HTTPS Bad Gateway
615 views
Skip to first unread message
David Campbell
Mar 14, 2018, 10:20:33 AM3/14/18
to OWASP ZAP User Group
My
company recently updated an internal site from http to https and a self
signed certificate. After this change, the ZAP tool stopped working.
Making
a request to the site results in a SocketException connnection reset
error and 502 Bad Gateway. Below is my system info and the full
response. I am wondering if anyone can give me tips on how to resolve
this issue.
C:\Program Files\OWASP\Zed Attack Proxy>java -Xmx512m -jar zap-2.7.0.jar -suppinfo
OWASP ZAP
Version: 2.7.0
Installed Add-ons: [[id=alertFilters, version=7.0.0], [id=ascanrules, version=31.0.0], [id=bruteforce, version=7.0.0], [id=coreLang, version=13.0.0], [id=diff, version=8.0.0], [id=directorylistv1, version=3.0.0], [id=fuzz, version=10.0.0], [id=gettingStarted, version=9.0.0], [id=help, version=8.0.0], [id=importurls, version=5.0.0], [id=invoke, version=9.0.0], [id=jxbrowser, version=8.0.0], [id=jxbrowserwindows, version=6.0.0], [id=onlineMenu, version=6.0.0], [id=pscanrules, version=22.0.0], [id=quickstart, version=23.0.0], [id=replacer, version=5.0.0], [id=reveal, version=2.0.0], [id=saverawmessage, version=4.0.0], [id=scripts, version=24.0.0], [id=selenium, version=13.0.0], [id=spiderAjax, version=21.0.0], [id=tips, version=6.0.0], [id=webdriverwindows, version=4.0.0], [id=websocket, version=15.0.0], [id=zest, version=27.0.0]]
Operating System: Windows 10
Java Version: Oracle Corporation 1.8.0_161
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_GB
ZAP Home Directory: C:\Users\dcampbell\OWASP ZAP\
Look and Feel: Metal (javax.swing.plaf.metal.MetalLookAndFeel)
HTTP/1.1 502 Bad Gateway
Content-Type: text/plain; charset=UTF-8
Content-Length: 1923
ZAP Error [java.net.SocketException]: Connection reset
Stack Trace:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.parosproxy.paros.network.SSLConnector.createSocket(SSLConnector.java:403)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:727)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:447)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:199)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:333)
at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:564)
at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:523)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:501)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:490)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:405)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:362)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:509)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:303)
at java.lang.Thread.run(Unknown Source)
Ailton Caetano
Mar 14, 2018, 10:54:09 AM3/14/18
to zaproxy-users
Do you have an upstream proxy configured inside ZAP? I've never had to make any change to ZAP because of self-signed certificates, but i've got a deal of upstream middle proxies that complained about the endpoint certificate.
Other than that, the log you sent is typical for situations where ZAP hasn't received a response for a request.
[]'s Ailton
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f83e85b7-c5cf-459d-afb5-889f8b536d24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Campbell
Mar 14, 2018, 4:43:54 PM3/14/18
to OWASP ZAP User Group
Hmm... OK. We don't have an upstream proxy according to our infrastructure team.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
thc...@gmail.com
Mar 14, 2018, 4:55:53 PM3/14/18
to zaprox...@googlegroups.com
Hi.
Do you know which TLS versions are supported/enabled in the server?
Maybe changing ZAP to just use the ones enabled might help. [1]
I'd also suggest checking the logs in the server as it might give hints
of why it doesn't like ZAP's handshake, hopefully.
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsConnection#security-protocols
Best regards.
On 14/03/18 20:43, David Campbell wrote:
> Hmm... OK. We don't have an upstream proxy according to our infrastructure
> team.
>
> On Wednesday, March 14, 2018 at 10:54:09 AM UTC-4, Ailton Caetano wrote:
>>
>> Do you have an upstream proxy configured inside ZAP? I've never had to
>> make any change to ZAP because of self-signed certificates, but i've got a
>> deal of upstream middle proxies that complained about the endpoint
>> certificate.
>>
>> Other than that, the log you sent is typical for situations where ZAP
>> hasn't received a response for a request.
>>
>>
>> []'s Ailton
>>
>> 2018-03-14 11:20 GMT-03:00 David Campbell <dcamp...@gmail.com
>> <javascript:>>:
>>> email to zaproxy-user...@googlegroups.com <javascript:>.
>>> .
Do you know which TLS versions are supported/enabled in the server?
Maybe changing ZAP to just use the ones enabled might help. [1]
I'd also suggest checking the logs in the server as it might give hints
of why it doesn't like ZAP's handshake, hopefully.
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsConnection#security-protocols
Best regards.
On 14/03/18 20:43, David Campbell wrote:
> Hmm... OK. We don't have an upstream proxy according to our infrastructure
> team.
>
> On Wednesday, March 14, 2018 at 10:54:09 AM UTC-4, Ailton Caetano wrote:
>>
>> Do you have an upstream proxy configured inside ZAP? I've never had to
>> make any change to ZAP because of self-signed certificates, but i've got a
>> deal of upstream middle proxies that complained about the endpoint
>> certificate.
>>
>> Other than that, the log you sent is typical for situations where ZAP
>> hasn't received a response for a request.
>>
>>
>> []'s Ailton
>>
>> 2018-03-14 11:20 GMT-03:00 David Campbell <dcamp...@gmail.com
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/zaproxy-users/f83e85b7-c5cf-459d-afb5-889f8b536d24%40googlegroups.com
>>> <https://groups.google.com/d/msgid/zaproxy-users/f83e85b7-c5cf-459d-afb5-889f8b536d24%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> https://groups.google.com/d/msgid/zaproxy-users/f83e85b7-c5cf-459d-afb5-889f8b536d24%40googlegroups.com
>>> .
Reply all
Reply to author
Forward
0 new messages