OWASP ZAP

[Rashmi Athavale]

Hello,

I am writing a program on Windows using the OWASP ZAP API to automate the process of running ZAP against a target URL. So far, I was able to successfully start the application using the zap.bat file and the arguments -daemon -config api.disablekey=true. Starting the application, ZAP is able to listen on localhost:8080. I also created the ClientAPi object passing in these parameters:

ClientApi zaproxy = new ClientApi("127.0.0.1", 8080, null);

I am now trying to set the context using the includeInContext(string contextname, string regex) method from the Context class but am getting an error:

System.Exception: 'System.Xml.XmlException: Root element is missing.

   at System.Xml.XmlTextReaderImpl.Throw(Exception e)

   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

   at System.Xml.XmlTextReaderImpl.Read()

   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

   at System.Xml.XmlDocument.Load(XmlReader reader)

   at System.Xml.XmlDocument.LoadXml(String xml)

   at OWASPZAPDotNetAPI.ClientApi.CallApiRaw(String component, String operationType, String operationName, Dictionary`2 parameters)

   at OWASPZAPDotNetAPI.ClientApi.CallApi(String component, String operationType, String operationName, Dictionary`2 parameters)

   at OWASPZAPDotNetAPI.Generated.Context.includeInContext(String contextname, String regex)

However, when I start up the ZAP GUI in the background and then run the daemon and set the context, it seems to work. Can someone please let me know how to resolve the above error? Thanks!

[psiinon]

As per https://stackoverflow.com/questions/68010741/owasp-zap-api-root-element-is-missing-error :

Have a look at https://www.zaproxy.org/docs/automate/ - this lists the ways you can automate ZAP.

I suspect one of the packaged scans could be easier for you to use.