'm using the Juice Shop.
Always on login and registration.
Because I'm using localhost, (running JuiceShop in Docker, Node, AWS) which is HTTP, not HTTPS, then this could very well be the problem. It seems to be fine when using Heroku to host JuiceShop, which crafts an HTTPS page for each deploy.
Happy to grab some logs later on if needed, I need to crack on with my presentation first though.
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/0_RzHvi3ZNU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/4cc08c1b-778d-4f6a-b4f9-10a216cca285n%40googlegroups.com.
Daniel Billing
Director/Principal Consultant
Simon Bennetts
Feb 5, 2021, 5:30:35 AM2/5/21
to OWASP ZAP User Group
No, that should be fine.
ZAP upgrades to HTTPS internally so it should still work even if the target application doesnt support HTTP.
I've tested with Juice Shop running locally before (and so just HTTP) and that worked fine then, but things might have changed of course.
Which version of ZAP, browser etc?
Have you updated all ZAP add-ons?
Cheers,
Simon
Daniel Billing
Feb 5, 2021, 5:41:50 AM2/5/21
to zaprox...@googlegroups.com
2.10.0
it's fully up to date, with all the trimmings except the foreign language packs, and the Linux/Windows Webdrivers. I took an update yesterday.
Note this is only happening when I use the HUD. It's not happening when I use ZAP without the HUD. I find I have to restart ZAP every time it occurs.
Cheers,
Dan
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/be6cd4d4-02a7-454f-ad6a-09e349df7288n%40googlegroups.com.
Simon Bennetts
Feb 5, 2021, 5:46:49 AM2/5/21
to OWASP ZAP User Group
Which browser + version?
This on a Mac?
Daniel Billing
Feb 5, 2021, 5:57:34 AM2/5/21
to zaprox...@googlegroups.com
Yes, apologies.
Mac OS 11.2
Firefox 85.0
Although worth checking on Chrome too
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/b538e0b7-5ff4-4ffe-96ce-8f59fe13f7e2n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages