ZAP Error [java.net.SocketTimeoutException]: Read timed out when running in container

816 views
Skip to first unread message

Alex M

unread,
Mar 10, 2016, 8:39:06 AM3/10/16
to OWASP ZAP Developer Group
Hi,

I'm running a docker container owasp/zap2docker-stable on AWS instance using the following command:

docker run --net=host -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0


When I try to access it via browser using http://ip-address:8090, the following error occurs:

ZAP Error [java.net.SocketTimeoutException]: Read timed out

Stack Trace:
java.net.SocketTimeoutException: Read timed out
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:152)
	at java.net.SocketInputStream.read(SocketInputStream.java:122)
	at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
	at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
	at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
	at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
	at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
	at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(Unknown Source)
	at org.zaproxy.zap.ZapGetMethod.readResponse(Unknown Source)
	at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
	at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
	at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
	at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
	at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
	at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
	at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
	at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)


> docker info

Containers: 15

Images: 87

Server Version: 1.9.1

Storage Driver: devicemapper

 Pool Name: docker-docker--pool

 Pool Blocksize: 524.3 kB

 Base Device Size: 107.4 GB

 Backing Filesystem: xfs

 Data file: 

 Metadata file: 

 Data Space Used: 2.913 GB

 Data Space Total: 9.437 GB

 Data Space Available: 6.524 GB

 Metadata Space Used: 2.662 MB

 Metadata Space Total: 25.17 MB

 Metadata Space Available: 22.5 MB

 Udev Sync Supported: true

 Deferred Removal Enabled: true

 Deferred Deletion Enabled: true

 Deferred Deleted Device Count: 0

 Library Version: 1.02.93-RHEL7 (2015-01-28)

Execution Driver: native-0.2

Logging Driver: json-file

Kernel Version: 4.1.17-22.30.amzn1.x86_64

Operating System: Amazon Linux AMI 2015.09

CPUs: 4

Total Memory: 14.69 GiB

Name: ip-10-105-130-105

ID: HH7S:3EGC:HNBF:22BU:LL5X:TYXN:MA25:VJF3:M757:NMWB:6NHW:EZG2 

Any help is highly appreciated.

psiinon

unread,
Mar 10, 2016, 9:03:57 AM3/10/16
to OWASP ZAP Developer Group
Strange, we run ZAP in docker on AWS without any problems.
Heres one of the scripts we use: https://github.com/zapbot/zap-mgmt-scripts/blob/master/wavsep/zap-vs-wavsep-1.5.sh
One difference I've noticed is that you're using the --net=host option which we dont. No idea if that makes any difference though ;)

Cheers,

~Simon

Alex M

unread,
Mar 10, 2016, 9:36:40 AM3/10/16
to OWASP ZAP Developer Group
Thanks Simon. What kind of linux do you use and which AWS instance type? I can run the same container locally under OS X without problems, so it's something related to AWS.

Alex M

unread,
Mar 10, 2016, 1:28:23 PM3/10/16
to OWASP ZAP Developer Group
I've spent more time investigating this issue and found out that it's not related to Docker.

When I ssh to EC2 instance and run:

./zap.sh -daemon -port 8090 -host 0.0.0.0


ZAP starts without any problem:


Found Java version 1.7.0_95

Available memory: 16047 MB

Setting jvm heap size: -Xmx512m

0 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP 2.4.3 started.

325 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open start

332 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open end

657 [main] INFO org.parosproxy.paros.network.SSLConnector  - Reading supported SSL/TLS protocols...

657 [main] INFO org.parosproxy.paros.network.SSLConnector  - Using a SSLEngine...

872 [main] INFO org.parosproxy.paros.network.SSLConnector  - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

876 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate  - Unsafe SSL renegotiation disabled.

886 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Loading extensions

1583 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Extensions loaded

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Change user agent to other browsers. 

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect insecure or potentially malicious content in HTTP responses.

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Avoid browser cache (strip off IfModifiedSince)

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log cookies sent by browser.

1888 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique GET queries into file:filter/get.xls

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique POST queries into file:  filter/post.xls

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log request and response into file: filter/message.txt

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request body using defined pattern.

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request header using defined pattern.

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response body using defined pattern.

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response header using defined pattern.

1889 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Send ZAP session request ID

2016 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows ZAP to check for updates

2019 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionViewOption

2019 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionEdit

2019 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionFilter

2019 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a rest based API for controlling and accessing ZAP

2126 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionState

2126 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHistory

2127 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Show hidden fields and enable disabled fields

2128 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Search messages for strings and regular expressions 

2129 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Encode/Decode/Hash...

2129 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to intercept and modify requests and responses

2129 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive scanner

2170 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Script passive scan rules

2170 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure

2170 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set

2170 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing

2170 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag

2171 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag

2171 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion

2171 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Web Browser XSS Protection Not Enabled

2171 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content

2171 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Password Autocomplete in Browser

2172 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure

2172 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite

2172 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing

2172 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Not Set

2191 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to view and manage alerts

2191 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added

2196 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Spider used for automatically finding URIs on a site

2202 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing A set of common popup menus for miscellaneous tasks

2202 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool

2203 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionManualRequest

2203 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Compares 2 sessions and generates an HTML file showing the differences

2203 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Invoke external applications passing context related information such as URLs and parameters

2204 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles anti cross site request forgery (CSRF) tokens

2206 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthentication

2809 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication  - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]

2810 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser

2811 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Logs errors to the Output tab in development mode only

2811 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionUserManagement

2812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies

2812 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Script integration

2820 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Scripting console, supports all JSR 223 scripting languages

2820 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionForcedUser

2821 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Extension handling HTTP sessions

2821 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools

2887 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionDiff

2888 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionRequestPostTableView

2888 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple browser configuration

2888 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSessionManagement

2983 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement  - Loaded session management method types: [Cookie-based Session Management, Http Authentication Session Management]

2983 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestFormTableView

2983 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Capture messages from WebSockets with the ability to set breakpoints.

