Query on Ajax Spider Scan
98 views
Skip to first unread message
C S LIKHITH
Mar 6, 2024, 1:46:22 AMMar 6
to ZAP Developer Group
Hi Team.
Greetings of the day
I am trying to run Ajax Spider Scan and I am automating it through Java using Zap-Client API -> Version used 1.11.0 and Zap version - 2.13.0.
It fails to run the Ajax spider in ZAP, but works fine when running the Spider and Active Scans with the API.
I am using this piece of code to start the ajax spider scan ->
clientApi.ajaxSpider.setOptionBrowserId("chrome");
ApiResponse ascanResp = clientApi.ajaxSpider.scan(target, "false" , contextName, "false");
Where target is a public URL -> https://opensource-demo.orangehrmlive.com/web/index.php/auth/validate and contextName is "MY_CONTEXT" and setting chrome as a browser.
When I try to print clientApi.ajaxSpider.status(); -> It gives the result as running but never shows up in ZAP.
But if I try to run the Ajax Spider scan manually in ZAP, it starts as expected and shows up in the tab with the number of crawled URL's.
The logs that show up are as follows.
2072340 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running Crawljax (with chrome): API - Context: TALOS_CONTEXT_TS_20
2072343 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
2072350 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started, listening at port [51739].
2072369 [ZAP-AjaxSpiderApi] INFO com.crawljax.core.plugin.Plugins - Loaded org.zaproxy.zap.extension.spiderAjax.SpiderThread$DummyPlugin466ec645 as a OnBrowserCreatedPlugin
2072384 [ZAP-AjaxSpiderApi] INFO org.openqa.selenium.remote.service.DriverService - Driver logs no longer sent to console by default; https://www.selenium.dev/documentation/webdriver/drivers/service/#setting-log-output
2075406 [ZAP-AjaxSpiderApi] WARN org.openqa.selenium.devtools.CdpVersionFinder - Unable to find CDP implementation matching 122
2075408 [ZAP-AjaxSpiderApi] WARN org.openqa.selenium.chromium.ChromiumDriver - Unable to find version of CDP to use for . You may need to include a dependency on a specific version of the CDP using something similar to `org.seleniumhq.selenium:selenium-devtools-v86:4.10.0` where the version ("v86") matches the version of the chromium-based browser you're using and the version number of the artifact is the same as Selenium's.
2076242 [ZAP-IO-Server-1-31] INFO org.zaproxy.zap.users.User - Authenticating user: Test User
2079864 [ZAP-AjaxSpiderApi] INFO org.openqa.selenium.remote.service.DriverService - Driver logs no longer sent to console by default; https://www.selenium.dev/documentation/webdriver/drivers/service/#setting-log-output
Please help me to figure out the problem and get the ajax spider scan running in ZAP side.
Thanks
Greetings of the day
I am trying to run Ajax Spider Scan and I am automating it through Java using Zap-Client API -> Version used 1.11.0 and Zap version - 2.13.0.
It fails to run the Ajax spider in ZAP, but works fine when running the Spider and Active Scans with the API.
I am using this piece of code to start the ajax spider scan ->
clientApi.ajaxSpider.setOptionBrowserId("chrome");
ApiResponse ascanResp = clientApi.ajaxSpider.scan(target, "false" , contextName, "false");
Where target is a public URL -> https://opensource-demo.orangehrmlive.com/web/index.php/auth/validate and contextName is "MY_CONTEXT" and setting chrome as a browser.
When I try to print clientApi.ajaxSpider.status(); -> It gives the result as running but never shows up in ZAP.
But if I try to run the Ajax Spider scan manually in ZAP, it starts as expected and shows up in the tab with the number of crawled URL's.
The logs that show up are as follows.
2072340 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Running Crawljax (with chrome): API - Context: TALOS_CONTEXT_TS_20
2072343 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...
2072350 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started, listening at port [51739].
2072369 [ZAP-AjaxSpiderApi] INFO com.crawljax.core.plugin.Plugins - Loaded org.zaproxy.zap.extension.spiderAjax.SpiderThread$DummyPlugin466ec645 as a OnBrowserCreatedPlugin
2072384 [ZAP-AjaxSpiderApi] INFO org.openqa.selenium.remote.service.DriverService - Driver logs no longer sent to console by default; https://www.selenium.dev/documentation/webdriver/drivers/service/#setting-log-output
2075406 [ZAP-AjaxSpiderApi] WARN org.openqa.selenium.devtools.CdpVersionFinder - Unable to find CDP implementation matching 122
2075408 [ZAP-AjaxSpiderApi] WARN org.openqa.selenium.chromium.ChromiumDriver - Unable to find version of CDP to use for . You may need to include a dependency on a specific version of the CDP using something similar to `org.seleniumhq.selenium:selenium-devtools-v86:4.10.0` where the version ("v86") matches the version of the chromium-based browser you're using and the version number of the artifact is the same as Selenium's.
