Testing ZAP Proxy - Java API
468 views
Skip to first unread message
Usman Waheed
Jun 20, 2013, 9:24:48 AM6/20/13
to zaprox...@googlegroups.com
Hi,
I took the code from the ZAP documentation and stripped it down so that it only does the following:
1. Start the ZAP proxy in daemon mode on port 8090
2. Surf a URL, http://localhost:8080/bodgeit
3. Stop the ZAP proxy
The code looks like:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
public class DaemonWaveIntegrationTest {
private List<String> openUrlViaProxy (Proxy proxy, String apiurl) throws Exception {
List<String> response = new ArrayList<>();
URL url = new URL(apiurl);
HttpURLConnection uc = (HttpURLConnection)url.openConnection(proxy);
uc.connect();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
response.add(inputLine);
}
in.close();
return response;
}
private void startZAP () throws Exception {
// ZAP.main(new String[]{"-daemon"});
// Thread.sleep(5000);
}
private void stopZAP (Proxy proxy) throws Exception {
// TODO not found a reliable way of doing this inline yet :(
}
public void testDaemonWave () throws Exception {
startZAP();
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 8090));
// Access one page via the proxy
openUrlViaProxy(proxy, "http://localhost:8080/bodgeit/");
Thread.sleep(2000);
stopZAP(proxy);
}
public static void main(String[] args) throws Exception {
DaemonWaveIntegrationTest test = new DaemonWaveIntegrationTest();
test.testDaemonWave ();
}
}
The above works if i manually start the ZAP proxy and have it running on port 8090.
What i am missing is the API calls inside the startZAP and stopZAP methods. Can anyone point to any clues here please. Tried to look for some documentation that better explains
the API calls but could not find it. Will appreciate it.
Thanks and Regards,
Usman
Usman Waheed
Jul 16, 2013, 7:47:55 AM7/16/13
to zaprox...@googlegroups.com
Thc202 asked me to post the example final code i have to stop/start the ZAP proxy.
Pasting it here so it might be useful for someone else as well.
import org.zaproxy.zap.*;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import net.sf.json.*;
public class Test {
import net.sf.json.*;
public class Test {
private List<String> openUrlViaProxy (Proxy proxy, String apiurl) throws Exception {
List<String> response = new ArrayList<>();
URL url = new URL(apiurl);
HttpURLConnection uc = (HttpURLConnection)url.openConnection(proxy);
uc.connect();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
response.add(inputLine);
}
in.close();
return response;
}
private void startZAP () throws Exception {
private void startZAP () throws Exception {
Properties props = System.getProperties();
props.setProperty("http.agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)");
ZAP.main(new String[]{"-daemon"});
Thread.sleep(10000);
props.setProperty("http.agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)");
ZAP.main(new String[]{"-daemon"});
Thread.sleep(10000);
}
private void stopZAP (Proxy proxy) throws Exception {
openUrlViaProxy(proxy, "http://localhost:8090/json/core/action/shutdown/");
}
public void testDaemonWave () throws Exception {
startZAP();
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 8090));
startZAP();
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("localhost", 8090));
openUrlViaProxy(proxy, url_to_spider);
Thread.sleep(5000);
Thread.sleep(5000);
// Shutdown ZAP
System.out.println("Shutting down ZAP ...");
stopZAP(proxy);
System.out.println("ZAP Shutdown complete ...");
System.out.println("Shutting down ZAP ...");
stopZAP(proxy);
System.out.println("ZAP Shutdown complete ...");
}
public static void main(String[] args) throws Exception {
Test test = new Test();
test.testDaemonWave();
}
Santosh Reddy
Aug 7, 2013, 10:15:45 AM8/7/13
to zaprox...@googlegroups.com
Hi Usman,
I get the following error when run this
366 [main] FATAL org.zaproxy.zap.ZAP - user lacks privilege or object not found: PUBLIC.HISTORY
java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: PUBLIC.HISTORY
I also tried running eclipse as windows administrator. Using java 7.
Thanks,
Santosh
Santosh
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Usman Waheed
Aug 7, 2013, 2:38:07 PM8/7/13
to zaprox...@googlegroups.com
Santosh,
I have the above working code in linux so no clue in windows.
But do you have the CLASS_PATH variable defined in your environment?
Below is what i have my CLASS_PATH variable set
CLASSPATH=.:/home/usmanw/workspace/trunk/lib/commons-lang-2.6.jar:/home/usmanw/workspace/trunk/lib/selenium-server-standalone-2.33.0.jar:/home/usmanw/workspace/trunk/lib/zap.jar:/home/usmanw/workspace/trunk/lib/zap-api-v2-4.jar:/home/usmanw/workspace/trunk/lib/commons-httpclient-3.1-rc1.jar:/home/usmanw/workspace/trunk/lib/json-lib-2.4-jdk15.jar:/home/usmanw/workspace/trunk/lib/log4j-1.2.17.jar:/home/usmanw/workspace/trunk/lib/json-simple-1.1.1.jar
Santosh Reddy
Aug 7, 2013, 2:51:52 PM8/7/13
to zaprox...@googlegroups.com
Hi Usman,
Earlier i was not having those jars in my classpath in eclipse. Then I was getting this error "Warning: failed to load language files from"
Then I pointed to ZAP Installation\lib where all the .jars which you have mentioned are present and then the error disappeared.
But now I am getting the hsql error mentioned in previous post.
Note: I am not using the source code. I have installed the ZAP using windows installer and referring to zap.jar and zap-api-v2-4.jar.
It seems like, you downloaded the source code and pointing classpath to that. Do I need do download the source code and build zap and then use the API?
Thanks,
Santosh
Santosh
--
Usman Waheed
Aug 7, 2013, 3:01:42 PM8/7/13
to zaprox...@googlegroups.com
I did not build anything from source.
I just downloaded the file ZAP_2.1.0_Linux.tar
untar'ed it in a directory but had to ensure java version "1.7.0_21" (installed).
I suspect you are facing some sort of privileges issue. Are you getting this error when you try to run zap.bat?
thc202
Aug 7, 2013, 11:57:36 PM8/7/13
to zaprox...@googlegroups.com, santhos...@gmail.com
Hi.
That error happens if the directory "db" is not in the directory where ZAP is started.
(The directory "db" is located in ZAP's directory)
Try copying the "db" directory to the same directory where you're running the "Test" class to see if it fixes the issue.
(Note that if you're running with Eclipse you might have to change the "Working directory" to point to the project's "bin" directory)
Best regards.
That error happens if the directory "db" is not in the directory where ZAP is started.
(The directory "db" is located in ZAP's directory)
Try copying the "db" directory to the same directory where you're running the "Test" class to see if it fixes the issue.
(Note that if you're running with Eclipse you might have to change the "Working directory" to point to the project's "bin" directory)
Best regards.
Reply all
Reply to author
Forward
0 new messages