Zap showing 502 and 504 error

[Kadeeja Mosa]

Hi team,

I am getting 504 and 502 bad gateway error while trying to accsess https url of a web application through OWASP ZAP tool. Does it require any proxy configuration and other configuration on OWASP ZAP tool.. 

Owaps zap version - 2.14.0

Browser used-Mozilla Firefox 

Proxy enabled - localhost 8080 and 80, 127.0.0.1-8080 and 80 tried both combinations 

Installed root ca certificate in the browser

I need your urgent support here. 

Please guide me as earliest as possible 

Thank you 

[Simon Bennetts]

Hiya,

Do you need to use a proxy to access your web app?

If so you will need to configure that proxy in ZAP.

https://www.zaproxy.org/docs/desktop/addons/network/options/connection/#http-proxy

FYI you can launch browsers from ZAP - ZAP then sets then up correctly so you worry about setting up things like the root certificate.

Also FYI its just "ZAP" not "OWASP ZAP" - ZAP is no longer part of OWASP :)

Cheers,

Simon

[rashi k mosa]

Thank you so much your fast response.

 

To connect to the Web app through browser proxy is not needed. I could able to browse the application without connecting or enabling proxy. But while I tried to scan the application(with enabled and disabled proxy) through ZAP automated scan its showing 504 or 502 error (I have tried both http and https url for the same web application) 

[Simon Bennetts]

Are you aware of any web app firewalls or similar tech in use?

Some of those can detect and block ZAP.

Or do you have any browser extensions installed?

Cheers,

Simon

[thc...@gmail.com]

Also, is that happening with all websites or just this specific one?

Try send the request directly from ZAP (e.g. manual request editor).
https://www.zaproxy.org/docs/desktop/addons/requester/dialogs/

Best regards.