---
env:
contexts:
- name: "Default Context"
urls:
includePaths: []
excludePaths: []
authentication:
parameters: {}
verification:
method: "response"
pollFrequency: 60
pollUnits: "requests"
sessionManagement:
method: "cookie"
parameters: {}
technology:
exclude: []
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
vars: {}
jobs:
- parameters:
scanOnlyInScope: true
enableTags: false
rules: []
name: "passiveScan-config"
type: "passiveScan-config"
- parameters:
wsdlFile: ""
name: "soap"
type: "soap"
- parameters:
context: "Default Context"
user: ""
maxDuration: 0
maxDepth: 0
maxChildren: 0
name: "spider"
type: "spider"
tests:
- onFail: "INFO"
statistic: "automation.spider.urls.added"
site: ""
operator: ">="
value: 100
name: "At least 100 URLs found"
type: "stats"
- parameters: {}
name: "passiveScan-wait"
type: "passiveScan-wait"
- parameters:
context: "Default Context"
user: ""
policy: ""
maxRuleDurationInMins: 0
maxScanDurationInMins: 0
policyDefinition:
defaultStrength: "medium"
defaultThreshold: "medium"
rules: []
name: "activeScan"
type: "activeScan"
- parameters:
template: "risk-confidence-html"
theme: "original"
reportDir: "C:\\Users\\p\\Desktop\\zap"
reportFile: ""
reportTitle: "ZAP Scanning Report"
reportDescription: ""
displayReport: true
risks:
- "info"
- "low"
- "medium"
- "high"
confidences:
- "falsepositive"
- "low"
- "medium"
- "high"
- "confirmed"
sections:
- "siteRiskCounts"
- "responseBody"
- "appendix"
- "alertTypes"
- "responseHeader"
- "alertTypeCounts"
- "riskConfidenceCounts"
- "alerts"
- "aboutThisReport"
- "contents"
- "requestBody"
- "reportDescription"
- "reportParameters"
- "requestHeader"
- "summaries"
name: "report"
type: "report"
I'm getting the following errors,
for TLS, is there any way to allow this through the framework? other than going to java.security file and changing those into legacy algorithms.
[ZAP-telemetry-start] ERROR ExtensionCallHome - Connect to
https://tel.zaproxy.org:443 [
tel.zaproxy.org/172.67.129.53,
tel.zaproxy.org/104.21.1.121] failed: connect timed out
is there any way to define proxy settings in the zap framework?
for the default full-scan framework, I'm getting the following error,
[ZAP-ActiveScanner-0] WARN DomXssScanRule - Skipping scanner, failed to start browser: Cannot find firefox binary in PATH. Make sure firefox is installed. OS appears to be: LINUX
Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: '', ip: '',
os.name: 'Linux', os.arch: 'amd64', os.version: '3.10.0-1160.81.1.0.1.el7.x86_64', java.version: '11.0.17'
Driver info: driver.version: FirefoxDriver
[ZAP-Scanner-0] INFO HostProcess - skipped plugin [failed to start or connect to the browser]
http://10.196.150.192 | DomXssScanRule in 0.046s with 0 message(s) sent and 0 alert(s) raised.
I'm using Linux through the cmd line and there's no graphical interface available. what should I do about this?
Thank you in advance.
Regards