"Certificate chain may be invalid" when running using docker to scan API on localhost
536 views
Skip to first unread message
Luiz
May 23, 2022, 3:00:09 PM5/23/22
to OWASP ZAP User Group
Hi,
I am trying to scan a Web API running locally (in my development machine).
The Web API swagger specification at
http://localhost:5100/swagger/v1.0/swagger.json
I managed to scan it manually by using the ZAP GUI, after setting proxy settings (I am behind a corporate proxy).
Then, next thing I want to do is to run the same scan, but now using the docker image. However, I am getting errors related to Certificate chain: "Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?"
This is the docker command I am running:
docker run -t owasp/zap2docker-weekly zap-api-scan.py -t http://localhost:5100/swagger/v1.0/swagger.json -f openapi -d
And below is the debug output from the console. Any ideas on how to solve this?
Thanks a lot!
Luiz
2022-05-23 18:51:19,101 Could not find custom hooks file at /home/zap/.zap_hooks.py
2022-05-23 18:51:26,814 Number of Imported URLs: 0
2022-05-23 18:51:26,814 Failed to import any URLs
Traceback (most recent call last):
 File "/zap/zap-api-scan.py", line 456, in main
  raise NoUrlsException()
NoUrlsException
Found Java version 11.0.15
Available memory: 12562 MB
Using JVM args: -Xmx3140m
488 [main] INFO Â org.parosproxy.paros.Constant - Copying default configuration to /home/zap/.ZAP_D/config.xml
588 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/session
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/dirbuster
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/fuzzers
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/plugin
643 [main] INFO Â org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2022-05-23 started 23/05/2022, 18:51:19 with home /home/zap/.ZAP_D/
665 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config database.recoverylog = false was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null
667 [main] INFO Â org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
906 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start
912 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
915 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end
915 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end
2128 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=47.0.0], [id=ascanrulesBeta, version=41.0.0], [id=automation, version=0.16.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.4.0], [id=commonlib, version=1.10.0], [id=coreLang, version=16.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.2.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.10.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.3.0], [id=oast, version=0.11.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=28.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=41.0.0], [id=pscanrulesBeta, version=30.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.14.0], [id=retest, version=0.3.0], [id=retire, version=0.12.0], [id=reveal, version=5.0.0], [id=scripts, version=31.0.0], [id=selenium, version=15.10.0], [id=sequence, version=7.0.0], [id=soap, version=14.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=39.0.0], [id=webdrivermacos, version=40.0.0], [id=webdriverwindows, version=39.0.0], [id=websocket, version=27.0.0], [id=zest, version=36.0.0]]
2130 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Loading extensions
2763 [ZAP-daemon] INFO Â org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
2847 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
3151 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension - Options Extension
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
3160 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension - History Extension
3161 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
3162 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
3163 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
3173 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
3212 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
3212 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
3231 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
3232 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
3235 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence - ExtensionSequence
3236 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site
3240 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
3240 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionPortScan - Simple but effective port scanner
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension - Manual Request Editor Extension
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
3242 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
3242 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
3244 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension - Authentication Extension
3254 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
3256 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
3256 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension - Users Extension
3258 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
3258 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Script Extension - Script integration
3260 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
3362 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension - Forced User Extension
3362 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
3364 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
3498 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionPlugNHack - Simple browser configuration
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension - Session Management Extension
3504 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
3505 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
3505 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
3521 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
3522 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
3522 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension - Authorization Extension
3523 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
3524 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
3528 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAccessControl - Add-on that adds a set of tools for testing access control in web applications.
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
3530 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
3548 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
3548 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
3549 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
3552 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics Extension - Statistics
3553 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
3554 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
3554 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
3598 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
3599 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionCoreLang - Translations of the core language files
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
3602 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
3602 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Common Library - A library of shared functionality
3602 [ZAP-daemon] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel  - Adds the Quick Start panel for scanning and exploring applications
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
3604 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
3604 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
3607 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
3607 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
3608 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
3608 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
3611 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
3612 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used by ZAP Spiders.
3613 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
3615 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
3615 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
3616 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta - Beta status passive scan rules
3616 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
3738 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
3739 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
3925 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
3925 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
3927 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
3928 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
3929 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
3930 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAscanRulesBeta - Beta status active scan rules
3930 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
3934 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
3976 [ZAP-daemon] INFO Â org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:35439
3978 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - Creating new root CA certificate.
4604 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.
4688 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
5615 [ZAP-daemon] ERROR org.parosproxy.paros.CommandLine - Check for updates call failed
5678 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
6616 [ZAP-daemon] ERROR org.parosproxy.paros.CommandLine - Check for updates call failed
6627 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:53430
6682 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
6693 [ZAP-telemetry-start] ERROR org.zaproxy.addon.callhome.ExtensionCallHome - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?]
  at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[?:?]
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) ~[?:?]
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) ~[?:?]
  at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[?:?]
  at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:921) ~[?:?]
  at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1291) ~[?:?]
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[?:?]
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[?:?]
  at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506) ~[commons-httpclient-3.1.jar:?]
  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2276) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1160) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:471) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.executeMethodImpl(HttpSender.java:497) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:713) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:679) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:653) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceiveImpl(HttpSender.java:1072) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1029) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1014) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:578) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.callhome.ExtensionCallHome.sendServiceRequest(ExtensionCallHome.java:220) ~[?:?]
  at org.zaproxy.addon.callhome.ExtensionCallHome.lambda$uploadTelemetryStartData$5(ExtensionCallHome.java:347) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?]
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?]
  at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
  ... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?]
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?]
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?]
  at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
  ... 31 more
7600 [ZAP-IO-EventExecutor-3-8] WARN Â org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Connection refused (Connection refused)
java.net.ConnectException: Connection refused (Connection refused)
  at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
  at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412) ~[?:?]
  at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255) ~[?:?]
  at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237) ~[?:?]
  at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
  at java.net.Socket.connect(Socket.java:609) ~[?:?]
  at org.parosproxy.paros.network.HttpSender$ProtocolSocketFactoryImpl.createSocket(HttpSender.java:1262) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:457) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.executeMethodImpl(HttpSender.java:497) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:713) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:679) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:653) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceiveImpl(HttpSender.java:1072) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1029) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1014) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:578) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.zap.extension.openapi.network.Requestor.getResponseBody(Requestor.java:93) ~[?:?]
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinitionV2(ExtensionOpenApi.java:254) ~[?:?]
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinition(ExtensionOpenApi.java:239) ~[?:?]
  at org.zaproxy.zap.extension.openapi.OpenApiAPI.handleApiAction(OpenApiAPI.java:113) ~[?:?]
  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:516) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:93) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:67) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpRequestHandler.handleMessage0(HttpRequestHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpIncludedMessageHandler.handleMessage(HttpIncludedMessageHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:118) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:100) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:83) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:72) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:37) ~[?:?]
  at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
  at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
  at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[?:?]
  at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
  at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
7602 [ZAP-IO-EventExecutor-3-8] ERROR org.zaproxy.zap.extension.api.API - Exception while handling API request:
java.lang.NullPointerException: null
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinition(ExtensionOpenApi.java:239) ~[?:?]
  at org.zaproxy.zap.extension.openapi.OpenApiAPI.handleApiAction(OpenApiAPI.java:113) ~[?:?]
  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:516) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:93) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:67) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpRequestHandler.handleMessage0(HttpRequestHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpIncludedMessageHandler.handleMessage(HttpIncludedMessageHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:118) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:100) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:83) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:72) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:37) ~[?:?]
  at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
  at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
  at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[?:?]
  at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
  at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
2022-05-23 18:51:26,814 Number of Imported URLs: 0
2022-05-23 18:51:26,814 Failed to import any URLs
Traceback (most recent call last):
 File "/zap/zap-api-scan.py", line 456, in main
  raise NoUrlsException()
NoUrlsException
Found Java version 11.0.15
Available memory: 12562 MB
Using JVM args: -Xmx3140m
488 [main] INFO Â org.parosproxy.paros.Constant - Copying default configuration to /home/zap/.ZAP_D/config.xml
588 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/session
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/dirbuster
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/fuzzers
591 [main] INFO Â org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/plugin
643 [main] INFO Â org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2022-05-23 started 23/05/2022, 18:51:19 with home /home/zap/.ZAP_D/
665 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config database.recoverylog = false was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null
666 [main] INFO Â org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null
667 [main] INFO Â org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
906 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start
912 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
915 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end
915 [main] INFO Â hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end
2128 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=47.0.0], [id=ascanrulesBeta, version=41.0.0], [id=automation, version=0.16.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.4.0], [id=commonlib, version=1.10.0], [id=coreLang, version=16.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.2.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.10.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.3.0], [id=oast, version=0.11.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=28.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=41.0.0], [id=pscanrulesBeta, version=30.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.14.0], [id=retest, version=0.3.0], [id=retire, version=0.12.0], [id=reveal, version=5.0.0], [id=scripts, version=31.0.0], [id=selenium, version=15.10.0], [id=sequence, version=7.0.0], [id=soap, version=14.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=39.0.0], [id=webdrivermacos, version=40.0.0], [id=webdriverwindows, version=39.0.0], [id=websocket, version=27.0.0], [id=zest, version=36.0.0]]
2130 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Loading extensions
2763 [ZAP-daemon] INFO Â org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
2847 [ZAP-daemon] INFO Â org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
3151 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension - Options Extension
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
3152 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
3160 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension - History Extension
3161 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
3162 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
3163 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
3173 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
3212 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
3212 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
3213 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
3214 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
3215 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
3216 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
3217 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
3218 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
3231 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
3232 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
3235 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence - ExtensionSequence
3236 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site
3240 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
3240 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionPortScan - Simple but effective port scanner
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension - Manual Request Editor Extension
3241 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
3242 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
3242 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
3244 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension - Authentication Extension
3254 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
3256 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
3256 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension - Users Extension
3258 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
3258 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Script Extension - Script integration
3260 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
3362 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension - Forced User Extension
3362 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
3364 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
3498 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionPlugNHack - Simple browser configuration
3499 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension - Session Management Extension
3504 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
3505 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
3505 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
3521 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
3522 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
3522 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension - Authorization Extension
3523 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
3524 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
3528 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAccessControl - Add-on that adds a set of tools for testing access control in web applications.
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
3529 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
3530 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
3548 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
3548 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
3549 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
3549 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
3550 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
3552 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics Extension - Statistics
3553 [ZAP-daemon] INFO Â org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
3554 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
3554 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
3598 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
3599 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionCoreLang - Translations of the core language files
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
3601 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
3602 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
3602 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Common Library - A library of shared functionality
3602 [ZAP-daemon] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel  - Adds the Quick Start panel for scanning and exploring applications
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
3603 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
3604 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
3604 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
3607 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
3607 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
3608 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
3608 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
3610 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
3611 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
3612 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used by ZAP Spiders.
3613 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
3615 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
3615 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
3616 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta - Beta status passive scan rules
3616 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
3738 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
3739 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
3925 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
3925 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
3927 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
3928 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
3929 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
3930 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAscanRulesBeta - Beta status active scan rules
3930 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
3934 [ZAP-daemon] INFO Â org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
3976 [ZAP-daemon] INFO Â org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:35439
3978 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - Creating new root CA certificate.
4604 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.
4688 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
5615 [ZAP-daemon] ERROR org.parosproxy.paros.CommandLine - Check for updates call failed
5678 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
6616 [ZAP-daemon] ERROR org.parosproxy.paros.CommandLine - Check for updates call failed
6627 [ZAP-daemon] INFO Â org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:53430
6682 [ZAP-cfu] WARN Â org.zaproxy.addon.callhome.ExtensionCallHome - Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA certificate in your Java truststore?
6693 [ZAP-telemetry-start] ERROR org.zaproxy.addon.callhome.ExtensionCallHome - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) ~[?:?]
  at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?]
  at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[?:?]
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) ~[?:?]
  at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) ~[?:?]
  at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[?:?]
  at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]
  at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:921) ~[?:?]
  at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1291) ~[?:?]
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) ~[?:?]
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) ~[?:?]
  at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506) ~[commons-httpclient-3.1.jar:?]
  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2276) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1160) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:471) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.executeMethodImpl(HttpSender.java:497) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:713) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:679) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:653) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceiveImpl(HttpSender.java:1072) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1029) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1014) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:578) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.callhome.ExtensionCallHome.sendServiceRequest(ExtensionCallHome.java:220) ~[?:?]
  at org.zaproxy.addon.callhome.ExtensionCallHome.lambda$uploadTelemetryStartData$5(ExtensionCallHome.java:347) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?]
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?]
  at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
  ... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?]
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?]
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?]
  at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[?:?]
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
  at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
  ... 31 more
7600 [ZAP-IO-EventExecutor-3-8] WARN Â org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Connection refused (Connection refused)
java.net.ConnectException: Connection refused (Connection refused)
  at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
  at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412) ~[?:?]
  at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255) ~[?:?]
  at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237) ~[?:?]
  at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
  at java.net.Socket.connect(Socket.java:609) ~[?:?]
  at org.parosproxy.paros.network.HttpSender$ProtocolSocketFactoryImpl.createSocket(HttpSender.java:1262) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:457) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.executeMethodImpl(HttpSender.java:497) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:713) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:679) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:653) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceiveImpl(HttpSender.java:1072) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1029) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:1014) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:578) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.zap.extension.openapi.network.Requestor.getResponseBody(Requestor.java:93) ~[?:?]
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinitionV2(ExtensionOpenApi.java:254) ~[?:?]
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinition(ExtensionOpenApi.java:239) ~[?:?]
  at org.zaproxy.zap.extension.openapi.OpenApiAPI.handleApiAction(OpenApiAPI.java:113) ~[?:?]
  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:516) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:93) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:67) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpRequestHandler.handleMessage0(HttpRequestHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpIncludedMessageHandler.handleMessage(HttpIncludedMessageHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:118) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:100) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:83) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:72) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:37) ~[?:?]
  at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
  at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
  at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[?:?]
  at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
  at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
7602 [ZAP-IO-EventExecutor-3-8] ERROR org.zaproxy.zap.extension.api.API - Exception while handling API request:
java.lang.NullPointerException: null
  at org.zaproxy.zap.extension.openapi.ExtensionOpenApi.importOpenApiDefinition(ExtensionOpenApi.java:239) ~[?:?]
  at org.zaproxy.zap.extension.openapi.OpenApiAPI.handleApiAction(OpenApiAPI.java:113) ~[?:?]
  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:516) ~[zap-D-2022-05-23.jar:D-2022-05-23]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:93) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:67) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpRequestHandler.handleMessage0(HttpRequestHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.handlers.HttpIncludedMessageHandler.handleMessage(HttpIncludedMessageHandler.java:32) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:118) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:100) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:63) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:83) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:72) ~[?:?]
  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.channelRead0(MainServerHandler.java:37) ~[?:?]
  at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[?:?]
  at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[?:?]
  at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[?:?]
  at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[?:?]
  at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
  at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
  at java.lang.Thread.run(Thread.java:829) ~[?:?]
thc...@gmail.com
May 23, 2022, 3:27:19 PM5/23/22
to zaprox...@googlegroups.com
Hi.
See "Scanning an app running on the host OS"
https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-on-the-host-os
That error is unrelated, you would have to configure ZAP to use the
proxy settings to avoid that one.
Best regards.
On 23/05/2022 20:00, Luiz wrote:
> Hi,
> I am trying to scan a Web API running locally (in my development machine).
> The Web API swagger specification at
> http://localhost:5100/swagger/v1.0/swagger.json
>
> I managed to scan it manually by using the ZAP GUI, after setting proxy
> settings (I am behind a corporate proxy).
>
> Then, next thing I want to do is to run the same scan, but now using the
> docker image. However, I am getting errors related to Certificate chain: *"Certificate
> 4688 [ZAP-cfu] WARN org.zaproxy.addon.callhome.ExtensionCallHome - *Certificate
See "Scanning an app running on the host OS"
https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-on-the-host-os
That error is unrelated, you would have to configure ZAP to use the
proxy settings to avoid that one.
Best regards.
On 23/05/2022 20:00, Luiz wrote:
> Hi,
> I am trying to scan a Web API running locally (in my development machine).
> The Web API swagger specification at
> http://localhost:5100/swagger/v1.0/swagger.json
>
> I managed to scan it manually by using the ZAP GUI, after setting proxy
> settings (I am behind a corporate proxy).
>
> Then, next thing I want to do is to run the same scan, but now using the
> chain may be invalid. Are you using a corporate or intermediate proxy? Is
> its CA certificate in your Java truststore?"*
> chain may be invalid. Are you using a corporate or intermediate proxy? Is
> its CA certificate in your Java truststore?*
Luiz
May 24, 2022, 6:59:23 AM5/24/22
to OWASP ZAP User Group
Hi
Thank you so much! This did the trick! :)
BR
Luiz
Luiz
May 24, 2022, 7:08:10 AM5/24/22
to OWASP ZAP User Group
By the way, for those using Windows (like me), I just had to replace "localhost" with "host.docker.internal". Like this:
docker run -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:5100/swagger/v1.0/swagger.json -f openapi -d
kingthorin+owaspzap
May 24, 2022, 8:14:33 AM5/24/22
to OWASP ZAP User Group
Thanks for following up!
Reply all
Reply to author
Forward
0 new messages