Using selenium scripts in docker container to inject tokens to browser's local storage
160 views
Skip to first unread message
Ricardo Santos
May 17, 2023, 2:06:30 PM5/17/23
to OWASP ZAP User Group
Hello guys,
I'm trying to run a CASA assessment using OWASP ZAP's docker container. Our app is a React based web app, with authentication tokens retrieve via a call to an API, which then must be injected into the browser's local storage, much like the Juice Shop example, using Client-Side Session Management, available here.
With that tutorial, I was able to automate login to my app using desktop zap, but my selenium script (similar to that in the mentioned example) is not mentioned in the context file that I exported from the desktop app, and so I've tried two different methods to run the script without success:
1. using an options.conf file with:
script.scripts.name="monadd-selenium.js"
script.scripts.engine="Oracle Nashorn"
script.scripts.type=selenium
script.scripts.enabled=true
script.script.file="monadd-selenium.js"
And running the docker container with:
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw \
-t owasp/zap2docker-stable zap-api-scan.py \
-t https://${URL} -f openapi -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
-z '-configfile /zap/wrk/options.conf' -d
In this case there isn't any evidence of the script running in ZAP's output (with the -d flag).
2. Using a hook when zap is started, in zap_started_hook.py:
def zap_started(zap, target):
# zap.script.load('monadd-selenium.js', 'selenium', 'ECMAScript : Graal.js', '/zap/wrk/monadd-selenium.js')
print("Running ZAP started hook")
load_response = zap.script.load('monadd-selenium.js', 'selenium', 'Oracle Nashorn', '/zap/wrk/monadd-selenium.js')
print(f"Load response : {load_response}")
enable_response = zap.script.enable('monadd-selenium.js')
print(f"Enable response : {enable_response}")
print("Running ZAP finished running hook")
And then running the docker container with
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw \
-t owasp/zap2docker-stable zap-api-scan.py \
-t https://${URL} -f openapi -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
--hook /zap/wrk/zap_started_hook.py -d
This looks more promising, because the output suggests that there is an attempt to run the script, but as shown below, the attempt fails with HTTP 400 and a payload 'does_not_exist'.
Running ZAP started hook
2023-05-17 17:44:04,772 Starting new HTTP connection (1): localhost:8080
2023-05-17 17:44:04,780 http://localhost:8080 "GET http://zap/JSON/script/action/load/?scriptName=monadd-selenium.js&scriptType=selenium&scriptEngine=Oracle+Nashorn&fileName=%2Fzap%2Fwrk%2Fmonadd-selenium.js&apikey= HTTP/1.1" 400 52
Load response : does_not_exist
2023-05-17 17:44:04,781 Starting new HTTP connection (1): localhost:8080
2023-05-17 17:44:04,789 http://localhost:8080 "GET http://zap/JSON/script/action/enable/?scriptName=monadd-selenium.js&apikey= HTTP/1.1" 400 52
Enable response : does_not_exist
Running ZAP finished running hook
Any help would be much appreciated.
Thanks!
I'm trying to run a CASA assessment using OWASP ZAP's docker container. Our app is a React based web app, with authentication tokens retrieve via a call to an API, which then must be injected into the browser's local storage, much like the Juice Shop example, using Client-Side Session Management, available here.
With that tutorial, I was able to automate login to my app using desktop zap, but my selenium script (similar to that in the mentioned example) is not mentioned in the context file that I exported from the desktop app, and so I've tried two different methods to run the script without success:
1. using an options.conf file with:
script.scripts.name="monadd-selenium.js"
script.scripts.engine="Oracle Nashorn"
script.scripts.type=selenium
script.scripts.enabled=true
script.script.file="monadd-selenium.js"
And running the docker container with:
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw \
-t owasp/zap2docker-stable zap-api-scan.py \
-t https://${URL} -f openapi -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
-z '-configfile /zap/wrk/options.conf' -d
In this case there isn't any evidence of the script running in ZAP's output (with the -d flag).