2986 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies

2986 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthorization

2987 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing AJAX Spider, uses Crawljax

2987 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles adding Global Excluded URLs

2988 [ZAP-daemon] WARN org.zaproxy.zap.extension.globalexcludeurl.ExtensionGlobalExcludeURL  - GlobalExcludeURL.optionsLoaded()

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds menu item to refresh the Sites tree

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing OWASP ZAP User Guide

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionReport

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to configure which extensions are loaded when ZAP starts 

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelComponentonentAll

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelHexView

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelImageView

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeRequestView

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeResponseView

2988 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestQueryCookieTableView

2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelSyntaxHighlightTextView

2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules

2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The ZAP Getting Started Guide

2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Tips and Tricks

2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.

2990 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz HTTP messages.

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The Online menu links

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveRawHttpMessage

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Translations of the core language files

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules

2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Quick Start panel 

2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz WebSocket messages.

2993 [Thread-4] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - Creating new root CA certificate

3089 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 0.0.0.0:8091

3446 [Thread-4] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - New root CA certificate created


I ensure that ZAP listens to port 8090 by running netstat -uta | grep 8090:


tcp6       0      0 [::]:8090               [::]:*                  LISTEN


Then I use curl from my laptop to access EC2 instance by it's public IP:


curl -v EC2-host:8090

* Rebuilt URL to: EC2-host:8090/

*   Trying EC2-host...

* Connected to EC2-host (EC2-host) port 8090 (#0)

> GET / HTTP/1.1

> Host: EC2-host:8090

> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

> Accept: */*

> Referer: 

> 

< HTTP/1.1 504 Gateway Timeout

< Content-Length: 1911

< Content-Type: text/plain; charset=UTF-8

* Connection #0 to host 52.37.251.50 left intact


at the same time netstat shows me a lot of opened connections:


tcp        0      0 ip-172-30-0-221:8090    EC2-host.:34088 SYN_RECV   

tcp6       0      0 [::]:8090               [::]:*                  LISTEN     

tcp6       0      0 ip-172-30-0-221:38852   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:55390   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:38020 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:52432   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:55759   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:58787 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:52077 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:49051 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:55484 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:40724 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:47354   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:36019   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:52022   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:51511 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:53242   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:35760   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:39354   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:59507   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:53388   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:36219 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:52108 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:34705 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:49159   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:48851   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:45609 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:45546   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:50533   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:36484   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:43129 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:38790   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:50698 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:33265   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:44329 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:51403 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:40302 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:44767 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:47802   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:8090    EC2-host.:47444 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:36401   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:39548   EC2-host.u:8090 ESTABLISHED

tcp6       0      0 ip-172-30-0-221:56141   EC2-host.u:8090 ESTABLISHED

........


Eventually ZAP throws: 

217142 [ZAP-ProxyThread-45792] ERROR org.zaproxy.zap.ZAP$UncaughtExceptionLogger  - Exception in thread "ZAP-ProxyThread-45792"

java.lang.OutOfMemoryError: GC overhead limit exceeded

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(SocketInputStream.java:152)

at java.net.SocketInputStream.read(SocketInputStream.java:122)

at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)

at java.io.BufferedInputStream.read(BufferedInputStream.java:254)

at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)

at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)

at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)

at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(Unknown Source)

at org.zaproxy.zap.ZapGetMethod.readResponse(Unknown Source)

at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)

at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)

at org.parosproxy.paros.network.HttpSender.send(Unknown Source)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)

at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)

at java.lang.Thread.run(Thread.java:745)


So it looks very strange and I have no idea why so many connections are opened.

thc...@gmail.com

unread,
Mar 10, 2016, 1:50:12 PM3/10/16
to zaproxy...@googlegroups.com
Hi.

It seems to me that ZAP is not detecting the requests to itself, thus
entering a request loop... :/

Please, raise an issue, linking to this mailing list thread. [1]


There's a log entry that does not match the command mentioned:

> 3089 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:8091

ZAP seems to be listening on 8091, was that from a different test? Or,
ZAP didn't listen on the correct port either?


[1] https://github.com/zaproxy/zaproxy/issues/new

Best regards.

Alex M

unread,
Mar 10, 2016, 4:39:09 PM3/10/16
to OWASP ZAP Developer Group

Port 8091 is from another log, I played with ports just to make sure it doesn't depend on port. I'm sure this issue can be reproduced easily.

thc...@gmail.com

unread,
Mar 10, 2016, 4:46:16 PM3/10/16
to zaproxy...@googlegroups.com
Thanks!

OK.

Best regards.

On 10/03/16 21:39, Alex M wrote:
> Issue is submitted: https://github.com/zaproxy/zaproxy/issues/2318
>
> Port 8091 is from another log, I played with ports just to make sure it
> doesn't depend on port. I'm sure this issue can be reproduced easily.
>
>
> Hi.
>
> It seems to me that ZAP is not detecting the requests to itself, thus
> entering a request loop... :/
>
> Please, raise an issue, linking to this mailing list thread. [1]
>
>
> There's a log entry that does not match the command mentioned:
>
> > 3089 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is
> now listening on 0.0.0.0:8091 <http://0.0.0.0:8091>
> now listening on 0.0.0.0:8091 <http://0.0.0.0:8091>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages