Implement feature PortScan and Forced Browse to JUnit test with zap api client

[Joshua García Palacios]

Hello, 

I'm trying to implement a new features using ZAP proxy with my JUnit test.

I need to implement the feature of portscan and forced browse to be used at the end of my test.

The main problem is doesn't exist documentation to make a implementation about this features, the only that I can find it's

the source code of the plugin https://github.com/zaproxy/zap-extensions/tree/beta/src/org/zaproxy/zap/extension.

I tried to implement using this classes but It doesn't work.

Can you help me giving me some doc or piece of code to see how can i implement.

Cheers.

[psiinon]

Hi Joshua,

How are you running the classes and what errors are you getting (full stack traces would be ideal).

Cheers,

Simon

[Joshua García Palacios]

Hi psiinon,

In my project I have attach the source code of the repository and I call the classes from my Test class. The following code is the method that I used to  try scanports in my test.

public void portScan(String target) {

PortScanParam portParam = new PortScanParam();

portParam.load("C:\\Program Files (x86)\\OWASP\\Zed Attack Proxy\\xml\\config.xml");

portParam.setMaxPort(9999);

portParam.setThreadPerScan(4);

portParam.setTimeoutInMs(30);

System.out.println("Max Port: " + portParam.getMaxPort());

System.out.println("Max Thread: " + portParam.getThreadPerScan());

System.out.println("TimeOuts: " + portParam.getTimeoutInMs());

ScanListenner listenner = new ScanListenner() {

@Override

public void scanProgress(String site, int port, int maxPort) {

System.out.println("Site: " + site + " Port: " + port + " maxPort: " + maxPort);

}

@Override

public void scanFinshed(String site) {

System.out.println("The port scan finish to " + site);

}

};

PortScan portScan = new PortScan("https://mywebsite.com", listenner, portParam);

portScan.run();

}

All seems alright until create the object ConnectionParam connParams = Model.getSingleton().getOptionsParam().getConnectionParam(); in the PortScan class and the output error is:

Exception in thread "Thread-4" java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key session.untitled

at java.util.ResourceBundle.getObject(ResourceBundle.java:395)

at java.util.ResourceBundle.getObject(ResourceBundle.java:392)

at java.util.ResourceBundle.getString(ResourceBundle.java:355)

at org.zaproxy.zap.utils.I18N.getString(Unknown Source)

at org.parosproxy.paros.model.Session.<init>(Unknown Source)

at org.parosproxy.paros.model.Model.<init>(Unknown Source)

at org.parosproxy.paros.model.Model.createSingleton(Unknown Source)

at org.parosproxy.paros.model.Model.getSingleton(Unknown Source)

at org.zaproxy.zap.extension.portscan.PortScan.runScan(PortScan.java:117)

at org.zaproxy.zap.extension.portscan.PortScan.run(PortScan.java:96)

That error I can skipped changing SocketAddress sa = new InetSocketAddress(connParams.getProxyChainName(),connParams.getProxyChainPort());

to SocketAddress sa = new InetSocketAddress("my local ip", myport); and the scanner seems begin but in the software ZAP don't. The output console shows me the ports scan but don't detect any.

Output:

