Previous Active Scans
72 views
Skip to first unread message
Yunus Emre A.
Dec 13, 2021, 5:47:08 AM12/13/21
to OWASP ZAP User Group
Hi everyone, I'm using OWASP ZAP since a few days now and this is my first time asking a question here :)
I would like to know, is it possible to get the results of previous scans? I have a session file with around 900mb, made over 400k requests, but I stopped the scan, because it was taking so long. After closing ZAP, I sadly lost the results. In that regard, is it possible to receive these results?
Thanks in advance!
Simon Bennetts
Dec 13, 2021, 5:49:00 AM12/13/21
to OWASP ZAP User Group
Remember that pop-up asking if you wanted to persist the ZAP session (assuming you were using the ZAP desktop)?
If you persisted it then you, you will be able to open it again.
If you didnt then sorry but no.
Cheers,
Simon
Yunus Emre A.
Dec 13, 2021, 5:54:52 AM12/13/21
to OWASP ZAP User Group
Yep, using ZAP desktop. The session is indeed persisted. I don't see how I can get the results, is there an option for this?
If I do another active scan, the first id is 460000 something something, so I assume the previous results are somewhere?
If I do another active scan, the first id is 460000 something something, so I assume the previous results are somewhere?
I would like to know if I can access those 460000 requests/responses somehow :)
Cheers
Simon Bennetts
Dec 13, 2021, 9:48:47 AM12/13/21
to OWASP ZAP User Group
Ah good, we should be able to recover your session then.
ZAP sessions are actually HSQLDB databases, which are a series of files.
The key file that we expose in ZAP ends in ".session".
You need to find and open that file in ZAP, via the "File / Open Session..." menu item (or the toolbar button;).
Hopefully the dialog will open with the right directory and you will see the session file - it will either be date stamped or use the name you gave.
Cheers,
Simon
Yunus Emre A.
Dec 14, 2021, 5:24:57 AM12/14/21
to OWASP ZAP User Group
First, I want to thank you for your help. Appreciate it!
After opening the session file, the results of the scan are sadly not shown anywhere...
Is ZAP able to show the result of the scan (requests/responses) or do I have to open the session with HSQLDB to see the results of the scan?
Cheers
Cheers
Simon Bennetts
Dec 14, 2021, 5:28:31 AM12/14/21
to OWASP ZAP User Group
ZAP is able to show the results.
You can double check this easily enough:
Start a new ZAP session which you persist, scan a test site, close ZAP, re-open it and re-open the session, the alerts will all be there.
Cheers,
Simon
Yunus Emre A.
Dec 14, 2021, 6:31:02 AM12/14/21
to OWASP ZAP User Group
Ah yes, the alerts are there!
I assume the requests and the response during the scan are lost?
Cheers
Cheers
Reply all
Reply to author
Forward
0 new messages