Problem for executing a sequence script
168 views
Skip to first unread message
Arnaud Peyre
Jun 1, 2016, 9:41:41 AM6/1/16
to OWASP ZAP User Group
Hello,
I have installed the "Sequence" add-on from the marketplace and then have created a sequence script with two urls.
If i try to run the script with the "Run" button, it fails, I get the following messages in the "Zest Results" console :
"FAILED Assert" - Status Code expected 200 got 502.
It seems that it tries to run the script with an outgoing proxy but none is configured in the options.
Here is a more detailed output taken from the zap.log file in debug mode :
2016-06-01 15:21:41,354 [ZAP-ScriptExecutor-TestSequence2] DEBUG ExtensionScript - invokeScript TestSequence2
2016-06-01 15:21:41,355 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - Constructor
2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - Run script TestSequence2
2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - Run script TestSequence2
2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - setVariable zap.script.name = TestSequence2
2016-06-01 15:21:41,391 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - runStatement ZestRequest
2016-06-01 15:21:41,408 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpConnection - Open connection to localhost:8080
2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "CONNECT wwwd-i.caf.fr:443 HTTP/1.1"
2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Adding Host request header
2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "Host: wwwd-i.caf.fr[\r][\n]"
2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "Proxy-Connection: Keep-Alive[\r][\n]"
2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "[\r][\n]"
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "HTTP/1.1 200 Connection established[\r][\n]"
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "Proxy-connection: Keep-alive[\r][\n]"
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "[\r][\n]"
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] INFO HttpMethodBase - Response content length is not known
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Force-close connection: true
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG ConnectMethod - CONNECT status code 200
2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpConnection - Secure tunnel to wwwd-i.caf.fr:443
2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "GET /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Adding Host request header
2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "Host: wwwd-i.caf.fr[\r][\n]"
2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - >> "[\r][\n]"
2016-06-01 15:21:41,432 [ZAP-ProxyThread-1032] DEBUG MonitoredPagesManager - URL not being monitored https://wwwd-i.caf.fr/msp/TestEcran1.jsp
2016-06-01 15:21:41,432 [ZAP-ProxyThread-1032] DEBUG SiteMap - findChild Sites / https://wwwd-i.caf.fr
2016-06-01 15:21:41,432 [ZAP-ProxyThread-1032] DEBUG SiteMap - findChild https://wwwd-i.caf.fr / msp
2016-06-01 15:21:41,432 [ZAP-ProxyThread-1032] DEBUG SiteMap - findChild msp / GET:TestEcran1.jsp
2016-06-01 15:21:41,432 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.socket.timeout = 20000
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection.stalecheck = true
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.connection-manager.max-total = 200000
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.single-cookie-header = true
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.cookie-policy = ignoreCookies
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSender - sendAndReceive GET https://wwwd-i.caf.fr/msp/TestEcran1.jsp start
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSessionsSite - Matching session for request message (for site wwwd-i.caf.fr:443): HttpSession [name=Session 1, active=false, tokenValues='']
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSessionsSite - No active session is selected.
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSender - Sending message to: https://wwwd-i.caf.fr/msp/TestEcran1.jsp
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.0
2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG DefaultHttpParams - Set parameter http.protocol.version = HTTP/1.1
2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG MultiThreadedHttpConnectionManager - HttpConnectionManager.getConnection: config = HostConfiguration[host=https://wwwd-i.caf.fr], timeout = 0
2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG MultiThreadedHttpConnectionManager - Allocating new connection, hostConfig=HostConfiguration[host=https://wwwd-i.caf.fr]
2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG HttpConnection - Open connection to wwwd-i.caf.fr:443
2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >> "GET /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG HttpMethodBase - Adding Host request header
2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >> "Host: wwwd-i.caf.fr[\r][\n]"
2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >> "[\r][\n]"
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpMethodDirector - Closing the connection.
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpMethodDirector - Method retry handler returned false. Automatic recovery will not be attempted
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpConnection - Releasing connection back to connection manager.
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG MultiThreadedHttpConnectionManager - Freeing connection, hostConfig=HostConfiguration[host=https://wwwd-i.caf.fr]
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG IdleConnectionHandler - Adding connection at: 1464787301649
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG MultiThreadedHttpConnectionManager - Notifying no-one, there are no waiting threads
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpSender - sendAndReceive GET https://wwwd-i.caf.fr/msp/TestEcran1.jsp took 216
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpSessionsSite - Matching cached session for response message (from site wwwd-i.caf.fr:443): HttpSession [name=Session 1, active=false, tokenValues='']
2016-06-01 15:21:41,650 [ZAP-ProxyThread-1032] DEBUG MonitoredPagesManager - URL not being monitored https://wwwd-i.caf.fr/msp/TestEcran1.jsp
2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "HTTP/1.1 502 Bad Gateway[\r][\n]"
2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "Content-Length: 2088[\r][\n]"
2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "Content-Type: text/plain; charset=UTF-8[\r][\n]"
2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header - << "[\r][\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Buffering response body
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "ZAP Error [java.net.SocketException]: Connection reset[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "Stack Trace:[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "java.net.SocketException: Connection reset[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at java.net.SocketInputStream.read(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at java.net.SocketInputStream.read(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at sun.security.ssl.InputRecord.readFully(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at sun.security.ssl.InputRecord.read(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at sun.security.ssl.AppInputStream.read(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at java.io.BufferedInputStream.fill(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at java.io.BufferedInputStream.read(Unknown Source)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)[\n]"
2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.zaproxy.zap.ZapGetMethod.readResponse(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.send(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG content - << "[0x9]at java.lang.Thread.run(Unknown Source)[\n]"
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Resorting to protocol version default close connection policy
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpMethodBase - Should NOT close connection, using HTTP/1.1
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG HttpConnection - Releasing connection back to connection manager.
2016-06-01 15:21:41,652 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - setVariable request.url = https://wwwd-i.caf.fr/msp/TestEcran1.jsp
2016-06-01 15:21:41,658 [ZAP-ScriptExecutor-TestSequence2] DEBUG ZestZapRunner - setVariable request.header = User-Agent: Jakarta Commons-HttpClient/3.1
Host: wwwd-i.caf.fr
Could you help me please?
thc...@gmail.com
Jun 1, 2016, 10:15:01 AM6/1/16
to zaprox...@googlegroups.com
Hi.
The requests are being proxied through ZAP (in this case it should not
need though).
Does the 502 error happens always? If you send the request directly from
ZAP, using Manual Request Editor dialogue (or Resend), does it work?
Best regards.
On 01/06/16 14:41, Arnaud Peyre wrote:
> Hello,
>
> I have installed the "Sequence" add-on from the marketplace and then
> have created a sequence script with two urls.
> If i try to run the script with the "Run" button, it fails, I get the
> following messages in the "Zest Results" console :
>
> "FAILED Assert" - Status Code expected 200 got 502.
>
> It seems that it tries to run the script with an outgoing proxy but none
> is configured in the options.
>
> Here is a more detailed output taken from the zap.log file in debug mode :
>
> 2016-06-01 15:21:41,354 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ExtensionScript - invokeScript TestSequence2
> 2016-06-01 15:21:41,355 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Constructor
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Run script TestSequence2
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Run script TestSequence2
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - setVariable zap.script.name = TestSequence2
> 2016-06-01 15:21:41,391 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - runStatement ZestRequest
> *2016-06-01 15:21:41,408 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> HttpConnection - Open connection to localhost:8080*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "HTTP/1.1 502 Bad Gateway[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "Content-Length: 2088[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "Content-Type: text/plain; charset=UTF-8[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "[\r][\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> HttpMethodBase - Buffering response body*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "ZAP Error [java.net.SocketException]: Connection reset[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "Stack Trace:[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "java.net.SocketException: Connection reset[\n]"*
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
The requests are being proxied through ZAP (in this case it should not
need though).
Does the 502 error happens always? If you send the request directly from
ZAP, using Manual Request Editor dialogue (or Resend), does it work?
Best regards.
On 01/06/16 14:41, Arnaud Peyre wrote:
> Hello,
>
> I have installed the "Sequence" add-on from the marketplace and then
> have created a sequence script with two urls.
> If i try to run the script with the "Run" button, it fails, I get the
> following messages in the "Zest Results" console :
>
> "FAILED Assert" - Status Code expected 200 got 502.
>
> It seems that it tries to run the script with an outgoing proxy but none
> is configured in the options.
>
> Here is a more detailed output taken from the zap.log file in debug mode :
>
> 2016-06-01 15:21:41,354 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ExtensionScript - invokeScript TestSequence2
> 2016-06-01 15:21:41,355 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Constructor
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Run script TestSequence2
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - Run script TestSequence2
> 2016-06-01 15:21:41,356 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - setVariable zap.script.name = TestSequence2
> 2016-06-01 15:21:41,391 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> ZestZapRunner - runStatement ZestRequest
> HttpConnection - Open connection to localhost:8080*
> - << "HTTP/1.1 502 Bad Gateway[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "Content-Length: 2088[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "Content-Type: text/plain; charset=UTF-8[\r][\n]"*
> *2016-06-01 15:21:41,650 [ZAP-ScriptExecutor-TestSequence2] DEBUG header
> - << "[\r][\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> HttpMethodBase - Buffering response body*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "ZAP Error [java.net.SocketException]: Connection reset[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "Stack Trace:[\n]"*
> *2016-06-01 15:21:41,651 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> content - << "java.net.SocketException: Connection reset[\n]"*
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Arnaud Peyre
Jun 1, 2016, 10:43:52 AM6/1/16
to OWASP ZAP User Group
Yes, it happens always.
If the request is resent from Zap, it works fine. An active scan is also working correctly.
Thanks
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Jun 1, 2016, 1:46:40 PM6/1/16
to zaprox...@googlegroups.com
OK, what's the RTT for the requests? Is the script doing heavy
processing between send of requests?
Changing to not proxy the requests should take care of that anyway.
Best regards.
> <http://zap.script.name> = TestSequence2
> <http://wwwd-i.caf.fr:443>):
> > wwwd-i.caf.fr:443 <http://wwwd-i.caf.fr:443>): HttpSession
> > Host: wwwd-i.caf.fr <http://wwwd-i.caf.fr>
processing between send of requests?
Changing to not proxy the requests should take care of that anyway.
Best regards.
> > 2016-06-01 15:21:41,391 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > ZestZapRunner - runStatement ZestRequest
> > *2016-06-01 15:21:41,408 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpConnection - Open connection to localhost:8080*
> > 2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "CONNECT wwwd-i.caf.fr:443 <http://wwwd-i.caf.fr:443> HTTP/1.1"
> > ZestZapRunner - runStatement ZestRequest
> > *2016-06-01 15:21:41,408 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpConnection - Open connection to localhost:8080*
> > 2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > 2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpMethodBase - Adding Host request header
> > 2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "Host: wwwd-i.caf.fr <http://wwwd-i.caf.fr>[\r][\n]"
> > HttpMethodBase - Adding Host request header
> > 2016-06-01 15:21:41,409 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > 2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "Proxy-Connection: Keep-Alive[\r][\n]"
> > 2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "HTTP/1.1 200 Connection established[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "Proxy-connection: Keep-alive[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] INFO
> > HttpMethodBase - Response content length is not known
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpMethodBase - Force-close connection: true
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > ConnectMethod - CONNECT status code 200
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpConnection - Secure tunnel to wwwd-i.caf.fr:443
> <http://wwwd-i.caf.fr:443>
> header
> > - >> "Proxy-Connection: Keep-Alive[\r][\n]"
> > 2016-06-01 15:21:41,410 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "HTTP/1.1 200 Connection established[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "Proxy-connection: Keep-alive[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - << "[\r][\n]"
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] INFO
> > HttpMethodBase - Response content length is not known
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpMethodBase - Force-close connection: true
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > ConnectMethod - CONNECT status code 200
> > 2016-06-01 15:21:41,414 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpConnection - Secure tunnel to wwwd-i.caf.fr:443
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "GET /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpMethodBase - Adding Host request header
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "Host: wwwd-i.caf.fr <http://wwwd-i.caf.fr>[\r][\n]"
> header
> > - >> "GET /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> > HttpMethodBase - Adding Host request header
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,432 [ZAP-ScriptExecutor-TestSequence2] DEBUG
> header
> > HttpSession [name=Session 1, active=false, tokenValues='']
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> HttpSessionsSite -
> > No active session is selected.
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSender -
> > Sending message to: https://wwwd-i.caf.fr/msp/TestEcran1.jsp
> <https://wwwd-i.caf.fr/msp/TestEcran1.jsp>
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> DefaultHttpParams -
> > Set parameter http.protocol.version = HTTP/1.0
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> DefaultHttpParams -
> > Set parameter http.protocol.version = HTTP/1.1
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG
> > MultiThreadedHttpConnectionManager -
> > HttpConnectionManager.getConnection: config =
> > HostConfiguration[host=https://wwwd-i.caf.fr
> <https://wwwd-i.caf.fr>], timeout = 0
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG
> > MultiThreadedHttpConnectionManager - Allocating new connection,
> > hostConfig=HostConfiguration[host=https://wwwd-i.caf.fr]
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG HttpConnection -
> > Open connection to wwwd-i.caf.fr:443 <http://wwwd-i.caf.fr:443>
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> HttpSessionsSite -
> > No active session is selected.
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG HttpSender -
> > Sending message to: https://wwwd-i.caf.fr/msp/TestEcran1.jsp
> <https://wwwd-i.caf.fr/msp/TestEcran1.jsp>
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> DefaultHttpParams -
> > Set parameter http.protocol.version = HTTP/1.0
> > 2016-06-01 15:21:41,433 [ZAP-ProxyThread-1032] DEBUG
> DefaultHttpParams -
> > Set parameter http.protocol.version = HTTP/1.1
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG
> > MultiThreadedHttpConnectionManager -
> > HttpConnectionManager.getConnection: config =
> > HostConfiguration[host=https://wwwd-i.caf.fr
> <https://wwwd-i.caf.fr>], timeout = 0
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG
> > MultiThreadedHttpConnectionManager - Allocating new connection,
> > hostConfig=HostConfiguration[host=https://wwwd-i.caf.fr]
> > 2016-06-01 15:21:41,434 [ZAP-ProxyThread-1032] DEBUG HttpConnection -
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >> "GET
> > /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG HttpMethodBase -
> > Adding Host request header
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >>
> > "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >>
> "Host:
> > wwwd-i.caf.fr <http://wwwd-i.caf.fr>[\r][\n]"
> > /msp/TestEcran1.jsp HTTP/1.1[\r][\n]"
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG HttpMethodBase -
> > Adding Host request header
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >>
> > "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
> > 2016-06-01 15:21:41,645 [ZAP-ProxyThread-1032] DEBUG header - >>
> "Host:
> >
> >
> > Could you help me please?
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> >
> > Could you help me please?
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Arnaud Peyre
Jun 6, 2016, 3:33:35 AM6/6/16
to OWASP ZAP User Group
Hello,
Sorry for the delay but I was out of the office.
RTT is very quick, about 50 ms.
The script does nothing between send of requests.
I don't understand "Changing to not proxy..." as proxy is not enabled.
Thanks
Arnaud
thc...@gmail.com
Jun 6, 2016, 5:50:26 AM6/6/16
to zaprox...@googlegroups.com
Hi.
OK, with those times it should not lead to that error, I think.
Do you see in the logs the response? Before:
show the requests sent in the History tab, that's what needs changing IMHO).
Best regards.
