Socket timeout and application crash when running ZAP Docker in EC2 instance

[bple...@gmail.com]

Hello,

I'm trying to create something like ZAP as a Service using the ZAP Docker and AWS.  My goal is to be able to provide the ZAP API to users within my organization.  I created an Ubuntu 16.04 instance in EC2 with the ZAP docker container.  I use PuTTY to access the instance via SSH from a Windows machine.  

I initiate ZAP by entering the following: 

docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -config api.addrs.addr.name=.* -config api.key=[apikey] -config api.addrs.addr.regex=true -daemon -port 8090 -host 0.0.0.0

I am able to access the ZAP over 8090 using the CNAME assigned to the instance without any problem (see attached screenshot).  I am able to make API calls, initiate scans, view results, etc.  However, after some time of normal use, errors are generated and eventually my session with the instance crashes with and PuTTY throws the "software caused connection abort" error.  Specifically, I am observing this error message over and over again:

116884 [ZAP-ProxyThread-24] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

116884 [ZAP-ProxyThread-23] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

753441 [ZAP-ProxyThread-28] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

1588039 [ZAP-ProxyThread-46] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

1588039 [ZAP-ProxyThread-45] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

1793592 [ZAP-ProxyThread-53] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

1793592 [ZAP-ProxyThread-52] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

I believe is due to the errors that I'm observing with ZAP.  I have my PuTTY session configuration for the instance to send TCP keepalives every 1 second.  Is there any way that I can prevent the application from crashing?  Additionally, is there any documentation on how to properly create ZAP as a Service using AWS and the ZAP docker?  Any advice is appreciated!

Thank you,

Brian

[thc...@gmail.com]

Hi.

What's the purpose of those connections? ZAP expects a request/message
when it receives a connection, that's why the warnings.

Which application is crashing? ZAP? If so, what you mean with crashing?
(OOME?)

There's currently no documentation for that.

Best regards.

On 20/06/17 15:30, bple...@gmail.com wrote:
> Hello,
>
> I'm trying to create something like ZAP as a Service using the ZAP Docker
> and AWS. My goal is to be able to provide the ZAP API to users within my
> organization. I created an Ubuntu 16.04 instance in EC2 with the ZAP
> docker container. I use PuTTY to access the instance via SSH from a
> Windows machine.
>
> I initiate ZAP by entering the following:
>

> *docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -config

> api.addrs.addr.name=.* -config api.key=[apikey] -config

> api.addrs.addr.regex=true -daemon -port 8090 -host 0.0.0.0*

[bple...@gmail.com]

After starting up ZAP, I access the API through a browser and make some API calls.  After some time, I'll receive the socket timeout message.  When you say that ZAP expects a request/message, do you mean that ZAP is simply looking for the machine making the connection to make an API call or HTTP request?  If a request is made, should the socket timeout message ever be shown?

After receiving several of the socket timeout messages in my ZAP log, my PuTTY session will end with the software caused connection abort message.  The ZAP API UI is then unreachable in a browser.  I have to open a new PuTTY session and restart ZAP.