Websocket add-on closing websocket connection
194 views
Skip to first unread message
George Coleman
Jul 4, 2018, 11:36:13 AM7/4/18
to OWASP ZAP User Group
Hi,
It seems that the 'websocket' add-on closes the websocket connection made from my application. As i want to keep this websocket connection alive, does anyone know how to stop this from happening?
Thank you,
George
thc...@gmail.com
Jul 5, 2018, 4:09:11 AM7/5/18
to zaprox...@googlegroups.com
Hi.
ZAP (by default) does not close the WebSocket connections by itself,
only if one of the endpoints (client or server) closes them.
When does that happen? Are you able to see the WebSocket traffic in ZAP
and then it's closed?
Best regards.
ZAP (by default) does not close the WebSocket connections by itself,
only if one of the endpoints (client or server) closes them.
When does that happen? Are you able to see the WebSocket traffic in ZAP
and then it's closed?
Best regards.
George Coleman
Jul 5, 2018, 10:48:55 AM7/5/18
to OWASP ZAP User Group
Hi,
Thank you for responding, after further investigation it appears that this is actually a different issue.
In that the websocket add on is failing to update and then uninstalling itself..
I run ZAP via the command line, in daemon mode.
My command to run ZAP looks like the following:
zap.bat -daemon -addonupdate -newsession C:/ZAP_TEST/session_1530793974 -host 127.0.0.1 -port 8081 -config api.disablekey=true
zap.bat -daemon -addonupdate -newsession C:/ZAP_TEST/session_1530793974 -host 127.0.0.1 -port 8081 -config api.disablekey=true
This results in the following error:
26782 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnInstaller - An error occurred while uninstalling the extension "ExtensionWebSocket" bundled in the add-on "websocket":
java.lang.NullPointerException
at org.zaproxy.zap.extension.brk.ExtensionBreak.removeBreakpointsUiManager(ExtensionBreak.java:235)
at org.zaproxy.zap.extension.websocket.ExtensionWebSocket.unload(ExtensionWebSocket.java:399)
at org.zaproxy.zap.control.AddOnInstaller.uninstallAddOnExtension(AddOnInstaller.java:244)
at org.zaproxy.zap.control.AddOnInstaller.uninstallAddOnExtensions(AddOnInstaller.java:219)
at org.zaproxy.zap.control.AddOnInstaller.uninstall(AddOnInstaller.java:133)
at org.zaproxy.zap.control.AddOnLoader.removeAddOnImpl(AddOnLoader.java:555)
at org.zaproxy.zap.control.AddOnLoader.removeAddOn(AddOnLoader.java:511)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.uninstall(ExtensionAutoUpdate.java:1070)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.uninstallAddOns(ExtensionAutoUpdate.java:1438)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.uninstallAddOn(ExtensionAutoUpdate.java:1424)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.install(ExtensionAutoUpdate.java:1041)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.installNewExtensions(ExtensionAutoUpdate.java:499)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.waitAndInstallDownloads(ExtensionAutoUpdate.java:1809)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.execute(ExtensionAutoUpdate.java:1708)
at org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:444)
at org.parosproxy.paros.control.Control.runCommandLine(Control.java:324)
at org.zaproxy.zap.DaemonBootstrap$1.run(DaemonBootstrap.java:88)
at java.lang.Thread.run(Unknown Source)
26782 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - It's recommended to restart ZAP. Not all add-ons were successfully uninstalled: [[id=websocket, version=14.0.0]]
26797 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Installing new addon jxbrowserlinux64 v7.0.0
26813 [ZAP-daemon] ERROR org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate -
java.lang.NullPointerException
at org.zaproxy.zap.control.AddOnLoader.checkAndLoadDependentExtensions(AddOnLoader.java:479)
at org.zaproxy.zap.control.AddOnLoader.addAddOnImpl(AddOnLoader.java:410)
at org.zaproxy.zap.control.AddOnLoader.addAddon(AddOnLoader.java:374)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.install(ExtensionAutoUpdate.java:1053)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.installNewExtensions(ExtensionAutoUpdate.java:499)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.waitAndInstallDownloads(ExtensionAutoUpdate.java:1809)
at org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate.execute(ExtensionAutoUpdate.java:1708)
at org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:444)
at org.parosproxy.paros.control.Control.runCommandLine(Control.java:324)
at org.zaproxy.zap.DaemonBootstrap$1.run(DaemonBootstrap.java:88)
at java.lang.Thread.run(Unknown Source)
George Coleman
Jul 5, 2018, 11:45:11 AM7/5/18
to OWASP ZAP User Group
I have come up with a work around for the issue:
- Start ZAP with -addonupdate - to update other add ons.
- Start ZAP with -addonupdate - to update other add ons.
- Start ZAP and install WS add on - This requires a restart for the installed add on to take affect.
- Start ZAP again, and now ZAP should have ws version 16 installed.
thc...@gmail.com
Jul 5, 2018, 1:50:06 PM7/5/18
to zaprox...@googlegroups.com
Thanks for the details, an issue has been raised:
https://github.com/zaproxy/zaproxy/issues/4815
Best regards.
https://github.com/zaproxy/zaproxy/issues/4815
Best regards.
George Coleman
Jul 6, 2018, 4:13:32 AM7/6/18
to OWASP ZAP User Group
If it helps, the environment was OWASP ZAP 2.7.0 Crossplatform zip, running on Windows 2008 Server R2 running Java JRE 1.8.0_92
Reply all
Reply to author
Forward
0 new messages