OK, with those times it should not lead to that error, I think.
Do you see in the logs the response? Before:
2016-06-01 15:21:41,649 [ZAP-ProxyThread-1032] DEBUG HttpMethodDirector
- Closing the connection.
The proxying of the requests is done internally by the Zest script (to
- Closing the connection.
show the requests sent in the History tab, that's what needs changing IMHO).
Best regards.
Arnaud Peyre
Jun 6, 2016, 7:55:10 AM6/6/16
to OWASP ZAP User Group
Thanks for the update.
What could we do next?
Is there something I could do in order to help?
Regards
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
Arnaud Peyre
Jun 6, 2016, 8:03:08 AM6/6/16
to OWASP ZAP User Group
Also, if I try a simple active scan (input vector = URL query string) with the script activated, I can find the following message ine the log :
2016-06-06 13:56:28,140 [ZAP-ActiveScanner-0] DEBUG ZestSequenceRunner - Error running Sequence script in 'runSequenceBefore' method : Connection reset
thc...@gmail.com
Jun 6, 2016, 10:19:00 AM6/6/16
to zaprox...@googlegroups.com
Right, the problem is the same.
I'm still not sure why that error, you don't see any response (form the
server) in the logs?
(Changing to not proxy the requests would fix that but it would be good
to know what the actual problem is.)
Best regards.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>.
I'm still not sure why that error, you don't see any response (form the
server) in the logs?
(Changing to not proxy the requests would fix that but it would be good
to know what the actual problem is.)
Best regards.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>.
Arnaud Peyre
Jun 6, 2016, 10:56:04 AM6/6/16
to OWASP ZAP User Group
No, I don't see any response from the server and I can't find any corresponding HTTP request in the Apache access log.
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
Arnaud Peyre
Jun 7, 2016, 8:42:12 AM6/7/16
to OWASP ZAP User Group
Hello,
Is there something I could do for help?
Regards
Arnaud Peyre
Jun 8, 2016, 9:16:38 AM6/8/16
to OWASP ZAP User Group
Hello,
Any news?
Regards
Arnaud
thc...@gmail.com
Jun 8, 2016, 9:25:12 AM6/8/16
to zaprox...@googlegroups.com
Hi.
(Was thinking on this problem ;)
Could you try reproduce the issue again, but before run a JavaScript
Stand Alone script with the following contents:
org.apache.log4j.Logger.getLogger("org.parosproxy.paros.core.proxy.ProxyThread").setLevel(org.apache.log4j.Level.DEBUG);
and provide the contents of the log?
Are you available to test a possible fix? (That would require installing
an updated add-on.)
Best regards.
> > <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com?utm_medium=email&utm_source=footer>.
(Was thinking on this problem ;)
Could you try reproduce the issue again, but before run a JavaScript
Stand Alone script with the following contents:
org.apache.log4j.Logger.getLogger("org.parosproxy.paros.core.proxy.ProxyThread").setLevel(org.apache.log4j.Level.DEBUG);
and provide the contents of the log?
Are you available to test a possible fix? (That would require installing
an updated add-on.)
Best regards.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> >
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> > For more options, visit https://groups.google.com/d/optout
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com?utm_medium=email&utm_source=footer>.
Arnaud Peyre
Jun 8, 2016, 9:35:32 AM6/8/16
to OWASP ZAP User Group
Hello,
Sorry but log level was already set to debug for "org.parosproxy.paros.core.proxy.ProxyThread" in my log4j.properties.
I am available for a test.
Many thanks :-)
Arnaud
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
Arnaud Peyre
Jun 13, 2016, 10:17:00 AM6/13/16
to OWASP ZAP User Group
Hello,
Any update? Do you have a debug jar or add-on to test?
Regards
Arnaud
thc...@gmail.com
Jun 14, 2016, 9:49:43 AM6/14/16
to zaprox...@googlegroups.com
I'll take a look at it tomorrow.
I should prepare a new custom version of the add-on so that you can try.
Thanks!
Best regards.
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> <https://groups.google.com/d/msgid/zaproxy-users/05b7c2f9-72bd-4b13-a222-780d672ba84a%40googlegroups.com?utm_medium=email&utm_source=footer>.
I should prepare a new custom version of the add-on so that you can try.
Thanks!
Best regards.
> > > To view this discussion on the web visit
> > >
> >
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>>
>
> >
> > >
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>>>.
>
> >
> > > For more options, visit
> https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the
> Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send
> > an email to zaproxy-user...@googlegroups.com
> > <mailto:zaproxy-user...@googlegroups.com>.
> > >
> >
> https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com>>
>
> >
> > >
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer
> <https://groups.google.com/d/msgid/zaproxy-users/d5c9d81d-ee1c-47a9-ad27-1b82d697ae0d%40googlegroups.com?utm_medium=email&utm_source=footer>>>.
>
> >
> > > For more options, visit
> https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from
> it, send
> > an email to zaproxy-user...@googlegroups.com
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com?utm_medium=email&utm_source=footer
> >
> https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com>
>
> >
> <https://groups.google.com/d/msgid/zaproxy-users/46836e57-57c4-4ad4-b611-1ae039496d37%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/05b7c2f9-72bd-4b13-a222-780d672ba84a%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/05b7c2f9-72bd-4b13-a222-780d672ba84a%40googlegroups.com?utm_medium=email&utm_source=footer>.
Arnaud Peyre
Jun 14, 2016, 10:40:25 AM6/14/16
to OWASP ZAP User Group
OK thanks.
thc...@gmail.com
Jun 15, 2016, 9:33:20 AM6/15/16
to zaprox...@googlegroups.com
Hi.
There's a new test version of Zest add-on in:
https://github.com/thc202/zap-extensions/releases/tag/zest-test-version
The requests will no longer be proxied through ZAP so the issue that you
were seeing should not happen. If it does it's an issue between ZAP and
the server, unrelated to Sequence scripts.
You just need to download the add-on and copy it to plugin directory in
ZAP home, before starting ZAP. [1]
Run the sequence script or the active scan (with Sequence script) as usual.
Looking forward to know if that works better.
[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Thanks!
Best regards.
> <https://groups.google.com/d/msgid/zaproxy-users/b6f82015-36a6-4014-b324-67649a956d99%40googlegroups.com?utm_medium=email&utm_source=footer>.
There's a new test version of Zest add-on in:
https://github.com/thc202/zap-extensions/releases/tag/zest-test-version
The requests will no longer be proxied through ZAP so the issue that you
were seeing should not happen. If it does it's an issue between ZAP and
the server, unrelated to Sequence scripts.
You just need to download the add-on and copy it to plugin directory in
ZAP home, before starting ZAP. [1]
Run the sequence script or the active scan (with Sequence script) as usual.
Looking forward to know if that works better.
[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig
Thanks!
Best regards.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/b6f82015-36a6-4014-b324-67649a956d99%40googlegroups.com
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/zaproxy-users/b6f82015-36a6-4014-b324-67649a956d99%40googlegroups.com?utm_medium=email&utm_source=footer>.
Arnaud Peyre
Jun 15, 2016, 11:16:55 AM6/15/16
to OWASP ZAP User Group
Hi,
The test version has been installed, here is the result :
This time, I got the following message : "java.net.SocketException: Connection reset"
I suspected that the request was blocked by our Big-Ip (Waf in blocking mode) which is located in front of our test server.
So I asked our admin who told me that the request was indeed blocked because detected as an "Automated client access (Jakarta)" attack signature.
Effectively, the request is created with the following user agent : Jakarta Commons-HttpClient/3.1
So the attack signature has been disabled and this time the script is working correctly.
I also tried to go back to the "old" Zest plugin which is also working fine.
I feel sorry to have disturbed you with my local configuration problem :-)
Many thanks for your help, I can now go further with my sequence testing.
Best regards
Arnaud
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
Reply all
Reply to author
Forward
0 new messages