Reg- Issue with ZAP Docker Webswing API Access and API Key Configuration

89 views
Skip to first unread message

anb pentesting

unread,
Sep 3, 2024, 4:48:34 AM9/3/24
to ZAP User Group

Hi All,

I need help with an issue I’m encountering while using ZAP with Docker Webswing. Here’s the detailed context of my setup and the problem I’m facing:

  1. Docker Image: I’ve installed the Docker image for ZAP with Webswing using the following command:
  2. docker run -u zap -p 8080:8080 -i ghcr.io/zaproxy/zaproxy:stable zap-webswing.sh
  3. Accessing ZAP: The ZAP Webswing UI is accessible at http://localhost:8080/zap.
API Key: I retrieved the API key from the ZAP UI under Tools -> Options -> API

Issue:

When I attempt to run my Python script to interact with the ZAP API, I keep encountering errors related to API key validation and endpoint access. Below is a brief overview of the problem:

  • Python Script: Here’s a snippet of my Python script:
    from zapv2 import ZAPv2
    import time

    # Set the target URL
    target_url = 'http://example.com'

    # Initialize the ZAP API key and ZAP instance
    zap_api_key = 'myapikey'  # Retrieved from ZAP UI
    zap_base_url = 'http://localhost:8080'
    zap = ZAPv2(apikey=zap_api_key, proxies={'http': zap_base_url, 'https': zap_base_url})

    # Start a new session
    zap.core.new_session(name='new_session', overwrite=True)

    # Start the spidering process
    scan_response = zap.spider.scan(target_url)
    API Endpoint Test: When I try to manually test the API endpoint using curl, I get a 404 response:
    curl "http://localhost:8080/JSON/core/action/viewBaseUrls/?apikey=myapikey"


     This results in:
    HTTP ERROR 404 Not Found
    URI:    /JSON/core/action/viewBaseUrls/
    STATUS: 404
    MESSAGE: Not Found

    I have already verified the following:

    • The ZAP API is enabled.
    • The API key is correctly configured and matches the one shown in the ZAP UI.
    • There are no additional URL paths configured in my ZAP settings.
    • The Docker container logs do not show any relevant errors.

      Questions:
      1. Am I using the correct API base URL and paths for the Webswing Docker setup?
      2. Is any additional configuration required to access the ZAP API endpoints correctly from the Docker container?
      3. Are there any known issues or special considerations for using ZAP with Docker Webswing that might affect API access?

      
      

  

thc...@gmail.com

unread,
Sep 3, 2024, 6:40:44 AM9/3/24
to zaprox...@googlegroups.com
Hi,

The ZAP API will be on 8090 not 8080 when running with Webswing.
More details in: https://www.zaproxy.org/docs/docker/webswing/

Best regards.

On 03/09/2024 09:37, anb pentesting wrote:
>
>
> Hi All,
>
> I need help with an issue I’m encountering while using ZAP with Docker
> Webswing. Here’s the detailed context of my setup and the problem I’m
> facing:
>
> 1. *Docker Image*: I’ve installed the Docker image for ZAP with Webswing
> using the following command:
> 2. docker run -u zap -p 8080:8080 -i ghcr.io/zaproxy/zaproxy:stable
> zap-webswing.sh
> 3. *Accessing ZAP*: The ZAP Webswing UI is accessible at
> http://localhost:8080/zap.
>
> *API Key*: I retrieved the API key from the ZAP UI under Tools -> Options
> -> API
>
> *Issue:*
>
> When I attempt to run my Python script to interact with the ZAP API, I keep
> encountering errors related to API key validation and endpoint access.
> Below is a brief overview of the problem:
>
> -
>
> *Python Script*: Here’s a snippet of my Python script:
> from zapv2 import ZAPv2
> import time
>
> # Set the target URL
> target_url = 'http://example.com'
>
> # Initialize the ZAP API key and ZAP instance
> zap_api_key = 'myapikey' # Retrieved from ZAP UI
> zap_base_url = 'http://localhost:8080'
> zap = ZAPv2(apikey=zap_api_key, proxies={'http': zap_base_url, 'https':
> zap_base_url})
>
> # Start a new session
> zap.core.new_session(name='new_session', overwrite=True)
>
> # Start the spidering process
> scan_response = zap.spider.scan(target_url)
> *API Endpoint Test*: When I try to manually test the API endpoint using
> curl, I get a 404 response:
> curl
> "http://localhost:8080/JSON/core/action/viewBaseUrls/?apikey=myapikey"
>
>
> This results in:
> HTTP ERROR 404 Not Found
> URI: /JSON/core/action/viewBaseUrls/
> STATUS: 404
> MESSAGE: Not Found
>
> I have already verified the following:
> - The ZAP API is enabled.
> - The API key is correctly configured and matches the one shown in
> the ZAP UI.
> - There are no additional URL paths configured in my ZAP settings.
> - The Docker container logs do not show any relevant errors.
>
> *Questions:*
> 1. Am I using the correct API base URL and paths for the Webswing
> Docker setup?
> 2. Is any additional configuration required to access the ZAP API
> endpoints correctly from the Docker container?
> 3. Are there any known issues or special considerations for using

anb pentesting

unread,
Sep 4, 2024, 9:30:14 AM9/4/24
to ZAP User Group
i have tried 8090 port also i cant able to access the zap

Simon Bennetts

unread,
Sep 10, 2024, 4:58:57 AM9/10/24
to ZAP User Group
What command line options ae you using now?


Reply all
Reply to author
Forward
0 new messages