REPOSITORY TAG IMAGE ID CREATED SIZE
owasp/zap2docker-weekly latest d72e4d51e5e7 5 days ago 2.02GB
owasp/zap2docker-stable latest 0cc5f9c64557 13 days ago 1.98GB
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Thread-489] FATAL ENGINE - /home/ec2-user/.ZAP/session/untitled1.data getFromFile failed 672584
org.hsqldb.HsqlException: IO error: RowInputBinary
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py -I -j -t https://login.app.holvi.com --hook=/zap/auth_hook.py -n /zap/wrk/Context_1.context
The context file looks like this:
<configuration>
<context>
<name>Context_1</name>
<desc/>
<inscope>true</inscope>
#<incregexes>https://holvi.com/api/auth-proxy/login/usernamepassword/.*</incregexes>
<incregexes>https://login.app.holvi.com/</incregexes>
<tech>
<include>Db</include>
<include>Db.CouchDB</include>
<include>Db.Firebird</include>
<include>Db.HypersonicSQL</include>
<include>Db.IBM DB2</include>
<include>Db.Microsoft Access</include>
<include>Db.Microsoft SQL Server</include>
<include>Db.MongoDB</include>
<include>Db.MySQL</include>
<include>Db.Oracle</include>
<include>Db.PostgreSQL</include>
<include>Db.SAP MaxDB</include>
<include>Db.SQLite</include>
<include>Db.Sybase</include>
<include>Language</include>
<include>Language.ASP</include>
<include>Language.C</include>
<include>Language.JSP/Servlet</include>
<include>Language.Java</include>
<include>Language.Java.Spring</include>
<include>Language.JavaScript</include>
<include>Language.PHP</include>
<include>Language.Python</include>
<include>Language.Ruby</include>
<include>Language.XML</include>
<include>OS</include>
<include>OS.Linux</include>
<include>OS.MacOS</include>
<include>OS.Windows</include>
<include>SCM</include>
<include>SCM.Git</include>
<include>SCM.SVN</include>
<include>WS</include>
<include>WS.Apache</include>
<include>WS.IIS</include>
<include>WS.Tomcat</include>
</tech>
<urlparser>
<class>org.zaproxy.zap.model.StandardParameterParser</class>
<config>{"kvps":"&","kvs":"=","struct":[]}</config>
</urlparser>
<postparser>
<class>org.zaproxy.zap.model.StandardParameterParser</class>
<config>{"kvps":"&","kvs":"=","struct":[]}</config>
</postparser>
<authentication>
<type>5</type>
<strategy>EACH_RESP</strategy>
<pollurl/>
<polldata/>
<pollheaders/>
<pollfreq>60</pollfreq>
<pollunits>REQUESTS</pollunits>
<loggedin>\Qid_token\E</loggedin>
<form>
<loginurl>https://holvi.com/api/auth-proxy/login/usernamepassword/</loginurl>
<loginbody>{"client_id":"yIO3banxfsiuQSMrVg7x2LoKAqYKazRV","fingerprint":"a40e2d5ceaf216f9b58853fadb768446","fingerprint_components":"{\"userAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36\",\"language\":\"en-GB\",\"colorDepth\":24,\"deviceMemory\":8,\"pixelRatio\":1,\"hardwareConcurrency\":8,\"screenResolution\":\"1920;1080\",\"availableScreenResolution\":\"1920;1055\",\"timezoneOffset\":-180,\"timezone\":\"Europe/Helsinki\",\"sessionStorage\":1,\"localStorage\":1,\"indexedDb\":1,\"openDatabase\":1,\"cpuClass\":\"unknown\",\"platform\":\"MacIntel\",\"doNotTrack\":\"unknown\",\"plugins\":[\"PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf\",\"Chrome PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf\",\"Chromium PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf\",\"Microsoft Edge PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf\",\"WebKit built-in PDF::Portable Document Format::application/pdf~pdf,text/pdf~pdf\"],\"webglVendorAndRenderer\":\"Google Inc. (Intel Inc.)~ANGLE (Intel Inc., Intel(R) Iris(TM) Plus Graphics 655, OpenGL 4.1)\",\"touchSupport\":\"0;false;false\",\"fonts\":\"Andale Mono;Arial;Arial Black;Arial Hebrew;Arial Narrow;Arial Rounded MT Bold;Arial Unicode MS;Comic Sans MS;Courier;Courier New;Geneva;Georgia;Helvetica;Helvetica Neue;Impact;LUCIDA GRANDE;Microsoft Sans Serif;Monaco;Palatino;Tahoma;Times;Times New Roman;Trebuchet MS;Verdana;Wingdings;Wingdings 2;Wingdings 3\",\"fontsFlash\":\"swf object not loaded\",\"audio\":\"124.04347657808103\",\"enumerateDevices\":\"id=;gid=3007fd31cff100a1d168ffd653caa925ea22600897ae852c2fa354da553637f3;audioinput;;id=;gid=a6d9bd323e3f57a4c5196c1bebae0671b520cf8dc9d20be0a91efb549db66c07;videoinput;;id=;gid=3007fd31cff100a1d168ffd653caa925ea22600897ae852c2fa354da553637f3;audiooutput;\"}","connection":"Username-Password-Authentication","email":"{%username%}","password":"{%password%}","grant_type":"password"}</loginbody>
<loginpageurl>https://login.app.holvi.com</loginpageurl>
</form>
</authentication>
<users>
<user>395;true;YXl1;5;YXl1c2hyZWVAaG9sdmkuY29t~SG9sdmkhIV8yMDIy~</user>
</users>
<forceduser>395</forceduser>
<session>
<type>0</type>
</session>
<authorization>
<type>0</type>
<basic>
<header/>
<body/>
<logic>AND</logic>
<code>-1</code>
</basic>
</authorization>
</context>
</configuration>
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/4c340135-1420-4d73-94f5-373773299f26n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/16f053b2-3fc8-466d-8b63-eb8bf8a09b8cn%40googlegroups.com.
I ran an active scan against the context in ZAP-GUI.
Authentication runs successfully at the start but the active scan becomes crazily slow and raises Forbidden (403) status.
Afterward, when I then try to log in manually from the web application I’m unable to authenticate, “Unable to authenticate. Please try again”.
Is this behavior normal during authentication scan??
Regards
Ayushree
Hi Simon,I ran an active scan against the context in ZAP-GUI.
Authentication runs successfully at the start but the active scan becomes crazily slow and raises Forbidden (403) status.
Afterward, when I then try to log in manually from the web application I’m unable to authenticate, “Unable to authenticate. Please try again”.
Is this behavior normal during authentication scan??
Regards
Ayushree
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8b4b3e37-4afd-4f29-b15a-8f1313231d80n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/948cc2d6-8ae3-4de1-ac90-24ca6f0fa984n%40googlegroups.com.