Socket Timeout on Authentication
49 views
Skip to first unread message
Charles Williams
Mar 31, 2022, 11:47:54 AM3/31/22
to OWASP ZAP User Group
Hi ZAP Team,
I'm running my ZAP via the Automation Framework, and I'm trying to make an authenticated scan work on one of my apps running in a docker container. I've gone through the Diagnosing Docker page and everything checks out, but I'm running into an error during the authentication process. I'm using script based authentication to reach the login page, send a POST request to the app, then get redirected to the home page. However, on my POST requests, I get the following error:
java.lang.RuntimeException: java.net.SocketTimeoutException: Read timed out
I've confirmed that my service is up and running and that ZAP can communicate with it, and I've ensured that the script format matches the requests sent when I test locally. Could this be something that I need to configure ZAP differently to resolve, or is this not an issue with ZAP?
Thank you!
Charles Williams
Apr 4, 2022, 3:35:02 PM4/4/22
to OWASP ZAP User Group
Are there any updates on this? It would be helpful to know if this is an issue on ZAP's side or my networking, and I'll gladly provide more info as needed.
thc...@gmail.com
Apr 5, 2022, 3:08:38 AM4/5/22
to zaprox...@googlegroups.com
Hi.
That seems to be a side effect, I'd guess incorrect Content-Length value.
Could you provide an excerpt of how are you setting up and sending your
POST request?
Best regards.
On 04/04/2022 20:35, Charles Williams wrote:
> Are there any updates on this? It would be helpful to know if this is an
> issue on ZAP's side or my networking, and I'll gladly provide more info as
> needed.
>
> On Thursday, March 31, 2022 at 11:47:54 AM UTC-4 Charles Williams wrote:
>
>> Hi ZAP Team,
>>
>> I'm running my ZAP via the Automation Framework, and I'm trying to make an
>> authenticated scan work on one of my apps running in a docker container.
>> I've gone through the Diagnosing Docker page and everything checks out, but
>> I'm running into an error during the authentication process. I'm using
>> script based authentication to reach the login page, send a POST request to
>> the app, then get redirected to the home page. However, on my POST
>> requests, I get the following error:
>>
>>
>> *java.lang.RuntimeException: java.net.SocketTimeoutException: Read timed
>> out*
That seems to be a side effect, I'd guess incorrect Content-Length value.
Could you provide an excerpt of how are you setting up and sending your
POST request?
Best regards.
On 04/04/2022 20:35, Charles Williams wrote:
> Are there any updates on this? It would be helpful to know if this is an
> issue on ZAP's side or my networking, and I'll gladly provide more info as
> needed.
>
> On Thursday, March 31, 2022 at 11:47:54 AM UTC-4 Charles Williams wrote:
>
>> Hi ZAP Team,
>>
>> I'm running my ZAP via the Automation Framework, and I'm trying to make an
>> authenticated scan work on one of my apps running in a docker container.
>> I've gone through the Diagnosing Docker page and everything checks out, but
>> I'm running into an error during the authentication process. I'm using
>> script based authentication to reach the login page, send a POST request to
>> the app, then get redirected to the home page. However, on my POST
>> requests, I get the following error:
>>
>>
>> out*
Charles Williams
Apr 5, 2022, 8:00:37 AM4/5/22
to OWASP ZAP User Group
Thank you for your response - after some more digging I found out that it was a timeout on my GET request that occurred right after my POST request (I had follow redirection on by mistake so my log wasn't showing the correct link). Regardless, here is how I've prepared my requests to send (and this has worked for other GET requests prior to this one). This is from a method that gets passed the URL to send the request to, the List<HttpCookie> of cookies as per what has been received before (and what cookies are being sent when I run locally), as well as the AuthenticationHelper:
var requestUri = new URI(decodeURIComponent(url), false);
var requestMethod = HttpRequestHeader.GET;
// Build the GET request header
var requestHeader = new HttpRequestHeader(requestMethod, requestUri, HttpHeader.HTTP11);
// Build the GET request message
var msg = helper.prepareMessage();
msg.setRequestHeader(requestHeader);
msg.getRequestHeader().setCookies(cookies);
msg.getRequestHeader().setContentLength(msg.getRequestBody().length());
helper.sendAndReceive(msg, false);
var requestMethod = HttpRequestHeader.GET;
// Build the GET request header
var requestHeader = new HttpRequestHeader(requestMethod, requestUri, HttpHeader.HTTP11);
// Build the GET request message
var msg = helper.prepareMessage();
msg.setRequestHeader(requestHeader);
msg.getRequestHeader().setCookies(cookies);
msg.getRequestHeader().setContentLength(msg.getRequestBody().length());
helper.sendAndReceive(msg, false);
Let me know if I can provide anything else!
Reply all
Reply to author
Forward
0 new messages