ZAP in Docker using http_proxy and https_proxy env variables

[Pedro Deniz]

Hi everybody,

I´m having the following problem. I´m using the owasp/zap2docker-stable Docker image to use ZAP in a Jenkins Pipeline which has two environments: test and production. The test environment has unrestricted internet access and the production environment has a restriction on which all web traffic (HTTP and HTTPS) must be routed through a proxy. In order to solve this, I configured Docker (using the .docker/config.json file) so it would automatically set the HTTP_PROXY and HTTPS_PROXY environment variables in the ZAP container. So, when I make a request using the container bash console it goes through the proxy (wget http://www.google.com/robots.txt). However, when I configure my browser to use that ZAP container as proxy the traffic does not go through the proxy. 

Now, if I configure the proxyChain options in ZAP with the same proxy address that in the HTTP_PROXY env. variable it works. Howevere, I would like to know wether is there a reason for which the ZAP container is not "using" the HTTP_PROXY and HTTPS_PROXY environment variables when using ZAP as proxy. I would want it to be transparent for ZAP wether it is in an environment where it needs to go through a proxy or not.

Thanks in advance.

Best Regards

Pedro