Bypassing URLs doesn't work?
71 views
Skip to first unread message
Jefferson
Jul 23, 2015, 5:13:57 AM7/23/15
to OWASP ZAP User Group
Hi,
i want to exclude/bypass some URLs, but it seems not to work.
For testing, let`s take this Link:
\Qhttp://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso\E
I put this into
Is there something wrong with the RegExpr?
thanks in advance
i want to exclude/bypass some URLs, but it seems not to work.
For testing, let`s take this Link:
\Qhttp://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso\E
I put this into
- Globally Excluded URLs
- Exclude from proxy
- Exclude from context
Is there something wrong with the RegExpr?
thanks in advance
thc...@gmail.com
Jul 23, 2015, 5:58:55 AM7/23/15
to zaprox...@googlegroups.com
Hi.
The regex is correct, the problem is that ZAP does not handle big files
well. It's probably failing to download the file (and returning it to
the browser).
Would you mind checking the log file to see if there's any error? (file
zap.log located in ZAP's default directory or the directory manually
specified [1]).
[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Best regards.
On 23/07/15 10:13, Jefferson wrote:
> Hi,
>
> i want to exclude/bypass some URLs, but it seems not to work.
> For testing, let`s take this Link:
>
> *\Q*http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso*\E
> *
> I put this into
>
> * Globally Excluded URLs
> * Exclude from proxy
> * Exclude from context
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
The regex is correct, the problem is that ZAP does not handle big files
well. It's probably failing to download the file (and returning it to
the browser).
Would you mind checking the log file to see if there's any error? (file
zap.log located in ZAP's default directory or the directory manually
specified [1]).
[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Best regards.
On 23/07/15 10:13, Jefferson wrote:
> Hi,
>
> i want to exclude/bypass some URLs, but it seems not to work.
> For testing, let`s take this Link:
>
> *
> I put this into
>
> * Globally Excluded URLs
> * Exclude from proxy
> * Exclude from context
>
> But open this link in an Browser still doesn't start the Download.
>
> Is there something wrong with the RegExpr?
>
> thanks in advance
>
>
>
>
> --
> But open this link in an Browser still doesn't start the Download.
>
> Is there something wrong with the RegExpr?
>
> thanks in advance
>
>
>
>
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
kingthorin+owaspzap
Jul 23, 2015, 8:46:59 AM7/23/15
to OWASP ZAP User Group, thc...@gmail.com
Set Global Exclude using the RegEx specified by the OP as well as a shorter one, same both time. Firefox just spins and spins and nothing ever happens.
2015-07-23 08:36:28,334 [AWT-EventQueue-0] WARN OptionsGlobalExcludeURLPanel - [\Qhttp://releases.ubuntu.com/15.04/.*\E]
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - setGlobalExcludeURLRegexs
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh proxy: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh ascan: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh spider: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG OptionsGlobalExcludeURLPanel - Done saving Global Exclude URL
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
Note: ZAP's timeout is 20sec and FF is 90sec, after 5mins I still hadn't received a timeout in the browser and simply hit esc to cancel the request.
2015-07-23 08:36:28,334 [AWT-EventQueue-0] WARN OptionsGlobalExcludeURLPanel - [\Qhttp://releases.ubuntu.com/15.04/.*\E]
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - setGlobalExcludeURLRegexs
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh proxy: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh ascan: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG Session - forceGlobalExcludeURLRefresh spider: []
2015-07-23 08:36:28,334 [AWT-EventQueue-0] DEBUG OptionsGlobalExcludeURLPanel - Done saving Global Exclude URL
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 08:36:31,330 [ZAP-ProxyThread-7] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
Note: ZAP's timeout is 20sec and FF is 90sec, after 5mins I still hadn't received a timeout in the browser and simply hit esc to cancel the request.
thc...@gmail.com
Jul 23, 2015, 9:40:01 AM7/23/15
to kingthorin+owaspzap, OWASP ZAP User Group
That's because ZAP was still downloading the file ;)
If you enable wire log you can see it being downloaded (or with Wireshark).
Best regards.
If you enable wire log you can see it being downloaded (or with Wireshark).
Best regards.
kingthorin+owaspzap
Jul 23, 2015, 10:22:41 AM7/23/15
to OWASP ZAP User Group, thc...@gmail.com
Ok I'll try leaving it and seeing what happens, I'm not prompted for a save location at the start but perhaps it'll gobble it all up then prompt me after however long it takes to download the whole ISO.
It worked with a 68MB file.... Will post again if the ISO works in the end.
It worked with a 68MB file.... Will post again if the ISO works in the end.
kingthorin+owaspzap
Jul 23, 2015, 11:29:13 AM7/23/15
to OWASP ZAP User Group, kingt...@gmail.com
Unsurprisingly when trying the 1.9GB ISO it eventually fails due to a memory exhaustion issue:
2015-07-23 10:56:00,489 [ZAP-ProxyThread-14] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 10:56:00,490 [ZAP-ProxyThread-14] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 10:56:00,490 [ZAP-ProxyThread-14] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 10:56:00,491 [ZAP-ProxyThread-14] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 10:56:00,492 [ZAP-ProxyThread-14] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 10:56:00,492 [ZAP-ProxyThread-14] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 696252
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-8"
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2271)
at java.io.ByteArrayOutputStream.toByteArray(ByteArrayOutputStream.java:191)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 702456
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-14"
java.lang.OutOfMemoryError: Java heap space
at java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:77)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 11:07:42,963 [ZAP-ProxyThread-15] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:07:42,963 [ZAP-ProxyThread-15] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 552272
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-15"
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2271)
at java.io.ByteArrayOutputStream.toByteArray(ByteArrayOutputStream.java:191)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
2015-07-23 10:56:00,489 [ZAP-ProxyThread-14] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 10:56:00,490 [ZAP-ProxyThread-14] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 10:56:00,490 [ZAP-ProxyThread-14] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 10:56:00,491 [ZAP-ProxyThread-14] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 10:56:00,492 [ZAP-ProxyThread-14] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 10:56:00,492 [ZAP-ProxyThread-14] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 696252
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:06:43,168 [ZAP-ProxyThread-8] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-8"
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2271)
at java.io.ByteArrayOutputStream.toByteArray(ByteArrayOutputStream.java:191)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 702456
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:07:42,948 [ZAP-ProxyThread-14] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-14"
java.lang.OutOfMemoryError: Java heap space
at java.io.ByteArrayOutputStream.<init>(ByteArrayOutputStream.java:77)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG MonitoredPagesManager - URL not being monitored http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG SiteMap - findChild Sites / http://releases.ubuntu.com
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG SiteMap - findChild http://releases.ubuntu.com / 15.04
2015-07-23 11:07:42,948 [ZAP-ProxyThread-15] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso start
2015-07-23 11:07:42,963 [ZAP-ProxyThread-15] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:07:42,963 [ZAP-ProxyThread-15] DEBUG HttpSender - Sending message to: http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] DEBUG HttpSender - sendAndReceive GET http://releases.ubuntu.com/15.04/ubuntu-15.04-desktop-amd64.iso took 552272
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] DEBUG HttpSessionsSite - No session tokens for: releases.ubuntu.com:80
2015-07-23 11:16:55,220 [ZAP-ProxyThread-15] ERROR ZAP$UncaughtExceptionLogger - Exception in thread "ZAP-ProxyThread-15"
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2271)
at java.io.ByteArrayOutputStream.toByteArray(ByteArrayOutputStream.java:191)
at org.apache.commons.httpclient.HttpMethodBase.getResponseBody(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
Reply all
Reply to author
Forward
0 new messages