ZAP Error [java.net.ConnectException]: Connection refused: connect

[Leonard Kerr]

Hello all,

Yesterday I was using ZAP to proxy through my Firefox v33 browser and it was working just fine. I tried to set up a virtual machine on my computer to test ZAP's remote proxying capability and started getting insecure warnings. After fiddling around I gave up and went back to the basics of trying to proxy through ZAP locally. However, using the same browser and everything (except updating the certificate) I am now getting this error on any website I try to connect to while proxying through ZAP. I've also included the stack trace. 

Thanks,

Len

ZAP Error [java.net.ConnectException]: Connection refused: connect

Stack Trace:
java.net.ConnectException: Connection refused: connect
        at java.net.DualStackPlainSocketImpl.connect0(Native Method)
        at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)
        at java.net.Socket.connect(Socket.java:538)
        at java.net.Socket.<init>(Socket.java:434)
        at java.net.Socket.<init>(Socket.java:286)
        at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
        at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
        at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
        at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
        at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
        at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
        at java.lang.Thread.run(Thread.java:745)

[Ailton Caetano]

Go to "Options"->"Connection" and take a look if the "Use an outgoing proxy server" checkbox is checked after your "fidling around" session. Based in the scenario you described (the common "Browser"->"ZAP"->"Website" config), it should not be checked for ZAP to work, as this option only forwards the request to the specified proxy and you described using only ZAP as your connection proxy.

[]'s Ailton

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/9272268f-df48-45d2-b920-3551a6934129%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Leonard Kerr]

Ailton, 

Thank you a ton for your timely reply. That is definitely a step in the right direction, however now my issue is that whenever I try to connect to an https website Firefox says "This Connection is Untrusted". I feel like this is an issue with the SSL Certificate, but I have updated it and nothing has changed.

[thc...@gmail.com]

Did you restart Firefox after importing ZAP's root CA cert?

I had to do that in the past (sometimes) to get the cert picked/used.

Best regards.

> <https://groups.google.com/d/msgid/zaproxy-users/9272268f-df48-45d2-b920-3551a6934129%40googlegroups.com?utm_medium=email&utm_source=footer>.

> For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.

>
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Leonard Kerr]

Just to be sure I went through the process again:

Generating a new dynamic SSL Certificate

Installing this certificate through certmgr.exe

Making sure it is installed on firefox, then restarting

Still the same issue. On websites like tinyupload.com, there is no issue. But google isn't trusted.

> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[Leonard Kerr]

I just tried to proceed anyways on chrome where I was also getting the untrusted connection problem, and then it gave me this error, rather than loading the website:

ZAP Error [java.net.SocketException]: Connection reset

Stack Trace:
java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:209)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
        at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
        at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
        at org.apache.commons.httpclient.HttpConnection.readLine(Unknown Source)
        at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
        at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(Unknown Source)
        at org.zaproxy.zap.ZapGetMethod.readResponse(Unknown Source)
        at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)

        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
        at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
        at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
        at java.lang.Thread.run(Thread.java:745)

Hopefully that's more useful than my words are.

[thc...@gmail.com]

Are you able to send the request from within ZAP? (With Manual Request
Editor dialogue.)

That error is too generic to know what the problem really is.


Also, what's the specific error that's shown in Firefox? Might be
because of cert pinning? [1]


[1] https://github.com/zaproxy/zaproxy/wiki/FAQcertpinning

Best regards.

> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(UnknownSource)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(UnknownSource)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> org.parosproxy.paros.network.HttpSender.executeMethod(UnknownSource)
> at org.parosproxy.paros.network.HttpSender.runMethod(UnknownSource)
> at org.parosproxy.paros.network.HttpSender.send(UnknownSource)
> at
> org.parosproxy.paros.network.HttpSender.sendAuthenticated(UnknownSource)
> at
> org.parosproxy.paros.network.HttpSender.sendAndReceive(UnknownSource)
> at
> org.parosproxy.paros.network.HttpSender.sendAndReceive(UnknownSource)
> at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(UnknownSource)
> at org.parosproxy.paros.core.proxy.ProxyThread.run(UnknownSource)
> at java.lang.Thread.run(Thread.java:745)
>
> |
>

> Hopefully that's more useful than my words are.
>
> On Thursday, June 23, 2016 at 10:11:12 AM UTC-4, Leonard Kerr wrote:
>
> Just to be sure I went through the process again:
>
> Generating a new dynamic SSL Certificate
> Installing this certificate through certmgr.exe
> Making sure it is installed on firefox, then restarting
>
> Still the same issue. On websites like tinyupload.com

> <http://tinyupload.com>, there is no issue. But google isn't trusted.