2076242 [ZAP-IO-Server-1-31] INFO org.zaproxy.zap.users.User - Authenticating user: Test User
2079864 [ZAP-AjaxSpiderApi] INFO org.openqa.selenium.remote.service.DriverService - Driver logs no longer sent to console by default; https://www.selenium.dev/documentation/webdriver/drivers/service/#setting-log-output
Please help me to figure out the problem and get the ajax spider scan running in ZAP side.
Thanks
psiinon
Mar 7, 2024, 5:04:50 AMMar 7
to ZAP Developer Group
Hiya,
So it looks like ZAP is failing to launch Chrome.
Do you have Chrome installed?
Have you updated the ZAP webdrivers?
Cheers,
Simon
C S LIKHITH
Mar 7, 2024, 2:09:29 PMMar 7
to ZAP Developer Group
Hi,
Yes, I have chrome installed in my machine where ZAP is running and I have updated the paths of the chrome driver as well under the Selenium web driver section present in the options tab.
After running Spider Scan successfully, its opening the chrome 16 times since I have set the "Number of browser windows to open" field as 16.
But it is not showing any progress or starting of Ajax Spider Scan in the bottom tab. I have also verified that Ajax Spider Screen is not hidden.
Even if we open Ajax Spider Scan tab manually in ZAP side, I notice that its not running and not crawling any URL.
Post some time, Active scan is starting as expected and showing up in the bottom tab along with its progress.
Please do let me know what I am missing out or I need to add any other configurations to it for Ajax Spider to run as expected and display the output in the console.
Thanks
C S Likhith
Yes, I have chrome installed in my machine where ZAP is running and I have updated the paths of the chrome driver as well under the Selenium web driver section present in the options tab.
After running Spider Scan successfully, its opening the chrome 16 times since I have set the "Number of browser windows to open" field as 16.
But it is not showing any progress or starting of Ajax Spider Scan in the bottom tab. I have also verified that Ajax Spider Screen is not hidden.
Even if we open Ajax Spider Scan tab manually in ZAP side, I notice that its not running and not crawling any URL.
Post some time, Active scan is starting as expected and showing up in the bottom tab along with its progress.
Please do let me know what I am missing out or I need to add any other configurations to it for Ajax Spider to run as expected and display the output in the console.
Thanks
C S Likhith
thc...@gmail.com
Mar 7, 2024, 3:33:24 PMMar 7
to zaproxy...@googlegroups.com
ZAP 2.13 is no longer supported. You should update to 2.14, which has
up-to-date add-ons (WebDrivers and Selenium) which support the latest
versions of the browsers.
Best regards.
up-to-date add-ons (WebDrivers and Selenium) which support the latest
versions of the browsers.
Best regards.
C S LIKHITH
Mar 8, 2024, 4:35:27 AMMar 8
to ZAP Developer Group
I upgraded ZAP to 2.14.0 and also updated the drivers as well and I have made sure its pointing to the right paths.
The Ajax spider scan is triggering the chrome to open 16 times as mentioned previously but still not able to see the progress or the start of the Ajax in the tab.
If I run Zap manually, Ajax is getting started and populating the progress in the tab. But, when I am automating it through java
[ clientApi.ajaxSpider.scan(target, "false" , contextName, "false"); ], it is not working for Ajax Scan alone and works perfect with spider and Active.
Thanks
The Ajax spider scan is triggering the chrome to open 16 times as mentioned previously but still not able to see the progress or the start of the Ajax in the tab.
If I run Zap manually, Ajax is getting started and populating the progress in the tab. But, when I am automating it through java
[ clientApi.ajaxSpider.scan(target, "false" , contextName, "false"); ], it is not working for Ajax Scan alone and works perfect with spider and Active.
Thanks
psiinon
Mar 8, 2024, 4:48:18 AMMar 8
to ZAP Developer Group
Have a look in the zap.log file for any relevant errors:
Cheers,
Simon
C S LIKHITH
Mar 18, 2024, 9:36:45 AMMar 18
to ZAP Developer Group
Thanks for the reply.
But the issue still persists.
But the issue still persists.
When I use the Java code to run AJAX SCAN -> "clientApi.ajaxSpider.scan("https://public-firing-range.appspot.com", null, null, null);",
I am able to see the Ajax Spider trying to open the URL's and crawl the urls within that as expected. But never shows up like ajax is running in the tab. If we run Ajax manually from ZAP. It shows the progress in the tab.
I am using ZAP ClientAPI -> 1.11 version, is this why I am facing this issue? I cant see the active progress of the Ajax Spider in the tab. Is it like in -> 1.12, this issue is fixed ?
But unfortunately , I am not able to upgrade the client version to 1.12 due to some internal issues in my application.
Please help me with a reply.
Thanks
I am able to see the Ajax Spider trying to open the URL's and crawl the urls within that as expected. But never shows up like ajax is running in the tab. If we run Ajax manually from ZAP. It shows the progress in the tab.
I am using ZAP ClientAPI -> 1.11 version, is this why I am facing this issue? I cant see the active progress of the Ajax Spider in the tab. Is it like in -> 1.12, this issue is fixed ?
But unfortunately , I am not able to upgrade the client version to 1.12 due to some internal issues in my application.
Please help me with a reply.
Thanks
Reply all
Reply to author
Forward
0 new messages