2. Using a hook when zap is started, in zap_started_hook.py:
def zap_started(zap, target):
# zap.script.load('monadd-selenium.js', 'selenium', 'ECMAScript : Graal.js', '/zap/wrk/monadd-selenium.js')
print("Running ZAP started hook")
load_response = zap.script.load('monadd-selenium.js', 'selenium', 'Oracle Nashorn', '/zap/wrk/monadd-selenium.js')
print(f"Load response : {load_response}")
enable_response = zap.script.enable('monadd-selenium.js')
print(f"Enable response : {enable_response}")
print("Running ZAP finished running hook")
And then running the docker container with
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw \
-t owasp/zap2docker-stable zap-api-scan.py \
-t https://${URL} -f openapi -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
--hook /zap/wrk/zap_started_hook.py -d
This looks more promising, because the output suggests that there is an attempt to run the script, but as shown below, the attempt fails with HTTP 400 and a payload 'does_not_exist'.
Running ZAP started hook
2023-05-17 17:44:04,772 Starting new HTTP connection (1): localhost:8080
2023-05-17 17:44:04,780 http://localhost:8080 "GET http://zap/JSON/script/action/load/?scriptName=monadd-selenium.js&scriptType=selenium&scriptEngine=Oracle+Nashorn&fileName=%2Fzap%2Fwrk%2Fmonadd-selenium.js&apikey= HTTP/1.1" 400 52
Load response : does_not_exist
2023-05-17 17:44:04,781 Starting new HTTP connection (1): localhost:8080
2023-05-17 17:44:04,789 http://localhost:8080 "GET http://zap/JSON/script/action/enable/?scriptName=monadd-selenium.js&apikey= HTTP/1.1" 400 52
Enable response : does_not_exist
Running ZAP finished running hook
I've tried several changes to the name of the selenium script without success.
Thanks!
Simon Bennetts
May 18, 2023, 4:27:56 AM5/18/23
to OWASP ZAP User Group
Is the monadd-selenium.js script in the CWD when you start Docker?
If so then this _looks_ fine to me - I'm away right now so cant try it out right now I'm afraid.
Cheers,
Simon
thc...@gmail.com
May 18, 2023, 9:25:40 AM5/18/23
to zaprox...@googlegroups.com
Hi.
> script.script.file="monadd-selenium.js"
Has a typo in the key, it would also have to use the full path to the
script.
Start ZAP passing:
-config api.incerrordetails=true
and the API response will contain the parameter that "does not exist".
Best regards.
> script.script.file="monadd-selenium.js"
Has a typo in the key, it would also have to use the full path to the
script.
Start ZAP passing:
-config api.incerrordetails=true
and the API response will contain the parameter that "does not exist".
Best regards.
Ricardo Santos
May 21, 2023, 6:31:49 PM5/21/23
to OWASP ZAP User Group
Hello,
Thank you both for the input. With your help and after a number of iterations, I made some progress in several fronts, but issues running scripts (for session management and selenium) in docker.
I modified my hook to list the files under /zap/wrk/ inside the docker container, and confirmed that all scripts and configuration files are there and have either 644 or 777 permission masks.
I still can't load the selenium script, but now I also get a similar problem with the session management script (both very similar to the Juice Shop example).
Here is my docker run script:
-t https://${URL} -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
-z '-config api.disablekey=true' \
-z '-configfile /zap/wrk/selenium-script.conf' \
-z '-configfile /zap/wrk/session-management-script.conf' \
-z '-config api.incerrordetails=true' \
--hook /zap/wrk/zap_started_hook.py \
-d
And the selenium configuration script selenium-script.conf
script.scripts.name="monadd-selenium"
script.scripts.engine="Graal.js"
script.scripts.type=selenium
script.scripts.enabled=true
script.scripts.file="/zap/wrk/monadd-selenium.js"
And the session management configuration script session-management-script.conf
script.scripts.name="monadd-session-management"
script.scripts.engine="Graal.js"
script.scripts.type=session
script.scripts.enabled=true
script.scripts.file="/zap/wrk/monadd-session-management.js"
And the hook python script, which includes prints for files and permissions as well as an additional attempt to load the selenium script:
import os
def zap_started(zap, target):
print("Running ZAP started hook")
print(f"Files in /zap/ : {os.listdir('/zap/')}")
print(f"Files in /zap/wrk/ : {os.listdir('/zap/wrk/')}")
for f in os.listdir('/zap/wrk/'):
print('/zap/wrk/' + f + (" " * (30 - len(f))) + "\t" + oct(os.stat('/zap/wrk/' + f).st_mode & 0o777))
print("Contents of /home/zap/.ZAP/config.xml")
print("=====================================")
with open('/home/zap/.ZAP/config.xml') as f:
print(f.read())
print("=====================================")
load_response = zap.script.load('monadd-selenium', 'selenium', 'Graal.js', '/zap/wrk/monadd-selenium.js')
print(f"Load response : {load_response}")
enable_response = zap.script.enable('monadd-selenium')
print(f"Enable response : {enable_response}")
print("Running ZAP finished running hook")
As mentioned, now I get error loading the session management script. There are two exceptions that seem related to this:
2023-05-21 20:22:34,070 http://localhost:8080 "GET http://zap/JSON/spider/action/scanAsUser/?contextId=1&userId=3912&apikey= HTTP/1.1" 400 52
Traceback (most recent call last):
File "/zap/zap-full-scan.py", line 349, in main
zap_spider(zap, target)
File "/zap/zap_common.py", line 108, in _wrap
return_data = func(*args_list, **kwargs)
File "/zap/zap_common.py", line 424, in zap_spider
raise_scan_not_started()
File "/zap/zap_common.py", line 411, in raise_scan_not_started
raise ScanNotStartedException('Failed to start the scan, check the log/output for more details.')
zap_common.ScanNotStartedException: Failed to start the scan, check the log/output for more details.
And at the end of the output log:
24158 [ZAP-IO-Server-1-1] ERROR org.zaproxy.zap.session.ScriptBasedSessionManagementMethodType - Unable to find script while loading Script Based Session Management Method for name: monadd-session-management
26993 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/spider/action/scanAsUser/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: no_implementor
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:445) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-05-21 20:22:34,079 Trigger hook: pre_exit, args: 3
If I use the hook script to load the selenium script (monadd-selenium.js), then I also get the following exceptions:
23056 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:8080
24095 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/script/action/load/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: does_not_exist
at org.zaproxy.zap.extension.script.ScriptAPI.handleApiAction(ScriptAPI.java:318) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:521) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
24108 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/script/action/enable/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: does_not_exist
at org.zaproxy.zap.extension.script.ScriptAPI.handleApiAction(ScriptAPI.java:288) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:521) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Thanks again. Any help much appreciated!
Kind regards,
Ricardo
Thank you both for the input. With your help and after a number of iterations, I made some progress in several fronts, but issues running scripts (for session management and selenium) in docker.
I modified my hook to list the files under /zap/wrk/ inside the docker container, and confirmed that all scripts and configuration files are there and have either 644 or 777 permission masks.
I still can't load the selenium script, but now I also get a similar problem with the session management script (both very similar to the Juice Shop example).
Here is my docker run script:
docker run -p 8080:8080 -v $(pwd):/zap/wrk/:rw \
-t owasp/zap2docker-stable zap-full-scan.py \-t https://${URL} -P 8080 \
-c zap-casa-config.conf \
-r "${URL}.html" \
-x "${URL}.xml" \
-n good-auth-monadd.context \
-U owas...@test.com \
-z '-configfile /zap/wrk/selenium-script.conf' \
-z '-configfile /zap/wrk/session-management-script.conf' \
-z '-config api.incerrordetails=true' \
--hook /zap/wrk/zap_started_hook.py \
-d
And the selenium configuration script selenium-script.conf
script.scripts.name="monadd-selenium"
script.scripts.engine="Graal.js"
script.scripts.type=selenium
script.scripts.enabled=true
script.scripts.file="/zap/wrk/monadd-selenium.js"
And the session management configuration script session-management-script.conf
script.scripts.name="monadd-session-management"
script.scripts.engine="Graal.js"
script.scripts.type=session
script.scripts.enabled=true
script.scripts.file="/zap/wrk/monadd-session-management.js"
And the hook python script, which includes prints for files and permissions as well as an additional attempt to load the selenium script:
import os
def zap_started(zap, target):
print("Running ZAP started hook")
print(f"Files in /zap/wrk/ : {os.listdir('/zap/wrk/')}")
for f in os.listdir('/zap/wrk/'):
print('/zap/wrk/' + f + (" " * (30 - len(f))) + "\t" + oct(os.stat('/zap/wrk/' + f).st_mode & 0o777))
print("Contents of /home/zap/.ZAP/config.xml")
print("=====================================")
with open('/home/zap/.ZAP/config.xml') as f:
print(f.read())
print("=====================================")
load_response = zap.script.load('monadd-selenium', 'selenium', 'Graal.js', '/zap/wrk/monadd-selenium.js')
print(f"Load response : {load_response}")
print(f"Enable response : {enable_response}")
print("Running ZAP finished running hook")
As mentioned, now I get error loading the session management script. There are two exceptions that seem related to this:
2023-05-21 20:22:34,070 http://localhost:8080 "GET http://zap/JSON/spider/action/scanAsUser/?contextId=1&userId=3912&apikey= HTTP/1.1" 400 52
Traceback (most recent call last):
File "/zap/zap-full-scan.py", line 349, in main
zap_spider(zap, target)
File "/zap/zap_common.py", line 108, in _wrap
return_data = func(*args_list, **kwargs)
File "/zap/zap_common.py", line 424, in zap_spider
raise_scan_not_started()
File "/zap/zap_common.py", line 411, in raise_scan_not_started
raise ScanNotStartedException('Failed to start the scan, check the log/output for more details.')
zap_common.ScanNotStartedException: Failed to start the scan, check the log/output for more details.
And at the end of the output log:
24158 [ZAP-IO-Server-1-1] ERROR org.zaproxy.zap.session.ScriptBasedSessionManagementMethodType - Unable to find script while loading Script Based Session Management Method for name: monadd-session-management
26993 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/spider/action/scanAsUser/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: no_implementor
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:445) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-05-21 20:22:34,079 Trigger hook: pre_exit, args: 3
If I use the hook script to load the selenium script (monadd-selenium.js), then I also get the following exceptions:
23056 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:8080
24095 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/script/action/load/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: does_not_exist
at org.zaproxy.zap.extension.script.ScriptAPI.handleApiAction(ScriptAPI.java:318) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:521) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
24108 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/script/action/enable/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: does_not_exist
at org.zaproxy.zap.extension.script.ScriptAPI.handleApiAction(ScriptAPI.java:288) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:521) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:149) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:96) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:84) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Thanks again. Any help much appreciated!
Kind regards,
Ricardo
thc...@gmail.com
May 22, 2023, 3:33:09 AM5/22/23
to zaprox...@googlegroups.com
Hi.
You need to use diferent configuration keys for the scripts, as is now,
you are replacing one script with the other.
Refer to
https://www.zaproxy.org/faq/how-do-you-find-out-what-key-to-use-to-set-a-config-value-on-the-command-line/
for an example how to set multiple properties (i.e. use of `(0)`, `(1)`).
That might not address all problems though. Ensure you are using the
latest tag of the Docker image too, the "no_implementor" error points to
outdated image.
Best regards.
You need to use diferent configuration keys for the scripts, as is now,
you are replacing one script with the other.
Refer to
https://www.zaproxy.org/faq/how-do-you-find-out-what-key-to-use-to-set-a-config-value-on-the-command-line/
for an example how to set multiple properties (i.e. use of `(0)`, `(1)`).
That might not address all problems though. Ensure you are using the
latest tag of the Docker image too, the "no_implementor" error points to
outdated image.
Best regards.
psiinon
May 22, 2023, 4:18:07 AM5/22/23
to zaprox...@googlegroups.com
Its worth noting that the Automation Framework has much better script support: https://www.zaproxy.org/docs/automate/automation-framework/
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/b5dae906-cfc9-4d14-a96b-119b900e1c89%40gmail.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages