CONTENT_TYPE_NOT_SUPPORTED
40 views
Skip to first unread message
Tsanta
Sep 17, 2024, 9:54:10 AM9/17/24
to ZAP User Group
Hello guys,
1839422 [ZAP-IO-Server-1-3] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/ascan/action/scan/] from [127.0.0.1]:
org.zaproxy.zap.extension.api.ApiException: CONTENT_TYPE_NOT_SUPPORTED
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:498) ~[za p-2.14.0.jar:2.14.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleApiRequest(ZapApiHandler.java:111) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleRequest(ZapApiHandler.java:85) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleMessage(ZapApiHandler.java:70) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.noti fyMessageHandlers(MainServerHandler.java:151) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.proc essMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.pro cessMessage(LocalServerHandler.java:67) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.proc ess(MainServerHandler.java:94) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lamb da$channelRead0$0(MainServerHandler.java:82) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:628) [?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalR unnable.java:30) [network-beta-0.12.0.zap:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
I am using OWASP ZAP in daemon mode on an AWS Ubuntu instance. I am not using ZAP directly but have a Python tool that uses it to perform scans for me.
Here is the error I get after running my Python script:
org.zaproxy.zap.extension.api.ApiException: CONTENT_TYPE_NOT_SUPPORTED
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:498) ~[za p-2.14.0.jar:2.14.0]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleApiRequest(ZapApiHandler.java:111) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleRequest(ZapApiHandler.java:85) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler .handleMessage(ZapApiHandler.java:70) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.noti fyMessageHandlers(MainServerHandler.java:151) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.proc essMessage(MainServerHandler.java:131) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.pro cessMessage(LocalServerHandler.java:67) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.proc ess(MainServerHandler.java:94) ~[?:?]
at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lamb da$channelRead0$0(MainServerHandler.java:82) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:628) [?:?]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalR unnable.java:30) [network-beta-0.12.0.zap:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
And here is the excerpt from my script that is causing this error:
def analyse_vulnerabilite_avec_strategie(url):
zap_url = zap_config['url']
zap_api_key = zap_config['api_key']
try:
print(f"URL de scan : {url}")
params = {
'apikey':zap_api_key,
'url':url,
'recurse':'false',
'inScopeOnly':'true',
'scanPolicyName':'',
'method':'',
'postData':'',
'contextId':''
}
response = requests.post(zap_url + '/JSON/ascan/action/scan/', params=params)
response.raise_for_status()
scan_id = response.json().get('scan')
print(f'Analyse des vulnérabilités avec la stratégie réussie (scan ID : {scan_id})')
return scan_id
except requests.exceptions.RequestException as e:
print(f'Erreur lors de l\'analyse des vulnérabilités avec OWASP ZAP : {e}')
return None
zap_url = zap_config['url']
zap_api_key = zap_config['api_key']
try:
print(f"URL de scan : {url}")
params = {
'apikey':zap_api_key,
'url':url,
'recurse':'false',
'inScopeOnly':'true',
'scanPolicyName':'',
'method':'',
'postData':'',
'contextId':''
}
response = requests.post(zap_url + '/JSON/ascan/action/scan/', params=params)
response.raise_for_status()
scan_id = response.json().get('scan')
print(f'Analyse des vulnérabilités avec la stratégie réussie (scan ID : {scan_id})')
return scan_id
except requests.exceptions.RequestException as e:
print(f'Erreur lors de l\'analyse des vulnérabilités avec OWASP ZAP : {e}')
return None
Please help me find a solution
thc...@gmail.com
Sep 17, 2024, 10:09:53 AM9/17/24
to zaprox...@googlegroups.com
Hi,
If you want to use post you need to send the parameters as
`application/x-www-form-urlencoded` or `multipart/form-data`,
alternatively use get (with the parameters in the URL query).
Note that older ZAP versions are not supported (they don't get add-on
updates either), it's better to update ZAP to latest version.
Best regards.
If you want to use post you need to send the parameters as
`application/x-www-form-urlencoded` or `multipart/form-data`,
alternatively use get (with the parameters in the URL query).
Note that older ZAP versions are not supported (they don't get add-on
updates either), it's better to update ZAP to latest version.
Best regards.
Tsanta
Sep 18, 2024, 8:58:44 AM9/18/24
to ZAP User Group
Hi guys,
params = {
'apikey':zap_api_key,
'url':url,
'recurse':'false',
'inScopeOnly':'true',
'scanPolicyName':'',
'method':'',
'postData':'',
'contextId':''
}
scan_id = response.json().get('scan')
print(f'Analyse des vulnérabilités avec la stratégie réussie (scan ID : {scan_id})')
return scan_id
except requests.exceptions.RequestException as e:
print(f'Erreur lors de l\'analyse des vulnérabilités avec OWASP ZAP : {e}')
return None
First thanks for replying to me,
I discovered that the issue was not entirely with my script; it was that my web application was not accessible since it was running locally while I was working on an AWS instance. Therefore, even though I changed my script to use application/x-www-form-urlencoded or multipart/form-data as you mentioned, I encountered the error 'URL_NOT_FOUND.' I had to make some changes to the accessibility of my web application. However, my script would not have worked if you hadn’t suggested using .get, so I tested it and it worked .
So, the problem is resolved somewhat, I changed my python script using .get but not .post. and it was
Here is the script changed:
def analyse_vulnerabilite_avec_strategie(url):
zap_url = zap_config['url']
zap_api_key = zap_config['api_key']
try:
print(f"URL de scan : {url}")
zap_url = zap_config['url']
zap_api_key = zap_config['api_key']
try:
print(f"URL de scan : {url}")
print(f"Stratégie de scan ")
#Paramètre d'analyse
#Paramètre d'analyse
params = {
'apikey':zap_api_key,
'url':url,
'recurse':'false',
'inScopeOnly':'true',
'scanPolicyName':'',
'method':'',
'postData':'',
'contextId':''
}
# Lancer la requête POST pour démarrer l'analyse
response = requests.get(zap_url + '/JSON/ascan/action/scan/', params=params)
response.raise_for_status() # Vérifie si la requête a réussi
# Extraire l'identifiant du scan
response = requests.get(zap_url + '/JSON/ascan/action/scan/', params=params)
response.raise_for_status() # Vérifie si la requête a réussi
# Extraire l'identifiant du scan
scan_id = response.json().get('scan')
print(f'Analyse des vulnérabilités avec la stratégie réussie (scan ID : {scan_id})')
return scan_id
except requests.exceptions.RequestException as e:
print(f'Erreur lors de l\'analyse des vulnérabilités avec OWASP ZAP : {e}')
return None
Thanks for your support, it has been helpful, sincerely.
Reply all
Reply to author
Forward
0 new messages