How to install libraries for ZAP's Jython?
131 views
Skip to first unread message
Kenny Rizl
May 7, 2018, 4:04:41 AM5/7/18
to OWASP ZAP Scripts
I want to use urllib3 in my Jython proxy script. I installed the library to my system's Jython. but how do I do it ZAP's jython?
Kenny Rizl
May 7, 2018, 4:07:50 AM5/7/18
to OWASP ZAP Scripts
Also, I want to set this up without using the GUI. Either a cmdline option, or using the python API.
thc...@gmail.com
May 7, 2018, 4:10:24 AM5/7/18
to zaproxy...@googlegroups.com
Hi.
With Options > Jython > Additional Python modules path, or through the
command line with:
-config jython.modulepath=/path/to/MyLibraries
Best regards.
With Options > Jython > Additional Python modules path, or through the
command line with:
-config jython.modulepath=/path/to/MyLibraries
Best regards.
thc...@gmail.com
May 7, 2018, 4:18:36 AM5/7/18
to zaproxy...@googlegroups.com
I should note that it's probably better to send the (HTTP) messages
using the ZAP classes (i.e. HttpSender), as that will respect the ZAP
options (e.g. proxy settings, connection timeout) and use other
functionalities (e.g. HTTP Sender scripts, authentication).
Which type of the script are you using? (If it's an active scanner it
will already provide a class to easily send the messages.)
Best regards.
using the ZAP classes (i.e. HttpSender), as that will respect the ZAP
options (e.g. proxy settings, connection timeout) and use other
functionalities (e.g. HTTP Sender scripts, authentication).
Which type of the script are you using? (If it's an active scanner it
will already provide a class to easily send the messages.)
Best regards.
Kenny Rizl
May 7, 2018, 4:20:19 AM5/7/18
to OWASP ZAP Scripts
Hey, thanks for the reply. I downloaded the urllib3 module, And then I did this: With Options > Jython > Additional Python modules path,,
Then I restarted ZAP, but it gets stuck at 'INFO: Loading Jython engine...'.
Any Idea, what went wrong, and how to fix it? I am not able to access the GUI, as the loader screen is stuck.
Any Idea, what went wrong, and how to fix it? I am not able to access the GUI, as the loader screen is stuck.
Kenny Rizl
May 7, 2018, 4:25:41 AM5/7/18
to OWASP ZAP Scripts
I am using Jython for a Proxy script
thc...@gmail.com
May 7, 2018, 4:36:25 AM5/7/18
to zaproxy...@googlegroups.com
Which ZAP and Python scripting add-on version are you using? The UI
shouldn't be blocked with latest version of the add-on (the engine is
loaded asynchronously).
It might take a while to load depending on the path/libs specified. If
it doesn't move after some time it might be a deadlock. I'd suggest
trying with the weekly [1], otherwise try obtaining a thread dump. If
you are using Linux you can do that with:
kill -3 <zap-pid>
and the threads will be shown in the output (console).
[1] https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Best regards.
shouldn't be blocked with latest version of the add-on (the engine is
loaded asynchronously).
It might take a while to load depending on the path/libs specified. If
it doesn't move after some time it might be a deadlock. I'd suggest
trying with the weekly [1], otherwise try obtaining a thread dump. If
you are using Linux you can do that with:
kill -3 <zap-pid>
and the threads will be shown in the output (console).
[1] https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Best regards.
thc...@gmail.com
May 7, 2018, 5:12:29 AM5/7/18
to zaproxy...@googlegroups.com
OK, with that script type you can use the following to send the HTTP
messages with ZAP options:
from org.parosproxy.paros.network import HttpSender
from org.parosproxy.paros.network import HttpMessage
from org.parosproxy.paros.network import HttpRequestHeader
from org.parosproxy.paros.model import Model
sender =
HttpSender(Model.getSingleton().getOptionsParam().getConnectionParam(),
True, HttpSender.MANUAL_REQUEST_INITIATOR)
msg = HttpMessage(HttpRequestHeader("GET / HTTP/1.1\r\nHost:
example.com\r\n"))
sender.sendAndReceive(msg)
print msg.getResponseHeader()
print msg.getResponseBody()
For available methods/classes:
https://static.javadoc.io/org.zaproxy/zap/2.7.0/org/parosproxy/paros/network/HttpMessage.html
Best regards.
messages with ZAP options:
from org.parosproxy.paros.network import HttpSender
from org.parosproxy.paros.network import HttpMessage
from org.parosproxy.paros.network import HttpRequestHeader
from org.parosproxy.paros.model import Model
sender =
HttpSender(Model.getSingleton().getOptionsParam().getConnectionParam(),
True, HttpSender.MANUAL_REQUEST_INITIATOR)
msg = HttpMessage(HttpRequestHeader("GET / HTTP/1.1\r\nHost:
example.com\r\n"))
sender.sendAndReceive(msg)
print msg.getResponseHeader()
print msg.getResponseBody()
For available methods/classes:
https://static.javadoc.io/org.zaproxy/zap/2.7.0/org/parosproxy/paros/network/HttpMessage.html
Best regards.
Kenny Rizl
May 7, 2018, 7:10:16 AM5/7/18
to OWASP ZAP Scripts
Hi there!
I created a python virtual environment, used the GUI to add the venv's site- packages directory to add modules of Jython option.
I restarted ZAP, it got stuck at 'INFO: Loading Jython engine...'
My env:
ZAP: 2.7.0/ Weekly(D-2018-04-23
Java: 1.8.0_91
OS: ubuntu 16.10
Thread dump: https://pastebin.com/DJHPuqhA
thc...@gmail.com
May 7, 2018, 6:07:51 PM5/7/18
to zaproxy...@googlegroups.com
An issue has been raised to address that:
https://github.com/zaproxy/zaproxy/issues/4651
Thanks for the info!
Best regards.
https://github.com/zaproxy/zaproxy/issues/4651
Thanks for the info!
Best regards.
thc...@gmail.com
May 8, 2018, 5:49:28 AM5/8/18
to zaproxy...@googlegroups.com
FYI, the issue has been fixed and the new version of the add-on is
available in the marketplace. [1]
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons
Best regards.
available in the marketplace. [1]
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons
Best regards.
Reply all
Reply to author
Forward
0 new messages