Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

[Mhidi Bousselham]

Hello ! 

I'm new in ZAP Owasp, 

I've copy past script many scripts from the zaproxy/community-scripts 

However, During the scans I always see the below error without the predicted results.

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

^
Parsing message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof

[psiinon]

Thats typically caused by a script trying to parse an HTTP response body as JSON when its not JSON.

You can just ignore those messages.

Unless you fancy working out which script is doing that and submitting a fix? :)

Cheers,

Simon

[Mhidi Bousselham]

Thank you for your reactivity !

Basically, I use this simple script from proxy, where no body is called :/ 

I can't also see the content of the print function

"""
The proxyRequest and proxyResponse functions will be called for all requests  and responses made via ZAP,
excluding some of the automated tools
If they return 'false' then the corresponding request / response will be dropped.
You can use msg.setForceIntercept(true) in either method to force a break point

Note that new proxy scripts will initially be disabled
Right click the script in the Scripts tree and select "enable"  
"""

def proxyRequest(msg):
  # Debugging can be done using print like this
  print('proxyRequest called for url=' + msg.getRequestHeader().getURI().toString());
  return True;

def proxyResponse(msg):
  # Debugging can be done using print like this
  print('proxyResponse called for url=' + msg.getRequestHeader().getURI().toString());
  return True;

[kingthorin+owaspzap]

> I've copy past script many scripts from the zaproxy/community-scripts 

So you've disabled/removed them all but that one single proxy script? (That seems unlikely given the output you're reporting.)

[thc...@gmail.com]

Those errors messages are caused by a GraphQL add-on script, which was
already fixed, just pending a release.

Best regards.

On 02/02/2022 16:28, kingthorin+owaspzap wrote:
>> I've copy past script many scripts from the zaproxy

> <https://github.com/zaproxy>/*community-scripts
> <https://github.com/zaproxy/community-scripts> *

>>>> <https://github.com/zaproxy>/*community-scripts
>>>> <https://github.com/zaproxy/community-scripts> *

[Mhidi Bousselham]

Can you please help me to print results (use print function) because it doesn’t work in order to debug ? 

[psiinon]

The fixed GraphQL add-on has been released.

We can help with problems but only if you ask specific questions :)

Cheers,

Simon

[Mhidi Bousselham]

Hello,

Thank you psiinon,

As you can see in my simple proxy code, there is a print function that it doesn’t works , 

All what I can see is the magical error messages x (N times)  "message body failed: Invalid JSON: <json>:1:0 Expected json literal but found eof".

[psiinon]

First things first, is the script enabled?

[Mhidi Bousselham]

Yes the script is enabled, 

I forgot to specify that I use OWASP ZAP 2.11.1 in MAC OS.

[psiinon]

See the second button on your screenshot?

If you hover over it you will see "Disable clear output script panel on run".

Deselect it.

That option clears the output panel everytime a script runs. The fact that you are getting those other messages means that you have other scripts enabled .

I'm guessing your script _is_ writing to the output panel but then another passive script runs after it and clears the panel.

[Mhidi Bousselham]

I've create an empty session with only 1 proxy script from the proxy template (The script in screenshoot), also, I've disabled clear output script panel on run option. However, I still dont see the output of the print (print('proxyRequest called for url=' + msg.getRequestHeader().getURI().toString()); ) 

 

[thc...@gmail.com]

The Proxy scripts are not executed for active scan requests, if you want
for those you need to use a HTTP Sender script.

Best regards.

[Mhidi Bousselham]

Thank you so much  for your response , that was exactly the reason.

That works perfectly with HTTP Sender :)