> <https://groups.google.com/d/msgid/zaproxy-users/9272268f-df48-45d2-b920-3551a6934129%40googlegroups.com?utm_medium=email&utm_source=footer

> <https://groups.google.com/d/msgid/zaproxy-users/9272268f-df48-45d2-b920-3551a6934129%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> > For more options, visit
> https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> >
> > --
> > You received this message because you are subscribed to the
> Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send
> > an email to zaproxy-user...@googlegroups.com

> > <mailto:zaproxy-user...@googlegroups.com>.

> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com>
>
> >

> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>

> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Ailton Caetano]

Generally i tend to install the ZAP certificate in Firefox instead of installing system-wide. You should go to Firefox's Configuration, "Advanced"->"Certificates"->"See Certificates"->"Import" and select ZAP's exported certificate. This should get you running by restarting Firefox only.

[]'s Ailton

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/576BF462.3080804%40gmail.com.

[Leonard Kerr]

Ailton,

Thank you for the suggestion, I have tried doing system wide as well as browser-specific and neither seems to do the trick. :/ 

thc, 

It turns out I am able to manually send the request through ZAP and get the expected response, not sure if that is a good or bad thing?

I also tried to lower the level of cert pinning and it had no effect. Here is the exact error that firefox is giving me when I try to connect to google:

Thanks,

Len

>         > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>         > To view this discussion on the web visit
>         >
>         https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com
>         <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com>
>
>         >

>         <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer
>         <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>         > For more options, visit https://groups.google.com/d/optout
>         <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-users+unsub...@googlegroups.com>.

> To view this discussion on the web visit

[thc...@gmail.com]

Thanks for letting us know.

Best regards.

On 24/06/16 14:22, Leonard Kerr wrote:
> Turned out to fix itself randomly. Sorry for any future people having
> this problem; I literally slept on it and it worked in the morning.

>
> On Thursday, June 23, 2016 at 10:55:35 AM UTC-4, Leonard Kerr wrote:
>
> Ailton,
>
> Thank you for the suggestion, I have tried doing system wide as well
> as browser-specific and neither seems to do the trick. :/
>
> thc,
>
> It turns out I am able to manually send the request through ZAP and
> get the expected response, not sure if that is a good or bad thing?
>
> I also tried to lower the level of cert pinning and it had no
> effect. Here is the exact error that firefox is giving me when I try
> to connect to google:
>

> <https://lh3.googleusercontent.com/-ADqYu714Y4U/V2v4WUjkMwI/AAAAAAAAEtM/rXta9EY8760W1TYYyXnWk-fyWylsc10NACLcB/s1600/firefox_untrusted.PNG>

> > > <mailto:zaproxy-user...@googlegroups.com>.

> > > To view this discussion on the web visit
> > >
> > https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com>
> > <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com>>
> >
> > >
> >
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/b334ad02-5639-4d5d-9ab7-52d330dd141c%40googlegroups.com?utm_medium=email&utm_source=footer>>>.
> >
> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>

> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to zaproxy-user...@googlegroups.com

> > <mailto:zaproxy-user...@googlegroups.com>.

> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com>
> >

> <https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/83e6a4be-20b7-41ab-a4da-167885db25c5%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> > For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the
> Google Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails

> from it, send an email to zaproxy-user...@googlegroups.com.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/zaproxy-users/576BF462.3080804%40gmail.com
> <https://groups.google.com/d/msgid/zaproxy-users/576BF462.3080804%40gmail.com>.

> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/zaproxy-users/129ca81e-8eed-41e6-89d6-51ae5b1cf026%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/129ca81e-8eed-41e6-89d6-51ae5b1cf026%40googlegroups.com?utm_medium=email&utm_source=footer>.