Hi People,
I had been using ZAP to scan my backend web application.
Initially, it was working fine. But for some days, it is giving me errors on startup.
Details below.
Command to start:
./ZAP_D-2024-07-15/zap.sh -host localhost -port 8068 -daemon -dir ./zap_dir -addonupdate -addoninstall pscanrulesBeta -addoninstall domxss -addoninstall pscanrulesAlpha -addoninstall pscanrules &
Curl to generate html report:
Curl to shutdown zap server:
Errors on startup:
6628 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
6636 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule.<clinit>(CorsScanRule.java:52) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
....
....
....
....
6651 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.random(RelativePathConfusionScanRule.java:170) ~[?:?]
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.<clinit>(RelativePathConfusionScanRule.java:167) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
....
....
....
....
6657 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureFileInclusionScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureFileInclusionScanRule.<clinit>(SourceCodeDisclosureFileInclusionScanRule.java:54) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
...
...
...
and some more similar errors.
Error on running any curl command:
28130 [ZAP-IO-2-1] ERROR org.zaproxy.addon.network.internal.handlers.ServerExceptionHandler - java.lang.NoSuchMethodError: 'void org.parosproxy.paros.network.HttpRequestHeader.setLocalAddress(java.net.InetSocketAddress)'
java.lang.NoSuchMethodError: 'void org.parosproxy.paros.network.HttpRequestHeader.setLocalAddress(java.net.InetSocketAddress)'
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:68) ~[network-beta-0.20.0.zap:?]
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:39) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[network-beta-0.20.0.zap:?]
..
...
...
..
Can anybody help me with this?