PortScan : https://mytestportal.com threads: 4

PortScan : https://mytestportal.com threads: 4 threadIndex: 1

PortScan : https://mytestportal.com threads: 4 threadIndex: 2

PortScan : https://mytestportal.com threads: 4 threadIndex: 3

PortScan : https://mytestportal.com threads: 4 threadIndex: 4

Starting scan on https://mytestportal.com at Mon May 30 13:27:31 CEST 2016

Starting scan on https://mytestportal.com at Mon May 30 13:27:31 CEST 2016

Starting scan on https://mytestportal.com at Mon May 30 13:27:31 CEST 2016

Starting scan on https://mytestportal.com at Mon May 30 13:27:31 CEST 2016

Site: https://mytestportal.com Port: 2 maxPort: 100

Site: https://mytestportal.com Port: 4 maxPort: 100

Site: https://mytestportal.com Port: 7 maxPort: 100

Site: https://mytestportal.com Port: 8 maxPort: 100

Site: https://mytestportal.com Port: 12 maxPort: 100

Site: https://mytestportal.com Port: 11 maxPort: 100

Site: https://mytestportal.com Port: 16 maxPort: 100

Site: https://mytestportal.com Port: 14 maxPort: 100

Site: https://mytestportal.com Port: 20 maxPort: 100

Site: https://mytestportal.com Port: 17 maxPort: 100

Site: https://mytestportal.com Port: 23 maxPort: 100

Site: https://mytestportal.com Port: 24 maxPort: 100

Site: https://mytestportal.com Port: 28 maxPort: 100

Site: https://mytestportal.com Port: 31 maxPort: 100

Site: https://mytestportal.com Port: 32 maxPort: 100

Site: https://mytestportal.com Port: 36 maxPort: 100

Site: https://mytestportal.com Port: 33 maxPort: 100

Site: https://mytestportal.com Port: 40 maxPort: 100

Site: https://mytestportal.com Port: 44 maxPort: 100

Site: https://mytestportal.com Port: 45 maxPort: 100

Site: https://mytestportal.com Port: 48 maxPort: 100

Site: https://mytestportal.com Port: 49 maxPort: 100

Site: https://mytestportal.com Port: 52 maxPort: 100

Site: https://mytestportal.com Port: 53 maxPort: 100

Site: https://mytestportal.com Port: 56 maxPort: 100

Site: https://mytestportal.com Port: 57 maxPort: 100

Site: https://mytestportal.com Port: 60 maxPort: 100

Site: https://mytestportal.com Port: 64 maxPort: 100

Site: https://mytestportal.com Port: 68 maxPort: 100

Site: https://mytestportal.com Port: 72 maxPort: 100

Site: https://mytestportal.com Port: 76 maxPort: 100

Site: https://mytestportal.com Port: 80 maxPort: 100

Site: https://mytestportal.com Port: 84 maxPort: 100

Site: https://mytestportal.com Port: 88 maxPort: 100

Site: https://mytestportal.com Port: 89 maxPort: 100

Site: https://mytestportal.com Port: 92 maxPort: 100

Site: https://mytestportal.com Port: 95 maxPort: 100

Site: https://mytestportal.com Port: 96 maxPort: 100

Site: https://mytestportal.com Port: 99 maxPort: 100

The port scan finish to https://mytestportal.com

[Joshua García Palacios]

Hi psiinon,

I have a problem with the parameters that calls a CONSTANT.message.getString("xxxxx"); and it's because I don't know what file needs to load to find this strings.

When the code works the program should execute the start scan in the tab Port Scan?? 

[kingthorin+owaspzap]

Is portscan working from the UI?

[Joshua García Palacios]

Hi kingthorin+owaspzap,

The portscan work if I press the button manually, but I want to do it by code automatically.

Actually I have a piece of code that scan the first 100 ports and show the port with his description, but i don't know if I'm doing well because from the ZAP doesn't execute the scan.

That's my code:

public void portScan(String target) {

PortScanParam parameters = new PortScanParam();

parameters.load("C:\\Program Files (x86)\\OWASP\\Zed Attack Proxy\\xml\\config.xml");

parameters.setMaxPort(100);

parameters.setThreadPerScan(1);

parameters.setTimeoutInMs(30);

ScanListenner listenner = new ScanListenner() {

@Override

public void scanProgress(String site, int port, int maxPort) {

System.out.println("Site: " + site + " Port: " + port + " maxPort: " + maxPort);

}

@Override

public void scanFinshed(String site) {

System.out.println("The port scan finish to " + site);

}

};

PortScan portScan = new PortScan("https://testwebpage", listenner, parameters);

portScan.run();

}

[thc...@gmail.com]

How are you starting ZAP?

Note that by starting the scan directly with "new PortScan" (as opposed
to call some ZAP API/loaded class) ZAP will not be aware of the scan and
thus unable to show it in the UI.

Regarding the previous question about
"Constant.message.getString("xxxxx");", you need to include the file
Messages.properties (it's under the "lang" dir) in the classpath.

Best regards.

> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Joshua García Palacios]

Hi thc202,

So what is the best way to get the output of ports that are running in the site that I scan? Because that I want is run the test and get the ports that are open.

Cheers. 

[Joshua García Palacios]

Hi,

I finally managed make the implementations of PortScan and ForcedBrowser, thanks everybody for help me, the only question is I have problems with the ForcedBrowse with HTTPS connections and return the next message:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)

at sun.security.ssl.AppOutputStream.write(Unknown Source)

at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.io.BufferedOutputStream.flush(Unknown Source)

at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)

at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)

at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

at com.sittinglittleduck.DirBuster.GenBaseCase.genBaseCase(GenBaseCase.java:145)

at com.sittinglittleduck.DirBuster.workGenerators.WorkerGenerator.run(WorkerGenerator.java:230)

at java.lang.Thread.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 21 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 27 more

Exception in thread "DirBuster-WorkerGenerator" java.lang.NullPointerException

at com.sittinglittleduck.DirBuster.workGenerators.WorkerGenerator.run(WorkerGenerator.java:267)

at java.lang.Thread.run(Unknown Source)

Anyone knows how can i give the certificate of the website?

Cheers.

[thc...@gmail.com]

Hi.

Are you proxying the requests through ZAP or sending directly?

I guess you could use a keystore [1] for that or you could trust the
certificates handed. [2]


[1] https://groups.google.com/d/topic/zaproxy-develop/PPqg7QCaSmM/discussion
[2]
https://github.com/zaproxy/zaproxy/blob/9b9a948b966237b357f725b6735756a53e0e1f80/src/org/parosproxy/paros/network/SSLConnector.java#L615

Best regards.

[Joshua García Palacios]

Hi thc...@gmail.com,

Thanks for the info, It works and I could finish my project.

Cheers and thanks 

You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/TqWNORyfwps/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.

[thc...@gmail.com]

Hi.

Great, thanks for letting us know.

Best regards.

On 03/06/16 08:09, Joshua García Palacios wrote:
> Hi thc...@gmail.com <mailto:thc...@gmail.com>,

>
> Thanks for the info, It works and I could finish my project.
>
> Cheers and thanks
>

> 2016-06-03 0:36 GMT+02:00 <thc...@gmail.com <mailto:thc...@gmail.com>>:

> <mailto:zaproxy-develop%2Bunsu...@googlegroups.com>
> > <mailto:zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-develop%2Bunsu...@googlegroups.com>>.

> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/zaproxy-develop/TqWNORyfwps/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> zaproxy-devel...@googlegroups.com

> <mailto:zaproxy-develop%2Bunsu...@googlegroups.com>.