Remote access to ZAP in docker

[Slava Kuravsky]

Hello, this is my first try to run ZAP and have chosen the docker way. As I understood the port 8080 is used to interact with UI and 8090 is the proxy port. I tried to use ZAP remotely, but it didn't work.

These are the steps:

1) on server-a I am starting a container with webswing:

docker run -it  --name zap -v $(pwd):/zap/wrk/:rw -u zap -p 8080:8080 -p 8090:8090 owasp/zap2docker-stable zap-webswing.sh

2) from server B I am able to access the container under http://server-a:8080/zap and open UI

3) on server B I configure firefox to use proxy http://server-a:8090, then any connection via this proxy ends with "server not found"

Please tell me what I'm doing wrong?

Best regards

Slava

[Simon Bennetts]

Hiya Slava,

By default ZAP is not accessible externally.

See this FAQ: https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/

Cheers,

Simon

[Slava Kuravsky]

Hi Simon,

thank you for the answer. I have tried this options allowing all IPs for test purposes:

docker run -it -d --name zap -v $(pwd):/zap/wrk/:rw -u zap -p 8080:8080 -p 8090:8090 owasp/zap2docker-stable zap-webswing.sh -config api.key=12345 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

but it looks like it takes no effect on the UI. So I added the regex .* also manually to options -> API -> Addresses permitted to use the API -> add...

Also I tried to select the checkbox Options -> Local Proxies -> Behind NAT, but nothing of it helped.

Regards

Slava

[thc...@gmail.com]

Hi.

If you are trying to access the ZAP API use the zap domain (e.g.
http::/zap/) while proxying through that address/port instead.

ZAP will not know that "server-a" is itself and will just forward those
requests.

Best regards.

[Slava Kuravsky]

Thanks, it works by the way, my firefox proxy config was wrong.