ZAP owasp/zap2docker-stable X11 error
18 views
Skip to first unread message
Andrew Perry
Jan 16, 2023, 12:19:52 AM1/16/23
to OWASP ZAP Developer Group
Hi there all,
Background:
I've been trying to run a ZAP scan using the docker build and cannot for the life of me work out why it keeps stopping with no results.
I've been trying to run a ZAP scan using the docker build and cannot for the life of me work out why it keeps stopping with no results.
The last error in the zap.log shows the following:
java.awt.AWTError: Can't connect to X11 window server using ':1.0' as the value of the DISPLAY variable.
I am basically jus trying to get any scan to work at this stage, with the following command:
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-full-scan.py -t https://example.com -P 8080 -c zap-casa-config.conf -x results-full.xml -n default.context
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-full-scan.py -t https://example.com -P 8080 -c zap-casa-config.conf -x results-full.xml -n default.context
Why would it be trying to connect to an X11 window server?
Thanks,
Andrew.
psiinon
Jan 16, 2023, 4:53:37 AM1/16/23
to OWASP ZAP Developer Group
Hi Andrew,
This is a warning message that can be ignored.
The ZAP Ajax Spider and DOM XSS active scan rule use selenium to launch browsers.
A while ago we were only able to launch browsers with GUIs so we used Xvfb to allow us to use these browsers in a headless environment.
By default we now use headless browsers so Xvfb is not required.
However we have not removed it yet because its not broken and we have too many other things to do ;)
Cheers,
Simon
Andrew Perry
Jan 16, 2023, 4:58:19 AM1/16/23
to zaproxy...@googlegroups.com
Interesting. It shows as ERROR and the container stops right after that error, with no scan results.
I’ve gone thru all the docs and cannot seem to workout what’s going wrong after that point since there are no more logs.
I’ve used curl to ensure I can hit the endpoints from docker, tried different hosts, but can’t seem to get any ZAP results to output.
Is there any other logs to check, apart from /home/zap/.ZAP/zap.log?
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/bQp3k3MEgOE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/688618cf-ab35-4e65-8be6-c48a6efb6c1en%40googlegroups.com.
Regards,
Andrew Perry
Staff Product Security Engineer - APAC
psiinon
Jan 16, 2023, 5:18:26 AM1/16/23
to OWASP ZAP Developer Group
Have a look at https://www.zaproxy.org/docs/docker/diagnosing-problems/ and let us know how you get on.
Cheers,
Simon
Andrew Perry
Jan 19, 2023, 1:11:08 AM1/19/23
to OWASP ZAP Developer Group
Thanks Simon,
Looks like the issue was the context file was not configured correctly, so I have managed to get scans working now.
I posted a different request in the community, as I am having trouble configuring Authentication.
Thanks,
Andrew.
Reply all
Reply to author
Forward
0 new messages