I started my application in a docker container on a dedicated docker network. Its container IP address is 10.0.3.3 and it is mapped to a dynamic port on the loopback interface, e.g. 127.0.0.2:49213
I then start ZAP (GUI app) and set it to listen to 0.0.0.0:8080
(no other app is currently listening to 8080 => checked with sudo netstat -ntpl | grep 8080).
I then proxify firefox to localhost:8080.
If I access the application using its host address, i.e. http://127.0.0.2:49213/primainsure
, then it works properly.
If I access the application using its container address, i.e. http://10.0.3.3:8080/primainsure
, I receive a "Bad format" message.
Now, if I change the ZAP port to 9090, both URLs work properly.
But I actually don't want to use the port 9090 because I want to use ZAP in a container. The problem is that when I start ZAP in a container (daemon mode), it remains in unhealthy state, unless started on 8080. I tried to export ZAP_PORT=9090 (as mentionned here https://www.zaproxy.org/docs/docker/about
) but it doesn't seem to work. If I start the ZAP container on 8080, it properly turns to healthy state but then I got the same error as when run in the GUI, see docker logs below below where my context path (primainsure) seems to be viewed as a ZAP API endpoint.
10420 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:8080
44319 [ZAP-ProxyThread-10] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/primainsure/] from [10.0.3.1]:
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:430) [zap-2.11.1.jar:2.11.1]
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:497) [zap-2.11.1.jar:2.11.1]
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:333) [zap-2.11.1.jar:2.11.1]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.PRIMAINSURE
at java.lang.Enum.valueOf(Enum.java:240) ~[?:?]
at org.zaproxy.zap.extension.api.API$Format.valueOf(API.java:63) ~[zap-2.11.1.jar:2.11.1]
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:409) [zap-2.11.1.jar:2.11.1]
... 3 more
I can't figure out what the problem is. Any help ?