Spider URL using ant. API key missing
197 views
Skip to first unread message
Albert
Jan 4, 2016, 9:15:40 AM1/4/16
to OWASP ZAP User Group
I am trying to run ZAP spider + scan using ant.
I am getting the following error when the spider starts. Do i need to set an API key somewhere as a property?
I am not that familiar with the API.
Using the spider URL task:
/root/IdeaProjects/ZAPDemo/build2.xml:85: org.zaproxy.clientapi.core.ClientApiException: Invalid or missing API key
at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
at org.zaproxy.clientapi.gen.Spider.scan(Unknown Source)
at org.zaproxy.clientapi.ant.SpiderUrlTask.execute(Unknown Source)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:435)
at org.apache.tools.ant.Target.performTasks(Target.java:456)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)
at org.apache.tools.ant.Project.executeTarget(Project.java:1376)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1260)
at org.apache.tools.ant.Main.runBuild(Main.java:853)
at org.apache.tools.ant.Main.startAnt(Main.java:235)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:285)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:112
I am getting the following error when the spider starts. Do i need to set an API key somewhere as a property?
I am not that familiar with the API.
Using the spider URL task:
<taskdef name="spiderUrlTask" classname="org.zaproxy.clientapi.ant.SpiderUrlTask" classpath="${lib}/zap/zap-api-2.4-v9.jar" />
/root/IdeaProjects/ZAPDemo/build2.xml:85: org.zaproxy.clientapi.core.ClientApiException: Invalid or missing API key
at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
at org.zaproxy.clientapi.gen.Spider.scan(Unknown Source)
at org.zaproxy.clientapi.ant.SpiderUrlTask.execute(Unknown Source)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:293)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:435)
at org.apache.tools.ant.Target.performTasks(Target.java:456)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1405)
at org.apache.tools.ant.Project.executeTarget(Project.java:1376)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1260)
at org.apache.tools.ant.Main.runBuild(Main.java:853)
at org.apache.tools.ant.Main.startAnt(Main.java:235)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:285)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:112
Albert
Jan 4, 2016, 10:29:04 AM1/4/16
to OWASP ZAP User Group
I tryied to disable the API key as well but the same error appears.
<target name="startZap">
<java classname="org.zaproxy.zap.ZAP" fork="true" spawn="true" dir="${zapdir}">
<arg value="-port"/>
<arg value="${zapport}"/>
<arg value="-dir"/>
<arg value="${zaphome}"/>
<arg value="-config"/>
<arg value="api.disablekey=true"/>
<classpath>
<pathelement location="${zapdir}/zap-2.4.3.jar"/>
</classpath>
</java>
<!-- Give ZAP a chance to start -->
<sleep seconds="20"/>
</target>
Albert
Jan 4, 2016, 7:15:24 PM1/4/16
to OWASP ZAP User Group
Solved the problem creating an API key using the ZAP UI (Tools>Options>API) and adding the Api key within the target when calling the task:
<spiderUrlTask zapAddress="${zapaddr}" zapPort="${zapport}" url="${targetHost}" apikey="n2iri91h27humil0sfibnk2ncd" debug="true"/>
<sleep seconds="10"/>
thc...@gmail.com
Jan 5, 2016, 3:34:12 AM1/5/16
to zaprox...@googlegroups.com
OK, thanks for letting us know.
I'd expect the "-config" option to disable the key.
Which ZAP version are you using?
Best regards.
On 05/01/16 00:15, Albert wrote:
> Solved the problem creating an API key using the ZAP UI
> (Tools>Options>API) and adding the Api key within the target when
> calling the task:
>
> <spiderUrlTask zapAddress="${zapaddr}" zapPort="${zapport}"
> url="${targetHost}" apikey="n2iri91h27humil0sfibnk2ncd" debug="true"/>
> <sleep seconds="10"/>
>
>
>
>
> On Monday, January 4, 2016 at 4:29:04 PM UTC+1, Albert wrote:
>
> I tryied to disable the API key as well but the same error appears.
>
> <target name="startZap">
> <java classname="org.zaproxy.zap.ZAP" fork="true" spawn="true"
> dir="${zapdir}">
> <argvalue="-port"/>
> <argvalue="${zapport}"/>
> <argvalue="-dir"/>
> <argvalue="${zaphome}"/>
> <argvalue="-config"/>
> <argvalue="api.disablekey=true"/>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
I'd expect the "-config" option to disable the key.
Which ZAP version are you using?
Best regards.
On 05/01/16 00:15, Albert wrote:
> Solved the problem creating an API key using the ZAP UI
> (Tools>Options>API) and adding the Api key within the target when
> calling the task:
>
> <spiderUrlTask zapAddress="${zapaddr}" zapPort="${zapport}"
> url="${targetHost}" apikey="n2iri91h27humil0sfibnk2ncd" debug="true"/>
> <sleep seconds="10"/>
>
>
>
>
> On Monday, January 4, 2016 at 4:29:04 PM UTC+1, Albert wrote:
>
> I tryied to disable the API key as well but the same error appears.
>
> <target name="startZap">
> <java classname="org.zaproxy.zap.ZAP" fork="true" spawn="true"
> dir="${zapdir}">
> <argvalue="-port"/>
> <argvalue="${zapport}"/>
> <argvalue="-dir"/>
> <argvalue="${zaphome}"/>
> <argvalue="-config"/>
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
thc...@gmail.com
Jan 5, 2016, 4:37:31 AM1/5/16
to zaprox...@googlegroups.com
I see that you are using 2.4.3.
The -config option is working here, with a new ZAP "home" directory and
existing one :/
Best regards.
The -config option is working here, with a new ZAP "home" directory and
existing one :/
Best regards.
Reply all
Reply to author
Forward
0 new messages