ZAP port
156 views
Skip to first unread message
Denis Putnam
May 4, 2023, 3:44:56 PM5/4/23
to OWASP ZAP User Group
Hi,
I have the zap application installed on my windows machine. The zap application uses port 8080.
In the zap_api_scan.py, is there is a listening port (the -p arg). Do I specify the 8080 there to get the code to communicate to my zap application? If not, how do I get the zap_api_scan.py to talk to my local zap application.
FYI, I am attempting to run the code outside of docker.
Any help will be greatly appreciated.
Sincerely,
Denis
Denis Putnam
May 4, 2023, 4:17:57 PM5/4/23
to OWASP ZAP User Group
Hi,
So I think the port is what code listens on.
There is a wait_for_zap_start() call that calls "version = zap.core.version" which throws the following exception:
2023-05-04 16:08:03,479 INFO 217.zap_api_controller.start_api_scan(): Using port 55233
2023-05-04 16:08:23,050 INFO wait_for_zap_start(): err=HTTPConnectionPool(host='localhost', port=55233): Max retries exceeded with url: http://zap/JSON/core/view/version/ (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x0000014F15864AC0>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it')))
2023-05-04 16:08:23,050 INFO wait_for_zap_start(): err=HTTPConnectionPool(host='localhost', port=55233): Max retries exceeded with url: http://zap/JSON/core/view/version/ (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x0000014F15864AC0>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it')))
I am suspecting that our firewall/proxies are preventing the connection to "
http://zap/JSON/core/view/version/".
Is there a way around this?
-Denis
Denis Putnam
May 4, 2023, 5:08:56 PM5/4/23
to OWASP ZAP User Group
I commented out the call to wait_for_zap_start() and added a time.sleep() instead. I think the call is just trying to get the version from zap.
Now I am having an issue with "zap_common.zap_tune(self.zap)". I think I will commented out the call.
...2023-05-04 17:01:14,255 INFO 217.zap_api_controller.start_api_scan(): Using port 8080
2023-05-04 17:01:56,232 ERROR 483.zap_api_controller.start_api_scan(): I/O error: + HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: http://zap/JSON/pscan/action/disableAllTags/?apikey= (Caused by ProxyError('Cannot connect to proxy.', RemoteDisconnected('Remote end closed connection without response')))
2023-05-04 17:01:56,232 ERROR 483.zap_api_controller.start_api_scan(): I/O error: + HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: http://zap/JSON/pscan/action/disableAllTags/?apikey= (Caused by ProxyError('Cannot connect to proxy.', RemoteDisconnected('Remote end closed connection without response')))
Simon Bennetts
May 5, 2023, 4:56:02 AM5/5/23
to OWASP ZAP User Group
Hi Denis,
The ZAP packaged scans run ZAP inside Docker.
You can interact with them via the ZAP API while they are running, but only if you set the right options: https://www.zaproxy.org/docs/docker/about/#accessing-the-api-from-outside-of-the-docker-container
We do not support connecting 2 ZAP instances together.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages