ZAP port 8080 : Bad format

Skip to first unread message

Jun 23, 2022, 10:45:31 AMJun 23
to OWASP ZAP User Group

I started my application in a docker container on a dedicated docker network. Its container IP address is and it is mapped to a dynamic port on the loopback interface, e.g.

I then start ZAP (GUI app) and set it to listen to (no other app is currently listening to 8080 => checked with sudo netstat -ntpl | grep 8080).
I then proxify firefox to localhost:8080.

If I access the application using its host address, i.e., then it works properly.
If I access the application using its container address, i.e., I receive a "Bad format" message.

Now, if I change the ZAP port to 9090, both URLs work properly.

But I actually don't want to use the port 9090 because I want to use ZAP in a container. The problem is that when I start ZAP in a container (daemon mode), it remains in unhealthy state, unless started on 8080. I tried to export ZAP_PORT=9090 (as mentionned here but it doesn't seem to work. If I start the ZAP container on 8080, it properly turns to healthy state but then I got the same error as when run in the GUI, see docker logs below below where my context path (primainsure) seems to be viewed as a ZAP API endpoint.

10420 [ZAP-daemon] INFO  org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on
44319 [ZAP-ProxyThread-10] WARN  org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/primainsure/] from []:
org.zaproxy.zap.extension.api.ApiException: bad_format
    at org.zaproxy.zap.extension.api.API.handleApiRequest( [zap-2.11.1.jar:2.11.1]
    at org.parosproxy.paros.core.proxy.ProxyThread.processHttp( [zap-2.11.1.jar:2.11.1]
    at [zap-2.11.1.jar:2.11.1]
    at [?:?]
Caused by: java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.PRIMAINSURE
    at java.lang.Enum.valueOf( ~[?:?]
    at org.zaproxy.zap.extension.api.API$Format.valueOf( ~[zap-2.11.1.jar:2.11.1]
    at org.zaproxy.zap.extension.api.API.handleApiRequest( [zap-2.11.1.jar:2.11.1]
    ... 3 more

I can't figure out what the problem is. Any help ?

Jun 24, 2022, 6:13:59 AMJun 24
to OWASP ZAP User Group
After setting ZAP (GUI) to listen to localhost:8080 rather than I was able to access my app on
Unfortunately, it doesn't solve my problem because I want to run ZAP in a container, so it has to listen to the network interface, not the loopback one. So how could I make ZAP listen to 9090 rather than 8080 within a container. As mentioned before, I was unabled to make ZAP_PORT environment variable working.

Thanks for your help.

Simon Bennetts

Jun 24, 2022, 9:10:30 AMJun 24
to OWASP ZAP User Group
I often run ZAP in docker using a non standard port, just using the standard ZAP command line option: "-port".
I dont care that the the container is not in a healthy state ;)
If that is important to you, then can you give the exact command you are using to start ZAP?




Jun 24, 2022, 2:59:19 PMJun 24
to OWASP ZAP User Group
It's because you've bound to which is all interfaces.

Jun 28, 2022, 5:51:29 AMJun 28
to OWASP ZAP User Group
Thanks a lot. I ignored the unhealthy state and it works properly on 9090.
Reply all
Reply to author
0 new messages