ZAP poops its pants after 250k requests.

[PickleRick]

Quick one im doing a course and we where given a target for a assessment i was fuzzing some params with a big list like 1000000+ after 250k ish zaps poops its pants. 

Now i understand that i could be sending more requests than target can handle but at end of day 250k requests in couple mins is pretty week and its still responsive in the web browser. 

i'm not maxim ram out and cpu just zap becomes unresponsive.  

and i have about 70% ram left and 50% cpu. 

If i was ddosing the target and it couldn't handle the requests it should just reply with 404 or do the error it usually dose when target is down. 

Is that a known issue or something or is it just me who thinks its a little odd. 

[psiinon]

No, this is not a known issue (as far as I am aware).

Can you be a bit more specific about what actually happens? 

"poops its pants" may be very descriptive but it is not very helpful from a diagnostic point of view ;)

Cheers,

Simon

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/fc8f877e-c080-4323-8568-25d9760758ean%40googlegroups.com.

--

OWASP ZAP Project leader

[PickleRick]

Zap Slows down  then becomes totally unresponsive like its being starved of resources and i have to kill the pid to get it to respond again. thing is there are plenty of resources to go. my machine isn't a beast but there are 7 cores and 24gb of ram. 

First i put it down to resources as i had just run ajax spider and that can be intensive.

I then rebooted machine and opened the task manager  (kali linux)

Ran the fuzz attempt again it was  skills assessment and i was fuzzing http://targetip:port/FUZZ.php and i was using directorylist2.3-big.txt in the FUZZ param.  

Cpu didnt go above 20% and ram not over 30% and zap unresponsive if i would mess with it too much while unresponsive (click 50 different buttons to get it to do differnt things ) then cpu would increase because its having trouble responding in first place and they are all building up in a que. 

otherwise it will stay unresponsive till it turns off attack  on its own at whatever percentage it cant continue or i get bored of waiting for it and kill it.    

it also happened on a previous assessment (different target) but that time i attempted to fuzz 2 prams at same time resulting in 5m+ different payloads and same thing between 250k attempts it would just slow to a crawl and become unresponsive or finish the attack at 7% and give no exit code or reason for stopping. i put that down to resources.  

If it was the target and i was hitting it with too many requests that usually affects just the target as its the one having problems responding but i just dont see why zap would become unresponsive if that was the case.