Accessing ZAP API from outside Docker container
226 views
Skip to first unread message
Lei
Aug 2, 2023, 12:38:12 PM8/2/23
to ZAP User Group
I have been trying to run the ZAP docker daemon and access it to no avail. I have taken these steps:
- run the docker container:
docker run -u zap -p 8080:8080 -i softwaresecurityproject/zap-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.key=abcd1234 - docker inspect <container_id> | grep IPAddress -> gives me an ip of 172.17.0.2
- I go to http://172.17.0.2:8080 in the browser and I receive 'Connection reset'
- Tried eg.
curl -X GET http://172.17.0.2:8080/JSON/httpSessions/view/sites/ -H 'X-ZAP-API-Key: abcd1234' -H 'Accept: application/json'
which returns: curl: (52) Empty reply from server - I see a bunch of warnings in the container output like:
271126 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://localhost:8080/ from 127.0.0.1 not permitted
278072 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://172.17.0.2:8080/JSON/httpSessions/view/sites from 172.17.0.1 not permitted
301283 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://localhost:8080/ from 127.0.0.1 not permitted
331441 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://localhost:8080/ from 127.0.0.1 not permitted
I can't understand why I'm not able to make request to this API. Also I notice that the container is echoing this same warning even when I am not making any requests. Anyone encountered these problems before? Thanks for any help!
Simon Bennetts
Aug 3, 2023, 8:43:53 AM8/3/23
to ZAP User Group
I think you are nearly there.
As per https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/ you also need to specify
- -config api.addrs.addr.regex=true
Right now ZAP is treating ".*" as an address rather than a regex.
Cheers,
Simon
Nate Penner
Aug 3, 2023, 9:12:44 AM8/3/23
to zaprox...@googlegroups.com
Yes, that was the parameter I missed! Thanks 👍
--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f5498e92-63da-445b-8481-7c7b21f2438cn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages