Passing Firefox profile to ZAP when running the container for scanning.
Zahar Krivopust
Hello!
I am using ZAP in a container to scan websites. I need ZAP to use my configured Firefox profile to preserve cookies, local storage, and authorization that I set up for a specific website. I have encountered several difficulties trying to pass my Firefox profile to ZAP and would like to get some help with this issue.
Here’s what I’ve tried:
1. I am using Docker to run the ZAP container. I mounted my local Firefox profile into the container:
docker run —rm —net zapnet \
-v /path/to/my/firefox/profile:/home/zap/.mozilla/firefox/profile \
ictu/zap2docker-weekly \
zap-full-scan.py -d -I -j -m10 -T 60 -t https://example.com -x report.xml
This allows the container to see my profile, but ZAP still uses its default profile.
2. I also tried specifying the path to the Firefox profile using the -config flag in the command line:
-config selenium.firefoxDefaultProfilePath=/home/zap/.mozilla/firefox/your-profile
However, this does not make ZAP use my profile.
Here are my questions:
• Is there a way to specify the Firefox profile in ZAP configuration so that it uses it when scanning? I have tried mounting the profile and using -config, but the result is not as expected.
• Is it possible to pass the Firefox profile via Docker container parameters? If yes, how can I do this properly?
• How can I configure ZAP to use the specified Firefox profile when running the scan from Docker? I have tried specifying the profile parameters in the command line, but it didn’t work.
• Are there any other methods or settings that I could try to make ZAP pick up my Firefox profile?
I would appreciate any advice or solutions that could help me resolve this issue.
Thanks in advance!
Simon Bennetts
Zahar
I’m using the ictu/zap2docker-weekly image, running it and planning to use zap-full-scan.py. I pass a configuration file via the -c flag, specifying the Firefox profile as default. Before running the scan, I place the prepared Firefox profile in the container at:
/home/zap/.mozilla/firefox/{prepared_profile}
I expected ZAP to use this profile from the specified path, but when I run the following command:
python /zap/zap-full-scan.py -d -I -j -m10 -T 60 -t {PUBLIC_URL} -x /zap/wrk/report.xml -c /zap/conf/config.xml
I get the following error:
Failed to load config file /zap/conf/config.xml Unexpected number of tokens on line - there should be at least 3, tab separated: <?xml version="1.0" encoding="UTF-8" standalone="no"?>
At first, I thought the error was caused by manually editing the configuration file. So, I tried using a configuration file from the ictu/zap2docker container by running:
zap.sh -daemon -port 8080 -config api.disablekey=true -dir conf
However, when passing this file to zap-full-scan.py, I got the same error.
Questions:
1. What could be wrong with the configuration files? Why does zap-full-scan.py fail to accept them?
2. If I take the configuration file from zap.sh -daemon -port 8080 -config api.disablekey=true -dir conf and change the Firefox profile name to default, will ZAP use the profile located at /home/zap/.mozilla/firefox/{prepared_profile} when running zap-full-scan.py?
Any help would be greatly appreciated!