Zap Manual Explore won't load any page

1,205 views
Skip to first unread message

Rich Dorwart

unread,
Mar 22, 2022, 5:36:57 PM3/22/22
to OWASP ZAP User Group
Hi,
I just installed Owasp Zap v2.11.1.  I'm trying to use manual explore.  HUD is off, using Chrome (tho no difference to behavior described below if I vary these).  Mac with Monterey OS.

When I load a page on local host, it responds with a 403 error 'you don't have authorization to view this page'

If I load my page on the web (or any page at all like https://www.zaproxy.org/), it says 'the site can't be reached' with ERR_TUNNEL_CONNECTION_FAILED

There are no messages on ZAP under History or anywhere else that I can see.  The logs for my app also show nothing, so no contact is made to the app I want to test.

So I'm stuck.  Any ideas on how to make it work?

Thanks!

Simon Bennetts

unread,
Mar 23, 2022, 5:32:51 AM3/23/22
to OWASP ZAP User Group
Thats strange :/

Have you updated all of the add-ons?
Are there errors in the zap.log file?


Cheers,

Simon

Rich Dorwart

unread,
Mar 23, 2022, 2:48:55 PM3/23/22
to OWASP ZAP User Group
Hi Simon,
I'm getting this in the log file:

2022-03-22 15:05:17,571 [ZAP-ProxyThread-4] WARN  API - Bad request to API endpoint [/login] from [127.0.0.1]:

org.zaproxy.zap.extension.api.ApiException: bad_format

        at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:430) [zap-2.11.1.jar:2.11.1]

        at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:497) [zap-2.11.1.jar:2.11.1]

        at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:333) [zap-2.11.1.jar:2.11.1]

        at java.lang.Thread.run(Unknown Source) [?:?]

Caused by: java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.LOGIN

        at java.lang.Enum.valueOf(Unknown Source) ~[?:?]

        at org.zaproxy.zap.extension.api.API$Format.valueOf(API.java:63) ~[zap-2.11.1.jar:2.11.1]

        at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:409) [zap-2.11.1.jar:2.11.1]

        ... 3 more


Simon Bennetts

unread,
Mar 24, 2022, 5:12:09 AM3/24/22
to OWASP ZAP User Group
That error indicates that something is trying to access an invalid ZAP API endpoint: "/login" however is should not prevent ZAP from working.
Could there be another process listenning on the same port as ZAP?
I've hit that problem before on Mac OS and it can give strange symptoms.
Even if you dont think anything is I'd try changing the ZAP port anyway.

Cheers,

Simon

Rich Dorwart

unread,
Mar 24, 2022, 1:10:33 PM3/24/22
to OWASP ZAP User Group
Thanks Simon - that was it.  My API listens on 8080.  When I changed the Local Proxies port (for other readers: via Tools/Options menu), it worked.

Thanks!!

Reply all
Reply to author
Forward
0 new messages