Cannot connect to Zap inside docker .

[Abhishek Jha]

Hi , I have one application running in docker image which is in turn calling the api endpoint which i want it to pass through Zap , so created a docker-compose file in which the app is communicating with zap .But when I try to connect it to ZAP via

# proxies = {
#             "http": "http://localhost:8080",
#             "https": "http://localhost:8080",

#         }

or

 # proxies = {

#             "http": "http://myzap:8080",
#             "https": "http://myzap:8080",

#         }

It is giving connection refused  requests.exceptions.ProxyError: HTTPSConnectionPool(host='**************.com', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fb0e8438a10>: Failed to establish a new connection: [Errno 111] Connection refused')))

This is my docker-compose file

version: "3"
services:
  myzap:
    image: "owasp/zap2docker-stable"
  myapp:
    build: .
    ports:
      - "8000:8000"

what should be the correct url to connect to ZAP container?

[Simon Bennetts]

See https://www.zaproxy.org/docs/docker/about/#accessing-the-api-from-outside-of-the-docker-container

Cheers,

Simon

[Abhishek Jha]

Thanks for the swift response Simon.

However upon trying the above method gives the following response

docker inspect 549ce137a52c | grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",

But connecting to the endpoint via browser returns the error message in logs :

317733 [ZAP-IO-Server-1-1] WARN  org.zaproxy.zap.extension.api.API - Request to API URL http://172.17.0.2:8090/ from 172.17.0.1 not permitted.

And browser shows the empty response.

I have one query : Is it possible that we configure the proxy for zap , as we do in ZAP desktop and then build the container so that It will always listen on that particular proxy address?

[thc...@gmail.com]

You need to allow access to the API:
https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/


You can definitely do that, bit you should just need to provide
config.xml file.

Best regards.

[Abhishek Jha]

Thanks ,

That answered my query , I have one more follow-up question if we are running the command : zap.sh -daemon -port 8090 -host 0.0.0.0 . In this case we are setting up the zap to listen at port 8090 and we can easily get the IP of the container using the docker inspect <container-id> | grep IPAddress . So It is quite easy to connect to the container.

My Question is : Is there any way to specify the port number in case of Automation Framework , so that our container will listen on that specific port and we can then connect to it , As we did earlier . 

Because I am able to access the container i.e Proxy through the container in case of former , But I am having Issues connecting to the same while using AF , since I am not able to specify the port so I am getting  the following error message :

requests.exceptions.ProxyError: HTTPSConnectionPool(host='restful-booker.herokuapp.com', port=443): Max retries exceeded with url: /ping (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5b6e1aa790>: Failed to establish a new connection: [Errno 111] Connection refused')))

pythonproject1_myapp_1 exited with code 1
pythonproject1_myzap_1 exited with code 0

Thanks

Bzp .sh -daemon -port 8090 -host 0.0.0.0