OWASP ZAP: Execute Zest script from Jenkins
1,531 views
Skip to first unread message
Larron Hector
Sep 25, 2015, 4:48:29 AM9/25/15
to OWASP ZAP User Group
Hi Simon,
Hope things are well. Im new to OWASP, but could you assist with executing a Zest script from Jenkins. I have installed the ZAProxy plugin and recorded a ZEST script using ZAP. Could you possibly explain how i would point ZAproxy in Jenkins to execute this script as part of my builds.
I have tried setting the following parameters:
-config script.scripts.file=/home/larron/.ZAP/scripts/scripts/authentication/airtime.zst
-config script.scripts.name=airtime
-config script.scripts.engine=Mozilla Zest
-config script.scripts.enabled=true
-config script.scripts.type=StandAlone
From what i can see in the console output. The ZAproxy starts up but it does not execute any scans.
[CustomTools] - ZAProxy_2.42: Starting installation [CustomTools] - ZAProxy_2.42: Tool is installed at /opt/Tools/security/ZAP_2.4.2 [CustomTools] - ZAProxy_2.42: Setting ZAProxy_2.42_HOME=/opt/Tools/security/ZAP_2.4.2 [EnvInject] - Loading node environment variables. Building in workspace /var/lib/jenkins/workspace/Mobi Money Transfer Security Scan ------- START Prebuild ------- zapProgram = /opt/Tools/security/ZAP_2.4.2/ targetURL = http://mobi.local zapProxyHost = localhost zapProxyPort = 9089 Start ZAProxy [/opt/Tools/security/ZAP_2.4.2/zap.sh] [ZAP_2.4.2] $ /opt/Tools/security/ZAP_2.4.2/zap.sh -daemon -host localhost -port 9089 -config api.disablekey=true -config script.scripts.file=/home/larron/.ZAP/scripts/scripts/authentication/airtime.zst -config script.scripts.name=airtime -config "script.scripts.engine=Mozilla Zest" -config script.scripts.enabled=true -config script.scripts.type=StandAlone Found Java version 1.7.0_79 Available memory: 7904 MB Setting jvm heap size: -Xmx512m 0 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.4.2 started. 1080 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 1173 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end 2599 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.name = airtime was airtime 2600 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was true 2602 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.enabled = true was true 2602 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.engine = Mozilla Zest was Mozilla Zest 2603 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.file = /home/larron/.ZAP/scripts/scripts/authentication/airtime.zst was /home/larron/.ZAP/scripts/scripts/authentication/airtime.zst 2603 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.type = StandAlone was StandAlone 2605 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols... 2605 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine... 3646 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] 3657 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled. 3758 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions 5799 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded 7300 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers. 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses. 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification. 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince) 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser. 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter/get.xls 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter/post.xls 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter/message.txt 7316 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern. 7317 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern. 7317 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern. 7317 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern. 7317 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID 7912 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption 7914 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit 7914 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter 7914 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP 8131 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState 8131 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory 8133 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields 8134 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions 8135 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash... 8135 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses 8135 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner 8203 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script passive scan rules 8204 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure 8204 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set 8216 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing 8216 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag 8216 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag 8217 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion 8217 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled 8217 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content 8240 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser 8242 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure 8242 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite 8242 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing 8243 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Not Set 8294 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts 8294 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added 8333 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site 8338 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks 8338 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool 8339 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest 8339 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates 8340 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences 8340 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters 8340 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens 8341 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication 9568 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication] 9569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser 9607 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only 9608 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement 9609 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies 9609 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration 9622 [ZAP-daemon] ERROR org.zaproxy.zap.extension.script.ScriptParam - Script '/home/larron/.ZAP/scripts/scripts/authentication/airtime.zst' does not exist 9623 [ZAP-daemon] ERROR org.zaproxy.zap.extension.script.ScriptParam - Script '/home/larron/.ZAP/scripts/scripts/authentication/airtime.zst' does not exist 9624 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages 9624 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser 9624 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions 9625 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools 10097 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff 10098 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView 10099 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration 10099 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement 10371 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, Http Authentication Session Management] 10371 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView 10372 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints. 10381 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies 10381 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization 10381 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax 10384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs 10384 [ZAP-daemon] WARN org.zaproxy.zap.extension.globalexcludeurl.ExtensionGlobalExcludeURL - GlobalExcludeURL.optionsLoaded() 10384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree 10384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus. 10384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User guide 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules 10385 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage 10386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links 10386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel 10386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide 10386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. 10412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files 10412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks 10412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations. 10414 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages. 10414 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules ------- END Prebuild ------- Perform ZAProxy Load session at [/var/lib/jenkins/workspace/Mobi Money Transfer Security Scan/Zapsession/airtime_session.session] 11616 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start 11760 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed 11974 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 12006 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end 12802 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - checkpointClose start 12898 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start 13816 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - checkpointClose end 15737 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control - Session file opened Skip spidering the site [http://mobi.local] Skip Ajax spidering the site [http://mobi.local] Skip spidering the site [http://mobi.local] as user [success_login] Skip scanning the site [http://mobi.local] File [/var/lib/jenkins/workspace/Mobi Money Transfer Security Scan/Zapreport/report1.html] saved Skip saveSession Total alerts = ApiResponseElement numberOfAlerts = 5 Total messages = ApiResponseElement numberOfMessages = 2332 Shutdown ZAProxy Finished: SUCCESS
Message has been deleted
Larron Hector
Sep 25, 2015, 4:55:08 AM9/25/15
to OWASP ZAP User Group
Apologies, the stacktrace above is using my session. Please see below when pointing the build to use the ZEST script as covered in the config parameters:
Perform ZAProxy Skip loadSession Skip spidering the site [http://mobi.local] Skip Ajax spidering the site [http://mobi.local] Skip spidering the site [http://mobi.local] as user [success_login] Skip scanning the site [http://mobi.local] File [/var/lib/jenkins/workspace/Mobi Money Transfer Security Scan/Zapreport/report1.html] saved Skip saveSession Total alerts = ApiResponseElement numberOfAlerts = 0 Total messages = ApiResponseElement numberOfMessages = 0 Shutdown ZAProxy Finished: SUCCESS
thc...@gmail.com
Sep 25, 2015, 6:13:56 AM9/25/15
to zaprox...@googlegroups.com
Hi.
Those command line arguments just add the script to ZAP, it will not be
automatically run.
(Note that the type is "standalone", all lower case.)
To automatically run a script, in daemon mode, you need to use:
-script /path/to/script.zst
Best regards.
On 25/09/15 09:55, Larron Hector wrote:
> Apologies, the stacktrace above is using my session. Please see below
> when pointing the build to use the ZEST script as covered in the config
> parameters:
>
> Perform ZAProxy
> Skip loadSession
> Skip spidering the site [http://mobi.local <http://mobi.local/>]
> Skip Ajax spidering the site [http://mobi.local <http://mobi.local/>]
> Skip spidering the site [http://mobi.local <http://mobi.local/>] as user [success_login]
> Skip scanning the site [http://mobi.local <http://mobi.local/>]
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Those command line arguments just add the script to ZAP, it will not be
automatically run.
(Note that the type is "standalone", all lower case.)
To automatically run a script, in daemon mode, you need to use:
-script /path/to/script.zst
Best regards.
On 25/09/15 09:55, Larron Hector wrote:
> Apologies, the stacktrace above is using my session. Please see below
> when pointing the build to use the ZEST script as covered in the config
> parameters:
>
> Perform ZAProxy
> Skip loadSession
> Skip Ajax spidering the site [http://mobi.local <http://mobi.local/>]
> Skip spidering the site [http://mobi.local <http://mobi.local/>] as user [success_login]
> Skip scanning the site [http://mobi.local <http://mobi.local/>]
> File [/var/lib/jenkins/workspace/Mobi Money Transfer Security Scan/Zapreport/report1.html] saved
> Skip saveSession
> Total alerts = ApiResponseElement numberOfAlerts = 0
>
> Total messages = ApiResponseElement numberOfMessages = 0
>
> Shutdown ZAProxy
> Finished: SUCCESS
>
>
>
> --
> Skip saveSession
> Total alerts = ApiResponseElement numberOfAlerts = 0
>
> Total messages = ApiResponseElement numberOfMessages = 0
>
> Shutdown ZAProxy
> Finished: SUCCESS
>
>
>
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Larron Hector
Sep 25, 2015, 6:45:52 AM9/25/15
to OWASP ZAP User Group
Hi,
Thanks for the reply. I added -script parameter as per your recommendation and tried kicking off the build. The job runs, but the same results are returned. Perform ZAProxy starts but no scans or alerts are generated. Alerts are generated when i run the script through ZAP UI.
Any ideas ?
I had a look at the ZAP API and there is a runStandAloneScript command. Should i be using this ? If so, how would i configure it ?
Apologies in advance for all the questions.
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Sep 25, 2015, 7:08:53 AM9/25/15
to zaprox...@googlegroups.com
Hi.
It might be that Jenkins plugin is finishing before ZAP has finished run
the script?
I suspect that but I don't know much of the life cycle of Jenkins plugin
to know for sure.
Try adding some "prints" to the script to check that the script is being
run and, if so, when it finishes.
Running with -script or invoking with ZAP API has the same effect,
though it's not possible to do the latter with Jenkins plugin (at least,
I'm not aware of that functionality).
Best regards.
> > <mailto:zaproxy-user...@googlegroups.com>.
It might be that Jenkins plugin is finishing before ZAP has finished run
the script?
I suspect that but I don't know much of the life cycle of Jenkins plugin
to know for sure.
Try adding some "prints" to the script to check that the script is being
run and, if so, when it finishes.
Running with -script or invoking with ZAP API has the same effect,
though it's not possible to do the latter with Jenkins plugin (at least,
I'm not aware of that functionality).
Best regards.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Larron Hector
Sep 25, 2015, 8:11:54 AM9/25/15
to OWASP ZAP User Group
Hii,
I added print commands at the start of the script and towards the end as well. Running it through jenkins doesnt print out the "start" or "end" when using the ZAProxy plugin. I tried running it through command line as follows: ./zap.sh -daemon -script /path/to/script.
This started the scan, and it printed out the line "scan started" but it hangs there. Any ideas why it hangs there when running it through command line and why ZAProxy doesnt even print it out ?
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Hi.
Spyridon Dosis
Aug 9, 2016, 7:41:36 AM8/9/16
to OWASP ZAP User Group
Hi,
Have you found any solution to your problem? I've run into a similar situation with an httpsender script that makes the spider hanging in the middle of it.
Reply all
Reply to author
Forward
0 new messages