ERROR AttackThread - Maximum redirects (100) exceeded
198 views
Skip to first unread message
Andy Cogswell
Sep 26, 2019, 11:14:21 AM9/26/19
to OWASP ZAP User Group
I have been setting up a OWASP box in one of my AWS VPCs. I have set up SSL certificates and can use manual explore to crawl through the web page I am testing. Whenever I try to run an automated scan I get a "Failed to Attack the URL: Maximum redirects (100) exceeded"
My zap.log shows
2019-09-26 14:23:02,552 [ZAP-QuickStart-AttackThread] ERROR AttackThread - Maximum redirects (100) exceeded
org.apache.commons.httpclient.RedirectException: Maximum redirects (100) exceeded
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:214)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:398)
at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:633)
at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:589)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:565)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:553)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:458)
at org.zaproxy.zap.extension.quickstart.AttackThread.accessNode(AttackThread.java:237)
at org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:86)
org.apache.commons.httpclient.RedirectException: Maximum redirects (100) exceeded
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:214)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:398)
at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:633)
at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:589)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:565)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:553)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:458)
at org.zaproxy.zap.extension.quickstart.AttackThread.accessNode(AttackThread.java:237)
at org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:86)
I can't seem to find another request somewhere with this issue. Any advice would be greatly appreciated.
thc...@gmail.com
Sep 26, 2019, 11:37:47 AM9/26/19
to zaprox...@googlegroups.com
Hi.
It seems the server is always redirecting (the request following the
redirect might be missing a cookie or something).
You should try access it manually (e.g. browser, Manual Request Editor)
to try see what the problem is.
Best regards.
It seems the server is always redirecting (the request following the
redirect might be missing a cookie or something).
You should try access it manually (e.g. browser, Manual Request Editor)
to try see what the problem is.
Best regards.
Andy Cogswell
Sep 26, 2019, 12:29:19 PM9/26/19
to OWASP ZAP User Group
So I am able to do a manual explore with a Firefox browser. The problem is only tied to trying to run an automated scan.
thc...@gmail.com
Sep 27, 2019, 5:00:16 AM9/27/19
to zaprox...@googlegroups.com
What's the difference? Does the request have cookies? Did you try
sending the request directly from ZAP with Manual Request Editor?
Best regards.
sending the request directly from ZAP with Manual Request Editor?
Best regards.
Reply all
Reply to author
Forward
0 new messages