Zap is working with localhost:8080 but not working with IP:8080 OR MachineName:8080

[jagadeesh...@gmail.com]

Hi All,

we wanted to install ZAP on one of our server, want to configure that proxy URL in QC team members machines to monitor scan results in a one place, instead if installing in multiple machines.

But ZAP proxy URL is browsing with localhost:9099 and not browsing with IP:9099, Host(Server Name):9099 , at the same time I am able to browse another apps which are hosted in IIS on the same server. Due to that I am unable to configure proxy in QC members machines.

Can anyone help on this.

 

Thanks in Advance,

Jagadeesh B. 

[kingthorin+owaspzap]

How do you have the Local Proxy settings set?

https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsLocalproxy

[jagadeesh...@gmail.com]

Thanks kingthorin for given response, But I did same while setup proxy. But I am looking for the information Why my proxy is opening with localhost:8080 and why it is not opening with IP:8080. Please help me on this what went wrong in my machine or in configuration.   

[kingthorin+owaspzap]

Well localhost:8080 is the default. Unless you configure it otherwise. So if (like I asked earlier) you could tell us how you've configured it, then we might be able to help.....

Also please don't reply directly, it prevents others in the community from helping and learning.

[thc...@gmail.com]

If you are trying to access the ZAP API you might need to give
additional permissions:
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsApi#addresses-permitted-to-use-the-api

Best regards.

[kingthorin+owaspzap]

Ya it you could be more specific than "not working" that'd really help.

[jagadeesh...@gmail.com]

Thanks kingthorin,

I have configured proxy through falling options Tools -> Options -> Local Proxies -> Local Proxy,
After that I browsed localhost:9099 and I am able to see the response with “Welcome to the OWASP Zed Attack Proxy (ZAP)…..”

Similarly, I tried with IP:9099 but I got “This site can’t be reached” and same result with host also. But i am able to browse other app which are configured in IIS with ip and host as well.

I have attached the screenshots, Can you please check and let me know if anything require.

[thc...@gmail.com]

Hi.

From the error it looks like the address is not permitted.

Which addresses are allowed to access the API (in Options > API)?

Best regards.

[jagadeesh...@gmail.com]

Hi,

i have attached addresses permitted section and i tired to add my ip and host also but still having the same problem.

Can you please check attached screenshot and help me on this.

Thanks,

Jagadeesh B. 

[kingthorin+owaspzap]

You've only configured ZAP to listen on localhost (that's the default). If you want to access it via another IP (network interface) you have to set it to "listen" on that IP either by changing the main proxy setting from localhost to the relevant local IP, or adding another proxy with those details, or by setting 0.0.0.0 (all interfaces).

[kingthorin+owaspzap]

As thc202 pointed out, if you expect to access ZAP from a non-loopback (system local) perspective, youll have to "allow" that other system (source) access.

Keep in mind that if you expose ZAP on a non-local interface then it'll be visible (and potentially usable) to other systems/users that can communicate on that same network (interface).