Error on ZAP startup
60 views
Skip to first unread message
Mayank Kashyap
Jan 21, 2025, 5:11:11 AM1/21/25
to ZAP User Group
Hi People,
I had been using ZAP to scan my backend web application.
Initially, it was working fine. But for some days, it is giving me errors on startup.
Details below.
Command to start:
./ZAP_D-2024-07-15/zap.sh -host localhost -port 8068 -daemon -dir ./zap_dir -addonupdate -addoninstall pscanrulesBeta -addoninstall domxss -addoninstall pscanrulesAlpha -addoninstall pscanrules &
Curl to generate html report:
curl -s http://localhost:8068/OTHER/core/other/htmlreport/ -o "./zap_report.html"
Curl to shutdown zap server:
Errors on startup:
6628 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
6636 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule.<clinit>(CorsScanRule.java:52) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
6636 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.CorsScanRule.<clinit>(CorsScanRule.java:52) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
....
....
....
....
6651 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.random(RelativePathConfusionScanRule.java:170) ~[?:?]
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.<clinit>(RelativePathConfusionScanRule.java:167) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.random(RelativePathConfusionScanRule.java:170) ~[?:?]
at org.zaproxy.zap.extension.ascanrulesBeta.RelativePathConfusionScanRule.<clinit>(RelativePathConfusionScanRule.java:167) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
....
....
....
....
6657 [ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoaderUtils - Failed to initialise: org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureFileInclusionScanRule
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureFileInclusionScanRule.<clinit>(SourceCodeDisclosureFileInclusionScanRule.java:54) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
java.lang.NoSuchMethodError: 'org.apache.commons.lang3.RandomStringUtils org.apache.commons.lang3.RandomStringUtils.secure()'
at org.zaproxy.zap.extension.ascanrulesBeta.SourceCodeDisclosureFileInclusionScanRule.<clinit>(SourceCodeDisclosureFileInclusionScanRule.java:54) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
...
...
...
and some more similar errors.
Error on running any curl command:
28130 [ZAP-IO-2-1] ERROR org.zaproxy.addon.network.internal.handlers.ServerExceptionHandler - java.lang.NoSuchMethodError: 'void org.parosproxy.paros.network.HttpRequestHeader.setLocalAddress(java.net.InetSocketAddress)'
java.lang.NoSuchMethodError: 'void org.parosproxy.paros.network.HttpRequestHeader.setLocalAddress(java.net.InetSocketAddress)'
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:68) ~[network-beta-0.20.0.zap:?]
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:39) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[network-beta-0.20.0.zap:?]
java.lang.NoSuchMethodError: 'void org.parosproxy.paros.network.HttpRequestHeader.setLocalAddress(java.net.InetSocketAddress)'
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:68) ~[network-beta-0.20.0.zap:?]
at org.zaproxy.addon.network.internal.handlers.CommonMessagePropertiesHandler.channelRead0(CommonMessagePropertiesHandler.java:39) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[network-beta-0.20.0.zap:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[network-beta-0.20.0.zap:?]
..
...
...
..
Can anybody help me with this?
thc202
Jan 21, 2025, 5:17:16 AM1/21/25
to zaprox...@googlegroups.com
Hi,
Use a more recent weekly or 2.16.
There are no guarantees that old weeklies will keep working correctly
with up-to-date add-ons since the weekly does not enforce/check what
minimum version the add-ons need/require.
Best regards.
On 21/01/2025 10:09, Mayank Kashyap wrote:
> Hi People,
>
> I had been using ZAP to scan my backend web application.
> Initially, it was working fine. But for some days, it is giving me errors
> on startup.
>
> Details below.
>
> *Command to start:*
> *Curl to shutdown zap server:*
> *Errors on startup:*
> *Error on running any curl command:*
Use a more recent weekly or 2.16.
There are no guarantees that old weeklies will keep working correctly
with up-to-date add-ons since the weekly does not enforce/check what
minimum version the add-ons need/require.
Best regards.
On 21/01/2025 10:09, Mayank Kashyap wrote:
> Hi People,
>
> I had been using ZAP to scan my backend web application.
> Initially, it was working fine. But for some days, it is giving me errors
> on startup.
>
> Details below.
>
> ./ZAP_D-2024-07-15/zap.sh -host localhost -port 8068 -daemon -dir ./zap_dir
> -addonupdate -addoninstall pscanrulesBeta -addoninstall domxss
> -addoninstall pscanrulesAlpha -addoninstall pscanrules &
>
> *Curl to generate html report:*
> -addonupdate -addoninstall pscanrulesBeta -addoninstall domxss
> -addoninstall pscanrulesAlpha -addoninstall pscanrules &
>
> *Curl to shutdown zap server:*
> *Errors on startup:*
Mayank Kashyap
Jan 21, 2025, 12:12:41 PM1/21/25
to ZAP User Group
Thanks @thc202.
With zap_2_16, I am not getting error on startup anymore.
But, below curls are not returning response as they were doing with the previous setup.
Curl to generate html report:
Any idea on this?
Mayank Kashyap
Jan 22, 2025, 8:01:59 AM1/22/25
to ZAP User Group
Hello all.
Can anyone confirm if below are still working with ZAP_2_16?
Curl to generate html report:
Regards,
Mayank K.
Simon Bennetts
Jan 22, 2025, 9:04:58 AM1/22/25
to ZAP User Group
Yes, they should work.
But the have beed n deprecated for a long time.
You should use "reports" instead.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages