Selenium exception on AJAX Spider

[Albert]

Hi,

When running selenium in daemon mode the AJAX Spider fails to run with the following Selenium expection.

Anyone had the same problem

Status spider = running
Alerts number = 		ApiResponseElement numberOfAlerts = 0

Status spider = running
Alerts number = 		ApiResponseElement numberOfAlerts = 0

org.openqa.selenium.firefox.NotConnectedException: Unable to connect to host 127.0.0.1 on port 7055 after 45000 ms. Firefox console output:
Error: no display specified

	at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:122)
	at org.openqa.selenium.firefox.FirefoxDriver.startClient(FirefoxDriver.java:276)
	at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:116)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:223)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:216)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:134)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:241)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:224)
	at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:355)
	at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:326)
	at com.google.inject.util.Providers$3.get(Providers.java:109)
	at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)

[thc...@gmail.com]

Hi.

Is the AJAX Spider (ZAP) being run in a headless environment?

Best regards.

> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Simon Bennetts]

Yes, that looks like a problem I've encountered before.
You can run the Selenium add-on (via the Ajax Spider and DOM XSS rule) in a headless environment but you need to set up something like the X virtual frame buffer on Linux correctly.
The ZAP docker containers do this correctly, just use the zap-x.sh scripts instead of zap.sh
Or you can do the same kind of thing outside of Docker.

Cheers,

Simon

> an email to zaproxy-users+unsubscribe@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[Albert]

Hi,

I am running it from the ZAPlugin for Jenkins. So is being started with the zap.sh:

https://wiki.jenkins-ci.org/display/JENKINS/ZAProxy+Plugin

I saw it running before, not in headless mode, was starting a Firefox instance and spidering the site. 

> an email to zaproxy-user...@googlegroups.com

[Albert]

Hi,

I setted up Xvfb in the OS and as well as a plugin to be use in the Jenkins job that runs ZAP. 

It logs to set up fine: 

Initializing The Online menu links ------- END Prebuild ------- Xvfb starting$ /usr/bin/Xvfb :0 -screen 0 -fbdir /var/lib/jenkins/xvfb-64-2135511072779214556.fbdir Perform ZAProxy Skip loadSession

But I am still getting the following error:

com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
	at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
	at com.crawljax.core.CrawlController.call(CrawlController.java:65)
	at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
	at org.zaproxy.zap.extension.spiderAjax.SpiderThread.run(SpiderThread.java:193)
	at java.lang.Thread.run(Thread.java:745)
53785 [Thread-4] WARN org.zaproxy.zap.extension.spiderAjax.SpiderThread  - Failed to start browser firefox
com.google.inject.ProvisionException: Guice provision errors:

1) Error in custom provider, org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows: 
Error: no display specified

Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: 'localhost.localdomain', ip: '127.0.0.1', os.name: 'Linux', os.arch: 'amd64', os.version: '2.6.32-573.12.1.el6.x86_64', java.version: '1.7.0_91'
Driver info: driver.version: FirefoxDriver
  at com.crawljax.di.ConfigurationModule.configure(ConfigurationModule.java:47)
  while locating com.crawljax.browser.EmbeddedBrowser
    for parameter 0 at com.crawljax.core.CrawlerContext.<init>(CrawlerContext.java:32)
  while locating com.crawljax.core.CrawlerContext
    for parameter 0 at com.crawljax.core.Crawler.<init>(Crawler.java:73)
  while locating com.crawljax.core.Crawler
    for parameter 2 at com.crawljax.core.CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)
  while locating com.crawljax.core.CrawlTaskConsumer

1 error
	at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:987)
	at com.crawljax.core.CrawlController.call(CrawlController.java:65)
	at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
	at org.zaproxy.zap.extension.spiderAjax.SpiderThread.run(SpiderThread.java:193)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows: 
Error: no display specified

Any hint of what could be the fix?

On Thursday, December 17, 2015 at 4:39:41 PM UTC+1, Simon Bennetts wrote:

> an email to zaproxy-user...@googlegroups.com

[kingthorin+owaspzap]

I believe this is addressed by a new version of the Seleniun add-on:
https://github.com/zaproxy/zaproxy/issues/2149
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons