Import context in daemon mode
767 views
Skip to first unread message
Kha Za
Aug 25, 2016, 4:20:56 AM8/25/16
to OWASP ZAP User Group
Hi,
Is it possible to specify/import the context when running ZAP in daemon mode?
I tried with the option -importContext but it seems to not be supported :
09:53:06 5452 [ZAP-daemon] ERROR org.zaproxy.zap.DaemonBootstrap - Unsupported option '-importContext'.; 09:53:06 java.lang.Exception: Unsupported option '-importContext'.; 09:53:06 at org.parosproxy.paros.CommandLine.parse(Unknown Source) 09:53:06 at org.parosproxy.paros.extension.ExtensionLoader.hookCommandLineListener(Unknown Source) 09:53:06 at org.zaproxy.zap.DaemonBootstrap$1.run(Un
Thanks!
Khalid.
Kha Za
Aug 25, 2016, 4:21:54 AM8/25/16
to OWASP ZAP User Group
I am using ZAProxy_2.4.3
thc...@gmail.com
Aug 25, 2016, 4:33:29 AM8/25/16
to zaprox...@googlegroups.com
Hi.
In daemon mode you can import a context using the ZAP API. [1]
More details in:
https://github.com/zaproxy/zaproxy/wiki/ApiGen_context
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi
Best regards.
On 25/08/16 09:21, Kha Za wrote:
> I am using ZAProxy_2.4.3
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
In daemon mode you can import a context using the ZAP API. [1]
More details in:
https://github.com/zaproxy/zaproxy/wiki/ApiGen_context
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi
Best regards.
On 25/08/16 09:21, Kha Za wrote:
> I am using ZAProxy_2.4.3
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Kha Za
Aug 25, 2016, 4:55:34 AM8/25/16
to zaprox...@googlegroups.com
Does it mean that it is not possible to import/load a context when launching the deamon, something like this :
/home/jenkins/tools/zaproxy/2.4.3/zap.sh -daemon -host localhost -port 8082 -config api.key=ZAPROXY-PLUGIN -dir /home/jenkins/workspace/ZAP_PROXY -importContext "/home/jenkins/workspace/ZAP_PROXY/contexts/customCtxt.context"
I am asking this question because i am using the jenkins plugin ZAProxy and the plugin produces this command when i provide to him a new commande option importContext with the value "/home/jenkins/workspace/ZAP_PROXY/contexts/customCtxt.context"..
P.S: sorry my english is not good at all, but i do my best :(
2016-08-25 10:33 GMT+02:00 <thc...@gmail.com>:
Hi.
In daemon mode you can import a context using the ZAP API. [1]
More details in:
https://github.com/zaproxy/zaproxy/wiki/ApiGen_context
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi
Best regards.
On 25/08/16 09:21, Kha Za wrote:
> I am using ZAProxy_2.4.3
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-users+unsubscribe@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/42ad85c8-1e0d-4477-ad73-b3d22bb01687%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/7GFGLJNxM-w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/2093017c-25ed-29d6-1395-e32b25d4489e%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Simon Bennetts
Aug 25, 2016, 5:00:22 AM8/25/16
to OWASP ZAP User Group
Not at the moment - you can see all of the command line options supported by using the '-h' option, eg
Cheers,
Simon
./zap.sh -h
Found Java version 1.8.0_65
Available memory: 7821 MB
Setting jvm heap size: -Xmx512m
Usage:
zap.sh [Options]
Core options:
-version Reports the ZAP version
-cmd Run inline (exits when command line options complete)
-daemon Starts ZAP in daemon mode, ie without a UI
-config <kvpair> Overrides the specified key=value pair in the configuration file
-configfile <path> Overrides the key=value pairs with those in the specified properties file
-dir <dir> Uses the specified directory instead of the default one
-installdir <dir> Overrides the code that detects where ZAP has been installed with the specified directory
-h Shows all of the command line options available, including those added by add-ons
-help The same as -h
-newsession <path> Creates a new session at the given location
-session <path> Opens the given session after starting ZAP
-host <host> Overrides the host used for proxying specified in the configuration file
-port <port> Overrides the port used for proxying specified in the configuration file
-lowmem Use the database instead of memory as much as possible - this is still experimental
-experimentaldb Use the experimental generic database code, which is not surprisingly also still experimental
Add-on options:
-addoninstall <addon> Install the specified add-on from the ZAP Marketplace
-addoninstallall Install all available add-ons from the ZAP Marketplace
-addonuninstall <addon> Uninstall the specified add-on
-addonupdate Update all changed add-ons from the ZAP Marketplace
-addonlist List all of the installed add-ons
-last_scan_report <path> Generate the 'Last Scan Report' into the specified path
-quickurl [target url]: The URL to attack, eg http://www.example.com
-quickout [output filename]: The file to write the XML results to
-quickprogress: Display progress bars while scanning
-script <script> Run the specified script from commandline or load in GUI
Feel free to add an enhancement request for it: https://github.com/zaproxy/zaproxy/issues - I can see why it would be useful.Found Java version 1.8.0_65
Available memory: 7821 MB
Setting jvm heap size: -Xmx512m
Usage:
zap.sh [Options]
Core options:
-version Reports the ZAP version
-cmd Run inline (exits when command line options complete)
-daemon Starts ZAP in daemon mode, ie without a UI
-config <kvpair> Overrides the specified key=value pair in the configuration file
-configfile <path> Overrides the key=value pairs with those in the specified properties file
-dir <dir> Uses the specified directory instead of the default one
-installdir <dir> Overrides the code that detects where ZAP has been installed with the specified directory
-h Shows all of the command line options available, including those added by add-ons
-help The same as -h
-newsession <path> Creates a new session at the given location
-session <path> Opens the given session after starting ZAP
-host <host> Overrides the host used for proxying specified in the configuration file
-port <port> Overrides the port used for proxying specified in the configuration file
-lowmem Use the database instead of memory as much as possible - this is still experimental
-experimentaldb Use the experimental generic database code, which is not surprisingly also still experimental
Add-on options:
-addoninstall <addon> Install the specified add-on from the ZAP Marketplace
-addoninstallall Install all available add-ons from the ZAP Marketplace
-addonuninstall <addon> Uninstall the specified add-on
-addonupdate Update all changed add-ons from the ZAP Marketplace
-addonlist List all of the installed add-ons
-last_scan_report <path> Generate the 'Last Scan Report' into the specified path
-quickurl [target url]: The URL to attack, eg http://www.example.com
-quickout [output filename]: The file to write the XML results to
-quickprogress: Display progress bars while scanning
-script <script> Run the specified script from commandline or load in GUI
Cheers,
Simon
Kha Za
Aug 25, 2016, 8:07:03 AM8/25/16
to OWASP ZAP User Group
Thank you Simon, may be it is a question i should ask regarding the jenkins plugin.
Reply all
Reply to author
Forward
0 new messages