Using Firefox Proxy to ZAP in Nightwatch

140 views
Skip to first unread message

Leslie Carpenter

unread,
Jul 24, 2018, 12:09:43 PM7/24/18
to OWASP ZAP User Group
Hi,

I've written nightwatch tests that I'm trying to proxy through ZAP with Firefox and Edge browsers.  I can run the nightwatch tests through Chrome, Edge, and Firefox. I can manually run ZAP scans through each of these browsers.  I have the Chrome ZAP proxy working and running tests, but I'm unable to successfully set and run the Firefox or Edge proxy settings.

With an open instance of Zap UI, I launch the test.  The browser is attempting to connect with ZAP, but all i get is a long series of attempts of the browser to verify the ZAP certificate, I think.  The browser is running test, but I don't see the URLs in the ZAP UI.
 



Here is the setting that I am using in nightwatch.conf


"firefoxZap" : {
"launch_url" : "http://127.0.0.1",
"selenium_port" : 4444,
"selenium_host" : "127.0.0.1",
"silent": true,
"screenshots" : {
"enabled" : true,
"path" : "screenshots"
},
"desiredCapabilities": {
"browserName": "firefox",
"marionette": true,
"javascript-enabled": true,
"acceptSslCerts": true,
"acceptInsecureCerts" :true,
"proxy" : {
"proxyType" : "manual",
"httpProxy" : "127.0.0.1:8080"
}
}
},

Is there another setting I need to assign in the proxy element in the desiredCapabilities for the Firefox browser?

Thanks in advance!

Leslie Carpenter

Leslie Carpenter

unread,
Jul 24, 2018, 3:27:28 PM7/24/18
to OWASP ZAP User Group
I figured out the issue, but don't know how to resolve it.  When Firefox launches from nightwatch, the proxy is set correctly, but localhost and 127.0.0.1 are automatically listed in the "no proxy" property in Foxfire settings.  

There is a geckodriver property for the proxy object that allows one to set noproxy, and presumably I should be able to use this property to clear default settings, by passing an empty list, the but it's not working in nightwatch (java exception = 'java.base/java.util.ArrayList cannot be cast to java.base/java.lang.String',).  

I tried launching a pre-existing profile to run the tests through ZAP.  The browser opens, but the target url never displays (but noproxy setting is empty in the browser launched from nightwatch).

thc...@gmail.com

unread,
Jul 24, 2018, 4:05:10 PM7/24/18
to zaprox...@googlegroups.com
Based on the error it seems that it needs to be an empty string. Did you
try that?

Best regards.

Leslie Carpenter

unread,
Jul 24, 2018, 4:47:15 PM7/24/18
to OWASP ZAP User Group
Thanks for the response.

"proxy" : {
"proxyType" : "manual",
"httpProxy" : "127.0.0.1:8080",
"noProxy" : ""
}

Yes, I've tried an empty string and receive this error:  noProxy is not an array.

"proxy" : {
"proxyType" : "manual",
"httpProxy" : "127.0.0.1:8080",
"noProxy" : []
}  

An emtpy array creates the java.base/java.util.ArrayList cannot be cast to java.base/java.lang.String', error


"proxy" : {
"proxyType" : "manual",
"httpProxy" : "127.0.0.1:8080",
"noProxy" : [""]
}

An array of empty string creates this error:  'java.base/java.util.ArrayList cannot be cast to java.base/java.lang.String',

"proxy" : {
"proxyType" : "manual",
"httpProxy" : "127.0.0.1:8080",
"noProxy" : [[""]]
}

This one generates this error:  'noProxy item is not a string: [""]

I can get the pre-existing Nightwatch profile (with proxy settings) to launch from the Nightwatch script (using different code), but the target URL for the tests never opens (but without ZAP proxy it runs just fine):

So close, yet so far away.

Leslie Carpenter

unread,
Sep 25, 2018, 4:57:25 PM9/25/18
to OWASP ZAP User Group
This is fixed with latest release of selenium webdriver:  selenium-server-standalone-3.14.0.jar.  I can now launch a suite of Nightwatch tests and proxy through ZAP.

{
    "src_folders" : ["tests"],
    "output_folder" : "reports",
    "custom_commands_path" : "./lib/customCommands",
    "custom_assertions_path" : "./lib/customAssertions",
    "page_objects_path" : ["pages", "pages/myApp"],
    "globals_path" : "",
  
    "selenium" : {
      "start_process" : true,
      "server_path" : "./lib/drivers/selenium/selenium-server-standalone-3.14.0.jar",
      "log_path" : "logs",
      "port" : 4444,
      "cli_args" : {
        "webdriver.chrome.driver" : "./lib/drivers/chromedriver_2_41/chromedriver.exe",
        "webdriver.gecko.driver" : "./lib/drivers/geckodriver-v0.21.0-win64/geckodriver.exe",
        "webdriver.edge.driver" : "./lib/drivers/Edge16299/MicrosoftWebDriver.exe",
        "webdriver.ie.driver": "./lib/drivers/IEDriverServer_x64_3.13.0/IEDriverServer.exe",
        "ie.setProxyByServer":true
      }
    },
  
    "test_settings" : {
        "default" : {
          "launch_url" : "http://127.0.0.1:3355",
          "selenium_port"  : 4444,
          "selenium_host"  : "127.0.0.1",
          "silent": true,
          "screenshots" : {
            "enabled" : true,
            "on_failure" : true,
            "on_error" : true,
            "path" : "screenshots"
          }
        },

        "myAppFirefoxZap" : {
          "launch_url" : "http://127.0.0.1:3355/myApp/index.cfm",           
          "desiredCapabilities": {
            "browserName": "firefox",            
            "marionette": true,
            "javascript-enabled": true,
            "acceptSslCerts": true,
            "acceptInsecureCerts" :true,
            "proxy" : {
              "proxyType" : "manual",
              "httpProxy" : "127.0.0.1:8080",
              "noProxy" : [""]
            }     
          }
        }
      }
    }


kingthorin+owaspzap

unread,
Sep 25, 2018, 8:36:41 PM9/25/18
to OWASP ZAP User Group
Thanks for letting us know!

hauschu...@gmail.com

unread,
Sep 26, 2018, 3:12:51 AM9/26/18
to OWASP ZAP User Group
Awesome!
Reply all
Reply to author
Forward
0 new messages