config file set ajax

43 views
Skip to first unread message

larry town

unread,
Aug 26, 2022, 2:34:15 AMAug 26
to OWASP ZAP Developer Group
Hi, is it possible to specify from the config file which browser to start the ajax scanner with? I don't have access to the gui and need to scan with Chrome.
Cheer

psiinon

unread,
Aug 26, 2022, 3:21:58 AMAug 26
to OWASP ZAP Developer Group

I'd also recommend looking at the Automation Framework - that allows you to control ZAP with one yaml file: https://www.zaproxy.org/docs/automate/automation-framework/

Cheers,

Simon

larry town

unread,
Aug 26, 2022, 4:17:32 AMAug 26
to OWASP ZAP Developer Group
Sorry but I don't understand step 4

         4.Set the option you want to know the key of

Once zap.sh -dir / test2 is started how do I set the option to find the desired key? in my case the ajax browser.
Cheers

thc...@gmail.com

unread,
Aug 26, 2022, 4:23:33 AMAug 26
to zaproxy...@googlegroups.com
Options > AJAX Spider > Choose the browser…

Best regards.

larry town

unread,
Aug 26, 2022, 4:26:05 AMAug 26
to OWASP ZAP Developer Group

the problem is that the program runs on server so not the classic gui

cheers, 
Larry

psiinon

unread,
Aug 26, 2022, 4:35:04 AMAug 26
to OWASP ZAP Developer Group
Its the same key wherever you run ZAP.
Do you not have a local box you can run ZAP on?

larry town

unread,
Aug 26, 2022, 5:11:58 AMAug 26
to OWASP ZAP Developer Group
ah ok do you want to open the zap gui and look for the key in there regarding the spider browser change? In case I run it later as soon as I have a chance to open the program and I update you.
Cheers

larry town

unread,
Aug 26, 2022, 7:44:37 AMAug 26
to OWASP ZAP Developer Group
I set up the browser with this command:

-config rules.browserid=chrome

it's correct command?

It should be fair. But from the logs it tells me that it is trying with firefox-headless. From what I read, despite having set chrome it asks for the firefox bin, do I have to add it?

36671 [ZAP-AjaxSpiderApi] INFO  org.zaproxy.zap.extension.spiderAjax.SpiderThread - Starting proxy...

36675 [ZAP-AjaxSpiderApi] INFO  org.zaproxy.zap.extension.spiderAjax.SpiderThread - Proxy started, listening at port [42163].

37304 [ZAP-AjaxSpiderApi] INFO  com.crawljax.core.plugin.Plugins - Loaded org.zaproxy.zap.extension.spiderAjax.SpiderThread$DummyPlugin@**** as a OnBrowserCreatedPlugin

37453 [ZAP-AjaxSpiderApi] WARN  org.zaproxy.zap.extension.spiderAjax.SpiderThread - Failed to start browser firefox-headless

com.google.inject.ProvisionException: Unable to provision, see the following errors:


1) [Guice/ErrorInCustomProvider]: WebDriverException: Cannot find firefox binary in PATH. Make sure firefox is installed. OS appears to be: LINUX

Build info: version: 'unknown', revision: 'unknown', time: 'unknown'

System info: host: 'ip-10-0-0-222', ip: '10.0.0.222', os.name: 'Linux', os.arch: 'amd64', os.version: '5.15.0-1011-aws', java.version: '1.8.0_342'

Driver info: driver.version: FirefoxDriver

  at ConfigurationModule.configure(ConfigurationModule.java:47)

      \_ installed by: CoreModule -> ConfigurationModule

  at CrawlerContext.<init>(CrawlerContext.java:33)

      \_ for 1st parameter

  at Crawler.<init>(Crawler.java:75)

      \_ for 1st parameter

  at CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)

      \_ for 3rd parameter

  while locating CrawlTaskConsumer


cheers,
Larry

psiinon

unread,
Aug 26, 2022, 7:49:39 AMAug 26
to OWASP ZAP Developer Group
Hiya Larry,

Thats the wrong key :)
The right parameter to use is:
  • -config ajaxSpider.browserId=chrome-headless
Cheers,

Simon

larry town

unread,
Aug 26, 2022, 11:33:27 AMAug 26
to OWASP ZAP Developer Group
thank you ! it works!

Cheers

psiinon

unread,
Aug 26, 2022, 11:37:11 AMAug 26
to OWASP ZAP Developer Group
Oh good!
Thanks for letting us know :)
Reply all
Reply to author
Forward
0 new messages