ZAP update error

1,112 views
Skip to first unread message

JLK

unread,
Feb 21, 2018, 1:51:57 PM2/21/18
to OWASP ZAP User Group
On Windows I'm seeing an update error when I check for ZAP updates in the marketplace.

There is a ZAP log that has:

2018-02-21 12:36:55,590 [ZAP-cfu] WARN  ExtensionAutoUpdate - Failed to check for updates using: https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZapVersions-2.7.xml
java.io.IOException
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.getRemoteConfigurationUrl(ExtensionAutoUpdate.java:808)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.access$900(ExtensionAutoUpdate.java:94)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate$8.run(ExtensionAutoUpdate.java:963)


I tried running ZAP "as administrator" in Windows in case local file permissions might be a problem, but still received the error when running with the elevated privileges.  I can pull the URL referenced in the logged WARN message and it seems to be valid XML.  

What to check next?

thc...@gmail.com

unread,
Feb 21, 2018, 2:03:35 PM2/21/18
to zaprox...@googlegroups.com
Do you need an outgoing proxy to access the Internet?

Is that the whole stack trace? Isn't there a cause?

Best regards.

JLK

unread,
Feb 21, 2018, 3:58:09 PM2/21/18
to OWASP ZAP User Group
No proxy needed - I pulled up the URL referenced with no problem from Chrome on the same system.  It does appear that the stack trace is truncated, but that is all there was for each similar WARN message in the log.  Is there an easy way to enable more verbose logging to that log?

Thanks

kingthorin+owaspzap

unread,
Feb 21, 2018, 4:10:34 PM2/21/18
to OWASP ZAP User Group
https://github.com/zaproxy/zaproxy/wiki/FAQlogging

thc...@gmail.com

unread,
Feb 21, 2018, 4:14:55 PM2/21/18
to zaprox...@googlegroups.com
I was expecting that to have a cause... Are you able to access the URL
from within ZAP? (e.g. Manual Request Editor)

Best regards.

JLK

unread,
Feb 21, 2018, 5:00:08 PM2/21/18
to OWASP ZAP User Group

No, I see a failure when accessing from ZAP.  Changing to DEBUG level and restarting ZAP produced no additional logging for these WARN messages, but I do get a lot of other additional logging.


Thanks.




thc...@gmail.com

unread,
Feb 21, 2018, 5:07:42 PM2/21/18
to zaprox...@googlegroups.com
That's caused by the Authorization header, do you know what's adding it?

Best regards.
> <https://lh3.googleusercontent.com/-Sw_HKr3Xtqw/Wo3rQg_A4sI/AAAAAAAABco/mmzBYpI_cqU9BuxjfcYMVR1c2yhJBpfdwCLcBGAs/s1600/zap-xml-error.png>
>
>
>>
>

JLK

unread,
Feb 21, 2018, 6:50:15 PM2/21/18
to OWASP ZAP User Group
I do now. :)  Someone added a Replacer rule to inject that header.  I think they were testing API calls.  I disabled the rule and then the update went OK.

Is this expected behavior, or should some rules/modules not be applied for internal housekeeping tasks like this?

Thanks a bunch!
Reply all
Reply to author
Forward
0 new messages