Help on AJAX Scan.
245 views
Skip to first unread message
skzaproxy
Mar 21, 2016, 7:20:05 AM3/21/16
to OWASP ZAP User Group
Hi.
New to ajax scan, I am starting zap with "zap.bat -daemon ajaxSpider.browserId='firefox'"
and performing AJAX spider scan with following code:
print ('Ajax Spider Scanning target %s' % target)
time.sleep(5)
zap.ajaxSpider.scan(target, apikey='quh51tg40jehlbmvu3lppo2rd7')
while (zap.ajaxSpider.status == 'running'):
print 'AJAX spider ' + zap.ajaxSpider.status + ', ' + zap.ajaxSpider.number_of_results + ' results.'
time.sleep(5)
print 'Ajax Spider Scan completed'
time.sleep(5)
time.sleep(5)
zap.ajaxSpider.scan(target, apikey='quh51tg40jehlbmvu3lppo2rd7')
while (zap.ajaxSpider.status == 'running'):
print 'AJAX spider ' + zap.ajaxSpider.status + ', ' + zap.ajaxSpider.number_of_results + ' results.'
time.sleep(5)
print 'Ajax Spider Scan completed'
time.sleep(5)
Output:
Logs show following error:
4617 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on localhost:8090
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running crawljax targeting https://xx.xxx.xxx.x
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started, listening at port [5425].
39405 [Thread-9] WARN com.crawljax.core.plugin.Plugins - No plugins loaded. There will be no output
39561 [Thread-9] WARN org.zaproxy.zap.extension.spiderAjax.SpiderThread - Failed to start browser ie
com.google.inject.ProvisionException: Guice provision errors:
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running crawljax targeting https://xx.xxx.xxx.x
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
38469 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started, listening at port [5425].
39405 [Thread-9] WARN com.crawljax.core.plugin.Plugins - No plugins loaded. There will be no output
39561 [Thread-9] WARN org.zaproxy.zap.extension.spiderAjax.SpiderThread - Failed to start browser ie
com.google.inject.ProvisionException: Guice provision errors:
1) Error in custom provider, java.lang.IllegalStateException: The path to the driver executable must be set by the webdriver.ie.driver system property; for more information, see https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver. The latest version can be downloaded from http://selenium-release.storage.googleapis.com/index.html
at com.crawljax.di.ConfigurationModule.configure(ConfigurationModule.java:47)
while locating com.crawljax.browser.EmbeddedBrowser
for parameter 0 at com.crawljax.core.CrawlerContext.<init>(CrawlerContext.java:32)
while locating com.crawljax.core.CrawlerContext
for parameter 0 at com.crawljax.core.Crawler.<init>(Crawler.java:73)
while locating com.crawljax.core.Crawler
for parameter 2 at com.crawljax.core.CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)
while locating com.crawljax.core.CrawlTaskConsumer
at com.crawljax.di.ConfigurationModule.configure(ConfigurationModule.java:47)
while locating com.crawljax.browser.EmbeddedBrowser
for parameter 0 at com.crawljax.core.CrawlerContext.<init>(CrawlerContext.java:32)
while locating com.crawljax.core.CrawlerContext
for parameter 0 at com.crawljax.core.Crawler.<init>(Crawler.java:73)
while locating com.crawljax.core.Crawler
for parameter 2 at com.crawljax.core.CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)
while locating com.crawljax.core.CrawlTaskConsumer
1 error
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:987)
at com.crawljax.core.CrawlController.call(CrawlController.java:65)
at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread.run(SpiderThread.java:193)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: The path to the driver executable must be set by the webdriver.ie.driver system property; for more information, see https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver. The latest version can be downloaded from http://selenium-release.storage.googleapis.com/index.html
at com.google.common.base.Preconditions.checkState(Preconditions.java:197)
at org.openqa.selenium.remote.service.DriverService.findExecutable(DriverService.java:109)
at org.openqa.selenium.ie.InternetExplorerDriverService.access$0(InternetExplorerDriverService.java:1)
at org.openqa.selenium.ie.InternetExplorerDriverService$Builder.findDefaultExecutable(InternetExplorerDriverService.java:167)
at org.openqa.selenium.remote.service.DriverService$Builder.build(DriverService.java:290)
at org.openqa.selenium.ie.InternetExplorerDriver.setupService(InternetExplorerDriver.java:251)
at org.openqa.selenium.ie.InternetExplorerDriver.<init>(InternetExplorerDriver.java:172)
at org.openqa.selenium.ie.InternetExplorerDriver.<init>(InternetExplorerDriver.java:150)
at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:247)
at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:224)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:355)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:326)
at com.google.inject.util.Providers$3.get(Providers.java:109)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
... 4 more
39624 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Stopping proxy...
39733 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy stopped.
39733 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Finished crawljax targeting https://xx.xxx.xxx.x
56409 [Thread-10] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
56456 [Thread-10] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed
56565 [Thread-10] INFO org.zaproxy.zap.extension.api.CoreAPI - OWASP ZAP 2.4.3 terminated.
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:987)
at com.crawljax.core.CrawlController.call(CrawlController.java:65)
at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread.run(SpiderThread.java:193)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: The path to the driver executable must be set by the webdriver.ie.driver system property; for more information, see https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver. The latest version can be downloaded from http://selenium-release.storage.googleapis.com/index.html
at com.google.common.base.Preconditions.checkState(Preconditions.java:197)
at org.openqa.selenium.remote.service.DriverService.findExecutable(DriverService.java:109)
at org.openqa.selenium.ie.InternetExplorerDriverService.access$0(InternetExplorerDriverService.java:1)
at org.openqa.selenium.ie.InternetExplorerDriverService$Builder.findDefaultExecutable(InternetExplorerDriverService.java:167)
at org.openqa.selenium.remote.service.DriverService$Builder.build(DriverService.java:290)
at org.openqa.selenium.ie.InternetExplorerDriver.setupService(InternetExplorerDriver.java:251)
at org.openqa.selenium.ie.InternetExplorerDriver.<init>(InternetExplorerDriver.java:172)
at org.openqa.selenium.ie.InternetExplorerDriver.<init>(InternetExplorerDriver.java:150)
at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:247)
at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:224)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:355)
at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:326)
at com.google.inject.util.Providers$3.get(Providers.java:109)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
... 4 more
39624 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Stopping proxy...
39733 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy stopped.
39733 [Thread-9] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Finished crawljax targeting https://xx.xxx.xxx.x
56409 [Thread-10] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
56456 [Thread-10] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed
56565 [Thread-10] INFO org.zaproxy.zap.extension.api.CoreAPI - OWASP ZAP 2.4.3 terminated.
Thanks in advance.
Regards
kingthorin+owaspzap
Mar 21, 2016, 9:12:49 AM3/21/16
to OWASP ZAP User Group
What version of Firefox and what version of the seleium addon?
thc...@gmail.com
Mar 21, 2016, 10:19:50 AM3/21/16
to zaprox...@googlegroups.com
Hi.
From the logs it seems that it's trying to use IE not Firefox.
Are you specifying the -config command line argument? i.e.:
-config ajaxSpider.browserId=firefox
Best regards.
On 21/03/16 13:12, kingthorin+owaspzap wrote:
> What version of Firefox and what version of the seleium addon?
>
> On Monday, March 21, 2016 at 7:20:05 AM UTC-4, skzaproxy wrote:
>
> Hi.
> New to ajax scan, I am starting zap with "zap.bat -daemon
> ajaxSpider.browserId='firefox'"
>
> and performing AJAX spider scan with following code:
>
> print ('Ajax Spider Scanning target %s' % target)
> time.sleep(5)
> zap.ajaxSpider.scan(target, apikey='quh51tg40jehlbmvu3lppo2rd7')
> while (zap.ajaxSpider.status == 'running'):
> print 'AJAX spider ' + zap.ajaxSpider.status + ', ' +
> zap.ajaxSpider.number_of_results + ' results.'
> time.sleep(5)
> print 'Ajax Spider Scan completed'
> time.sleep(5)
>
> Output:
>
>
> <https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver>. The
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
From the logs it seems that it's trying to use IE not Firefox.
Are you specifying the -config command line argument? i.e.:
-config ajaxSpider.browserId=firefox
Best regards.
On 21/03/16 13:12, kingthorin+owaspzap wrote:
> What version of Firefox and what version of the seleium addon?
>
> On Monday, March 21, 2016 at 7:20:05 AM UTC-4, skzaproxy wrote:
>
> Hi.
> New to ajax scan, I am starting zap with "zap.bat -daemon
> ajaxSpider.browserId='firefox'"
>
> and performing AJAX spider scan with following code:
>
> print ('Ajax Spider Scanning target %s' % target)
> time.sleep(5)
> zap.ajaxSpider.scan(target, apikey='quh51tg40jehlbmvu3lppo2rd7')
> while (zap.ajaxSpider.status == 'running'):
> print 'AJAX spider ' + zap.ajaxSpider.status + ', ' +
> zap.ajaxSpider.number_of_results + ' results.'
> time.sleep(5)
> print 'Ajax Spider Scan completed'
> time.sleep(5)
>
> Output:
>
>
> Logs show following error:
>
> 4617 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now
> listening on localhost:8090
> 38469 [Thread-9] INFO
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running
> crawljax targeting https://xx.xxx.xxx.x <https://xx.xxx.xxx.x/>
>
> 4617 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now
> listening on localhost:8090
> 38469 [Thread-9] INFO
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running
> 38469 [Thread-9] INFO
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
> 38469 [Thread-9] INFO
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started,
> listening at port [5425].
> 39405 [Thread-9] WARN com.crawljax.core.plugin.Plugins - No plugins
> loaded. There will be no output
> 39561 [Thread-9] WARN
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Failed to start
> browser ie
> com.google.inject.ProvisionException: Guice provision errors:
> 1) Error in custom provider, java.lang.IllegalStateException: The
> path to the driver executable must be set by the webdriver.ie.driver
> system property; for more information, see
> https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
> <https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver>. The
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
> 38469 [Thread-9] INFO
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started,
> listening at port [5425].
> 39405 [Thread-9] WARN com.crawljax.core.plugin.Plugins - No plugins
> loaded. There will be no output
> 39561 [Thread-9] WARN
> org.zaproxy.zap.extension.spiderAjax.SpiderThread - Failed to start
> browser ie
> com.google.inject.ProvisionException: Guice provision errors:
> 1) Error in custom provider, java.lang.IllegalStateException: The
> path to the driver executable must be set by the webdriver.ie.driver
> system property; for more information, see
> https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages