Proxy Disclosure Issue
113 views
Skip to first unread message
rauf shaikh
Sep 29, 2023, 12:11:04 PM9/29/23
to ZAP User Group
I m scanning my app and i m getting the Proxy Disclosure issue on almost all the urls present on the application . As per the zap documentation i have added the solution also but still it is triggering the proxy disclosure issue .
So as per the solution i have disabled the TRACE & OPTIONS method and also removed the Server and X-Powered-By' from HTTP response headers .
Can anyone please let me know if i m missing something
So as per the solution i have disabled the TRACE & OPTIONS method and also removed the Server and X-Powered-By' from HTTP response headers .
Can anyone please let me know if i m missing something
Simon Bennetts
Oct 2, 2023, 3:08:02 AM10/2/23
to ZAP User Group
Can you share the details of the issue?
They should give more information.
Cheers,
Simon
rauf shaikh
Oct 3, 2023, 3:18:02 AM10/3/23
to ZAP User Group
Please check attached screenshots
kingthorin+zap
Oct 3, 2023, 11:19:45 AM10/3/23
to ZAP User Group
You can see the exact behaviour of the rule here: https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/ProxyDisclosureScanRule.java
Based on the details you provided if you use the TRACK method and purposefully set max-forwards and iterate at some point the details deviate which indicates a proxy or other intermediate device. (There's a chance that it's something outside ofyour control.)
Reply all
Reply to author
Forward
0 new messages