How to change proxy port of zap in daemon mode?

961 views
Skip to first unread message

Abhinav Singh

unread,
Jul 19, 2018, 4:40:49 AM7/19/18
to OWASP ZAP User Group

Simon Bennetts

unread,
Jul 25, 2018, 3:27:12 AM7/25/18
to OWASP ZAP User Group
Just set the port when you start ZAP using the '-port' option: https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline

On Thursday, 19 July 2018 10:40:49 UTC+2, Abhinav Singh wrote:

Abhinav Singh

unread,
Jul 30, 2018, 6:37:35 AM7/30/18
to zaprox...@googlegroups.com
Hi Simon,

Thank you so much for your reply.

As you know I need to do ZAP automation for our continuous delivery and we are using GoCD tool for our continuous delivery.

At this moment I am struggling to run owasp ZAP in terminal mode (calling scripts from GoCD would be a later part). I have started with the latest scripts that are available on this particular url:  https://github.com/zaproxy/zap-api-python/releases/tag/0.0.10  (compatible with python3) 

Can you please tell me step-by step, what exactly I need to do after that?

As i have done trying lot of stuff, i have installed zap core . have also installed zap 2.7 tar file but no luck.

Please help.

Thanks,
Abhinav

On Wed, Jul 25, 2018 at 12:57 PM, Simon Bennetts <psi...@gmail.com> wrote:
Just set the port when you start ZAP using the '-port' option: https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline

On Thursday, 19 July 2018 10:40:49 UTC+2, Abhinav Singh wrote:

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8f769915-4dc4-440c-95a9-29740dc93900%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Simon Bennetts

unread,
Jul 30, 2018, 6:41:54 AM7/30/18
to OWASP ZAP User Group
Hi Abhinav,

I think it would be easier if you could tell us what you're doing and where its failing.

Cheers,

Simon

On Monday, 30 July 2018 12:37:35 UTC+2, Abhinav Singh wrote:
Hi Simon,

Thank you so much for your reply.

As you know I need to do ZAP automation for our continuous delivery and we are using GoCD tool for our continuous delivery.

At this moment I am struggling to run owasp ZAP in terminal mode (calling scripts from GoCD would be a later part). I have started with the latest scripts that are available on this particular url:  https://github.com/zaproxy/zap-api-python/releases/tag/0.0.10  (compatible with python3) 

Can you please tell me step-by step, what exactly I need to do after that?

As i have done trying lot of stuff, i have installed zap core . have also installed zap 2.7 tar file but no luck.

Please help.

Thanks,
Abhinav
On Wed, Jul 25, 2018 at 12:57 PM, Simon Bennetts <psi...@gmail.com> wrote:
Just set the port when you start ZAP using the '-port' option: https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline

On Thursday, 19 July 2018 10:40:49 UTC+2, Abhinav Singh wrote:

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

Abhinav Singh

unread,
Aug 1, 2018, 2:50:23 PM8/1/18
to zaprox...@googlegroups.com
Hi Simon,

I am using ZAP 2.7 version in Kali and I am running it in daemon mode.  I got in to the ZAP directory and run this command:

./zap.sh -daemon -host 127.0.0.1 -port 8080 -config api.key=12345

Now I run the basic scan script with python version 2 and python3 and got errors.

I have attached all the relevant details. Please suggest what do next.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/75378a71-209d-42ec-8fc8-81b2f588c75e%40googlegroups.com.
basic-spider-scan.py.txt
python2.png
python3.png

kingthorin+owaspzap

unread,
Aug 1, 2018, 8:01:34 PM8/1/18
to OWASP ZAP User Group
The output seems pretty clear. Python2: use a string not an int for the apikey. Python3: zapv2 isn't available (probably need to pip3 install zapv2 or pip3 install python-owasp-zap-v2.4 something like that......)

Abhinav Singh

unread,
Aug 2, 2018, 3:06:49 PM8/2/18
to zaprox...@googlegroups.com
Hi Kingthorin,

Thanks for your quick reply. I made the changes as you said and Now I am facing this error. Please find attached.

Thanks,

Regards,
Abhinav Singh

On Thu, Aug 2, 2018 at 5:31 AM, kingthorin+owaspzap <kingt...@gmail.com> wrote:
The output seems pretty clear. Python2: use a string not an int for the apikey. Python3: zapv2 isn't available (probably need to pip3 install zapv2 or pip3 install python-owasp-zap-v2.4 something like that......)

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/7c2470c0-5ede-4661-b173-438b3bff4093%40googlegroups.com.
basic-spider-scan.py.txt
Python2_new.png

kingthorin+owaspzap

unread,
Aug 2, 2018, 5:34:16 PM8/2/18
to OWASP ZAP User Group
You literally opened zap and set your apikey to be “apikey” in the options?

Abhinav Singh

unread,
Aug 2, 2018, 5:36:28 PM8/2/18
to zaprox...@googlegroups.com
No, I have changed it in the script as well. I have attached the script as well.

On Thu, 2 Aug 2018 at 10:34 PM, kingthorin+owaspzap <kingt...@gmail.com> wrote:
You literally opened zap and set your apikey to be “apikey” in the options?

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/eb3093fa-275a-46c9-a27b-9c30e28f439a%40googlegroups.com.

Abhinav Singh

unread,
Aug 2, 2018, 5:43:06 PM8/2/18
to zaprox...@googlegroups.com
Please do let me know if i did something wrong. Apologies I don’t have much experience in developing code.

kingthorin+owaspzap

unread,
Aug 2, 2018, 8:47:35 PM8/2/18
to OWASP ZAP User Group
According to the script you attached "zap = ZAPv2(apikey='apikey')"

If apikey isn't the value set in ZAP's options then it won't be accepted.

Abhinav Singh

unread,
Aug 3, 2018, 1:13:40 AM8/3/18
to zaprox...@googlegroups.com
Hi Kingthorine,

I have used the below command to start ZAP.

Zap.sh -daemon -host 127.0.0.1 -port 8080 -config api.key=apikey

On Fri, 3 Aug 2018 at 1:47 AM, kingthorin+owaspzap <kingt...@gmail.com> wrote:
According to the script you attached "zap = ZAPv2(apikey='apikey')"

If apikey isn't the value set in ZAP's options then it won't be accepted.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

thc...@gmail.com

unread,
Aug 3, 2018, 8:17:11 AM8/3/18
to zaprox...@googlegroups.com
Please check the zap.log file (in ZAP home dir [1]) or ZAP output, to
know why the API requests are not being accepted (it might be address
permissions).


[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig

Best regards.
>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b768-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .

kingthorin+owaspzap

unread,
Aug 3, 2018, 9:32:34 AM8/3/18
to OWASP ZAP User Group
Here are a few things that can simplify getting you going.

1) Start it without using -daemon (for now), you can still interact with the API while the GUI is available. Plus if the GUI is available you can ensure your commandline values etc are being used.
2) Here's a simple script that makes an API call to get a list of passive scanners (a simple task as proof-of-concept that API access is or can work).

Based on the way you were starting things:
/usr/share/zaproxy/zap.sh -host localhost -port 8080 -config api.key=apikey

python tester.py

from zapv2 import ZAPv2 as zap
import time

apikey = "apikey" #Default Kali apikey
z = zap(apikey=apikey, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})
time.sleep(2)

scanners = z.pscan.scanners

print "There are: %s passive scan rules installed." % (len(scanners))


If it's working you should see something like:
There are: 57 passive scan rules.

Abhinav Singh

unread,
Aug 5, 2018, 4:45:51 AM8/5/18
to zaprox...@googlegroups.com
Hi THC202,

yes, you were right this is a permission issue, how can i make it right?

Thanks

Abhi

On Fri, Aug 3, 2018 at 5:47 PM, <thc...@gmail.com> wrote:
Please check the zap.log file (in ZAP home dir [1]) or ZAP output, to
know why the API requests are not being accepted (it might be address
permissions).


[1] https://github.com/zaproxy/zaproxy/wiki/FAQconfig

Best regards.

On 03/08/18 06:13, Abhinav Singh wrote:
> Hi Kingthorine,
>
> I have used the below command to start ZAP.
>
> Zap.sh -daemon -host 127.0.0.1 -port 8080 -config api.key=apikey
>
> On Fri, 3 Aug 2018 at 1:47 AM, kingthorin+owaspzap <kingt...@gmail.com>
> wrote:
>
>> According to the script you attached "zap = ZAPv2(apikey='apikey')"
>>
>> If apikey isn't the value set in ZAP's options then it won't be accepted.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP ZAP User Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to zaproxy-users+unsubscribe@googlegroups.com.

>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b768-42a0-8730-9d8f8b816652%40googlegroups.com
>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b768-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
thc.png

Abhinav Singh

unread,
Aug 5, 2018, 4:48:18 AM8/5/18
to zaprox...@googlegroups.com
Hi Kingthorin,

I run the command as you suggest. It started the ZAP but didn't able to change the apikey for ZAP. I have to manually change the apikey. Please find attached screenshots

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/41d2d0de-46c9-4fe4-80aa-c9a1eadbbf2d%40googlegroups.com.
1.png
2.png
3.png
4.png
5.png
6.png

Abhinav Singh

unread,
Aug 5, 2018, 5:38:44 AM8/5/18
to zaprox...@googlegroups.com
Thanks THC202, Simon and Kingthorin for your continuous support. I am able to run the script.

Now I need to run the scan for authenticated sessions. Please guide me on this.

Can you please tell me how to remove the permitted host through terminal? Attached the screenshot, the command that works for me.
thc1.png

thc...@gmail.com

unread,
Aug 6, 2018, 8:15:46 AM8/6/18
to zaprox...@googlegroups.com
It seems that the API key was not set because of the command line
argument used, it was missing an equals after the config key:
-config api.key=apikey


There's an example setting up the authentication here:
https://github.com/soprasteria/zap-api-python/blob/4b7e5ddbcac9401549a6bb3c857df46b13f8814a/src/examples/zap_example_api_script.py

Best regards.
>>>>> email to zaproxy-user...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>> l&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to zaproxy-user...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.

Abhinav Singh

unread,
Aug 6, 2018, 9:01:51 AM8/6/18
to zaprox...@googlegroups.com
Thanks THC202. Yes, missed equal sign, I realized later.

Let me make changes to this script according to my requirement and will come back to you shortly. :)

Abhinav Singh

unread,
Aug 6, 2018, 4:12:30 PM8/6/18
to zaprox...@googlegroups.com
Hi THC202,

This is what i get after modifying the script. Attached the screenshot and modified script.

Regards,
Abhinav


>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>> l&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
python_auth.py
python_authentication_error.png

thc...@gmail.com

unread,
Aug 6, 2018, 4:19:27 PM8/6/18
to zaprox...@googlegroups.com
When creating the API client pass also the API key:
zap = ZAPv2(proxies=localProxy, apikey=apiKey)

that will ensure the API key is sent always.

Best regards.
>>>>>>>> email to zaproxy-user...@googlegroups.com.
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an
>>>>>> email to zaproxy-user...@googlegroups.com.
>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to zaproxy-user...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.

Abhinav Singh

unread,
Aug 6, 2018, 4:22:46 PM8/6/18
to zaprox...@googlegroups.com
And this is what i get in logs. I have put the right apikey as far i know. Attached the log screenshot
python_authentication_log.png

Abhinav Singh

unread,
Aug 6, 2018, 4:46:53 PM8/6/18
to zaprox...@googlegroups.com
Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/2200dd01-9c69-17e8-a1fe-eb1ce0a089bb%40gmail.com.
python_authentication_log.png
Script modified.png
newerr.png

Simon Bennetts

unread,
Aug 7, 2018, 3:22:51 AM8/7/18
to OWASP ZAP User Group
Are you actually looking at the error logs?
If not you need to - you will make progress much faster than if you just ask for help without looking at them.

For example, in the screen shots you provided its says:
Bad request to API endpoint [/JSON/core/action/accessUrl/] from [127.0.0.1]:
Missing Parameter (missing_parameter) : url

What do you think that is telling you?

Abhinav Singh

unread,
Aug 10, 2018, 9:14:12 AM8/10/18
to zaprox...@googlegroups.com
Hi,

Please do let me know if i am doing something wrong.

On Tue, 7 Aug 2018 at 10:28 PM, Abhinav Singh <abhi...@gmail.com> wrote:
Hi Simon, 

Apologies 

I did checked the above error but that's not something, was stopping the scan, its the API issue. I try to be more clear with my questions.

I use this option to come up with the API error -   -config api.nokeyforsafeops=true [Reference- https://groups.google.com/forum/#!topic/zaproxy-jenkins/IQVzzsCCfr4 ]

Then i got the browser issue and it got resolved by updating the browser. Now my script is running but the result is not impressive. Am i doing something wrong as the policy says SQL and XSS but didn't find any of them.

Attached the HTML file


Thanks,
Abhinav


Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/fc48382b-5617-494b-8cc2-af36c6fa5d70%40googlegroups.com.

Simon Bennetts

unread,
Aug 14, 2018, 4:12:42 AM8/14/18
to OWASP ZAP User Group
The error is telling you that you are calling the '/JSON/core/action/accessUrl/' API endpoint but you are not supplying the mandatory 'url' parameter.
Have a look at your script - can you see where you are calling the 'accessUrl' endpoint? What parameters are you supplying?
I dont think you've shared that part of your script with us, if you cant see where the problem is then share your whole script (redacting anything thats private) and we'll see if we can spot what you're doing wrong.
Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

Abhinav Singh

unread,
Aug 14, 2018, 2:04:06 PM8/14/18
to zaprox...@googlegroups.com
Hi Simon,

Thanks for your reply.

I have resolved the url issue. Then I faced the API error.
I use this option to come up with the API error -   -config api.nokeyforsafeops=true [Reference- https://groups.google.com/forum/#!topic/zaproxy-jenkins/IQVzzsCCfr4 ]

Then i got the browser issue and it got resolved by updating the browser. Now my script is running but the result is not impressive. Am i doing something wrong as the policy says SQL and XSS in the script but didn't find any of them.

Attached the HTML file and the script.

Please guide on this.



To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/64d96878-22fe-4bc3-8628-b2e2106609ca%40googlegroups.com.
hi.html
python_auth.py

Simon Bennetts

unread,
Aug 15, 2018, 3:49:25 AM8/15/18
to OWASP ZAP User Group
It looks like just passive issues have been raised.
How long did the active scanner take to run?
Try calling the ascan.scanProgress(scanId) API endpoint after the active scan has finished and let us know what it returns.
I suspect the active scan rules are not actually running.

Abhinav Singh

unread,
Aug 15, 2018, 7:12:23 PM8/15/18
to zaprox...@googlegroups.com
Hi Simon,

Active scanner started and stopped in 5 secs. AjaxSpider run around 10 mins and does the automate scanning on non-authenticated pages on the firefox browser.Share the relevant screenshot. This time the report is different too. 

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/194828eb-3c1d-4e3c-8ffd-a79d758b1d6b%40googlegroups.com.
latestreport.html
Active Scanning.png
AjaxSpider on non-authenticated.png
Scanid.png
ScanidJson.png

Simon Bennetts

unread,
Aug 16, 2018, 3:32:15 AM8/16/18
to OWASP ZAP User Group
OK, so 5 seconds is way too short, that implies that the active scanner hasnt done anything.
This is confirmed by the scanProgress - that shows all of the scan rules that ran, and in your case its showing that there werent any.
So it looks like theres a bug in your script when setting up the scan policy.

Cheers,

Simon

Abhinav Singh

unread,
Aug 16, 2018, 3:50:43 AM8/16/18
to zaprox...@googlegroups.com
Hi Simon,

Yes it is something with the script and I am not that good with the code.

Kingthorin has shared this script with me, if he can help.

Thanks,
Abhi

Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/bbee64a6-90d9-44bb-9bec-adccd1713f28%40googlegroups.com.

Simon Bennetts

unread,
Aug 16, 2018, 4:12:19 AM8/16/18
to OWASP ZAP User Group
Think of this as a learning opportunity then :)
We're here to help, but in the end this is something you are working on and so you should really be putting the effort in to making it work.
If you just ask for help when you hit a new problem then you wont learn anything.

You can run this script against ZAP running in desktop mode.
This will help you understand whats going on and where its going wrong.
You can isolate the code that is creating the scan policy and just run that, then look at the scan policy in the ZAP desktop.

Cheers,

Simon
Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

Abhinav Singh

unread,
Aug 16, 2018, 4:13:34 AM8/16/18
to zaprox...@googlegroups.com
Sure. Let me put my efforts then. 👍🤞

Same error


>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b76
>>>>>> 8-42a0-8730-9d8f8b816652%40googlegroups.com
>>>>>>>> <https://groups.google.com/d/msgid/zaproxy-users/f2f805bb-b7
>>>>>> 68-42a0-8730-9d8f8b816652%40googlegroups.com?utm_medium=emai
>>>>>> l&utm_source=footer>
>>>>>>>> .
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>> Groups
>>>>>> "OWASP ZAP User Group" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an

>>>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/ms
>>>>>> gid/zaproxy-users/651699a7-9bde-4600-cef6-741467722204%40gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "OWASP ZAP User Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an

>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/zaproxy-users/28fd4edd-6083-1a62-a5c1-96352c5fdae6%40gmail.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/579609ff-f1a6-4830-a893-a01f9d30c778%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages