Connection Refused Error - Java API (Unable to trace the error)

477 views
Skip to first unread message

NCoder

unread,
Aug 26, 2016, 7:40:30 PM8/26/16
to OWASP ZAP User Group
Hello,

I have the following setup. In my Jenkins job i have 3 build ant tasks:

1. Open ZAP using Runtime exec command in Java, set the exclude from scanner and proxy.
2. Run my QA UI Automation Test Cases
3. Connect with ZAP API, configure and run Active Scan.

My ZAP ant build tasks use JAVA API V 1.0.0 and my ZAP Version is 2.5

Error Cases:

1. Sometimes i would get the connection refused error during the first step itself, after opening ZAP (Successful) and then when i try to set exclude from scanner and proxy via JAVA API.

zapapi.ascan.excludeFromScan(ZAP_API_KEY, EXCLUDE_SCANNER_REGEX);


When i have tried to change the API key or disable the key, this sometimes work


2. I successfully open ZAP and set the config, first build task is successful and then now my QA UI Automation tasks runs for 3 hrs and ZAP records all the request, then during my Active Scan configuration, it starts failing during the first step when i try to check if the user provided csrf already exists.


scanresponse=zapapi.acsrf.optionTokensNames(); 


Trials from my side:

1. I did check if the port number is the same, yes its the same. 
2. I tried changing the API Key, for build step 1 it worked but not for step 3 which is active scan.
3. Tried disabling the key, still i get the same error.

Exception from Jenkins:

 [java] Configuring Active Scan Failed : java.net.ConnectException: Connection refused

     [java] org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused

     [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:307)

     [java] at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:289)

     [java] at org.zaproxy.clientapi.gen.Acsrf.optionTokensNames(Acsrf.java:46)

     [java] at ZapperJenkins.configureActiveScan(Unknown Source)

     [java] at ZapperJenkins.main(Unknown Source)

     [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

     [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

     [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

     [java] at java.lang.reflect.Method.invoke(Method.java:497)

     [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:218)

     [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:153)

     [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:772)

     [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:222)

     [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:136)

     [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:109)

     [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)

     [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

     [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

     [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

     [java] at java.lang.reflect.Method.invoke(Method.java:497)

     [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)

     [java] at org.apache.tools.ant.Task.perform(Task.java:348)

     [java] at org.apache.tools.ant.Target.execute(Target.java:435)

     [java] at org.apache.tools.ant.Target.performTasks(Target.java:456)

     [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)

     [java] at org.apache.tools.ant.Project.executeTarget(Project.java:1376)

     [java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)

     [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1260)

     [java] at org.apache.tools.ant.Main.runBuild(Main.java:853)

     [java] at org.apache.tools.ant.Main.startAnt(Main.java:235)

     [java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:285)

     [java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:112)

     [java] Caused by: java.net.ConnectException: Connection refused

     [java] at java.net.PlainSocketImpl.socketConnect(Native Method)

     [java] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

     [java] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

     [java] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

     [java] at java.net.Socket.connect(Socket.java:589)

     [java] at java.net.Socket.connect(Socket.java:538)

     [java] at sun.net.NetworkClient.doConnect(NetworkClient.java:180)

     [java] at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)

     [java] at sun.net.www.http.HttpClient$1.run(HttpClient.java:484)

     [java] at sun.net.www.http.HttpClient$1.run(HttpClient.java:482)

     [java] at java.security.AccessController.doPrivileged(Native Method)

     [java] at sun.net.www.http.HttpClient.privilegedOpenServer(HttpClient.java:481)

     [java] at sun.net.www.http.HttpClient.openServer(HttpClient.java:522)

     [java] at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)

     [java] at sun.net.www.http.HttpClient.New(HttpClient.java:308)

     [java] at sun.net.www.http.HttpClient.New(HttpClient.java:326)

     [java] at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1169)

     [java] at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1148)

     [java] at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:989)

     [java] at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:987)

     [java] at java.security.AccessController.doPrivileged(Native Method)

     [java] at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:782)

     [java] at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:986)

     [java] at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:933)

     [java] at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:313)

     [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:305)

     [java] ... 31 more


Log File:


Last few logs before it terminated


016-08-26 16:25:33,119 [AWT-EventQueue-0] INFO  Control - New Session

2016-08-26 16:25:33,178 [AWT-EventQueue-0] INFO  Control - Create and Open Untitled Db

2016-08-26 16:25:33,190 [AWT-EventQueue-0] INFO  ENGINE - dataFileCache commit start

2016-08-26 16:25:33,190 [AWT-EventQueue-0] INFO  ENGINE - dataFileCache commit end

2016-08-26 16:25:33,195 [AWT-EventQueue-0] INFO  ENGINE - Database closed

2016-08-26 16:25:33,337 [AWT-EventQueue-0] INFO  ENGINE - open start - state not modified

2016-08-26 16:25:33,389 [AWT-EventQueue-0] INFO  ENGINE - dataFileCache open start

2016-08-26 16:25:33,389 [AWT-EventQueue-0] INFO  ENGINE - dataFileCache open end

2016-08-26 16:25:59,779 [Thread-7] INFO  ENGINE - dataFileCache commit start

2016-08-26 16:25:59,781 [Thread-7] INFO  ENGINE - dataFileCache commit end

2016-08-26 16:25:59,785 [Thread-7] INFO  ENGINE - Database closed

2016-08-26 16:25:59,889 [Thread-7] INFO  Control - OWASP ZAP 2.5.0 terminated.


NCoder

unread,
Sep 1, 2016, 3:42:18 AM9/1/16
to OWASP ZAP User Group
Also is there any api conenction time out ? or mutliple connections to the API will cause some issues ? 
Reply all
Reply to author
Forward
0 new messages