Unable to access ZAP (2.7.0) API through browser while hosting it in a Docker container on mac
1,908 views
Skip to first unread message
V_Reddy
Mar 5, 2018, 3:31:46 PM3/5/18
to OWASP ZAP User Group
Hi,
I am still struggling with accessing the ZAP API through UI while hosting the ZAP in a Docker container on my mac.
Here's the command that I am using -
Also, tried this command -
Ultimately, I keep getting the exception as -
or
And when trying to access the ZAP API as http://172.17.0.2:8090/UI, the browser seems to hang their until it gives up as the connection times out.
I have followed the instructions from these URLs - https://github.com/zaproxy/zaproxy/wiki/Docker#accessing-the-api-from-outside-of-the-docker-container
and https://github.com/zaproxy/zaproxy/issues/4027.
Can someone please help? I would really appreciate it.
Thanks and Regards,
V Reddy
I am still struggling with accessing the ZAP API through UI while hosting the ZAP in a Docker container on my mac.
Here's the command that I am using -
docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0 -config api.disablekey=trueAlso, tried this command -
docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0 -config api.disablekey=true -config api.addrs.addr.name=172.17.0.*
Ultimately, I keep getting the exception as -
ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://localhost:8090/UI from 172.17.0.1 not permitted
ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://127.0.0.1:8090/UI from 172.17.0.1 not permittedAnd when trying to access the ZAP API as http://172.17.0.2:8090/UI, the browser seems to hang their until it gives up as the connection times out.
I have followed the instructions from these URLs - https://github.com/zaproxy/zaproxy/wiki/Docker#accessing-the-api-from-outside-of-the-docker-container
and https://github.com/zaproxy/zaproxy/issues/4027.
Can someone please help? I would really appreciate it.
Thanks and Regards,
V Reddy
thc...@gmail.com
Mar 5, 2018, 3:51:34 PM3/5/18
to zaprox...@googlegroups.com
Hi.
In the second command is missing:
-config api.addrs.addr.regex=true
to change the "name" to a regular expression.
https://github.com/zaproxy/zaproxy/wiki/FAQremote
Best regards.
On 05/03/18 20:31, V_Reddy wrote:
> Hi,
> I am still struggling with accessing the ZAP API through UI while hosting
> the ZAP in a Docker container on my mac.
>
> Here's the command that I am using -
>
> docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090
> -host 0.0.0.0 -config api.disablekey=true
>
> Also, tried this command -
>
> docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090
> -host 0.0.0.0 -config api.disablekey=true -config api.addrs.addr.name=172.17
> .0.*
>
> Ultimately, I keep getting the exception as -
> ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to
> API URL http://localhost:8090/UI from 172.17.0.1 not permitted
> or
> ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to
> API URL http://127.0.0.1:8090/UI from 172.17.0.1 not permitted
>
> And when trying to access the ZAP API as *http://172.17.0.2:8090/UI*, the
In the second command is missing:
-config api.addrs.addr.regex=true
to change the "name" to a regular expression.
https://github.com/zaproxy/zaproxy/wiki/FAQremote
Best regards.
On 05/03/18 20:31, V_Reddy wrote:
> Hi,
> I am still struggling with accessing the ZAP API through UI while hosting
> the ZAP in a Docker container on my mac.
>
> Here's the command that I am using -
>
> docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090
> -host 0.0.0.0 -config api.disablekey=true
>
> Also, tried this command -
>
> docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090
> -host 0.0.0.0 -config api.disablekey=true -config api.addrs.addr.name=172.17
> .0.*
>
> Ultimately, I keep getting the exception as -
> ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to
> API URL http://localhost:8090/UI from 172.17.0.1 not permitted
> or
> ZAP-ProxyThread-20] WARN org.zaproxy.zap.extension.api.API - Request to
> API URL http://127.0.0.1:8090/UI from 172.17.0.1 not permitted
>
V_Reddy
Mar 5, 2018, 4:15:14 PM3/5/18
to OWASP ZAP User Group
Thanks for your quick response, thc202!
I have added the command '-config api.addrs.addr.regex=true' as you suggested but still the browser hangs for a while trying to connect and gives up.
I looked at the Docker containers logs and found the below -
2018-03-05 21:04:57,102 [main ] INFO DaemonBootstrap - OWASP ZAP 2.7.0 started 05/03/18 21:04:57 with home /home/zap/.ZAP/
2018-03-05 21:04:57,133 [main ] INFO AbstractParam - Setting config api.disablekey = true was null
2018-03-05 21:04:57,134 [main ] INFO AbstractParam - Setting config api.addrs.addr.name = 172.17.0.* was null
2018-03-05 21:04:57,134 [main ] INFO AbstractParam - Setting config api.addrs.addr.regex = true was null
Does the above messages indicate that the commands passed to the ZAP didn't take any affect?
Please advice.
Thanks.
I have added the command '-config api.addrs.addr.regex=true' as you suggested but still the browser hangs for a while trying to connect and gives up.
I looked at the Docker containers logs and found the below -
2018-03-05 21:04:57,102 [main ] INFO DaemonBootstrap - OWASP ZAP 2.7.0 started 05/03/18 21:04:57 with home /home/zap/.ZAP/
2018-03-05 21:04:57,133 [main ] INFO AbstractParam - Setting config api.disablekey = true was null
2018-03-05 21:04:57,134 [main ] INFO AbstractParam - Setting config api.addrs.addr.name = 172.17.0.* was null
2018-03-05 21:04:57,134 [main ] INFO AbstractParam - Setting config api.addrs.addr.regex = true was null
Does the above messages indicate that the commands passed to the ZAP didn't take any affect?
Please advice.
Thanks.
thc...@gmail.com
Mar 5, 2018, 4:22:55 PM3/5/18
to zaprox...@googlegroups.com
That means the configs were properly processed.
How were you accessing ZAP before? (When you got the logs "... from
172.17.0.1 not permitted".) Are you able to access that way now?
Best regards.
How were you accessing ZAP before? (When you got the logs "... from
172.17.0.1 not permitted".) Are you able to access that way now?
Best regards.
V_Reddy
Mar 5, 2018, 4:40:29 PM3/5/18
to OWASP ZAP User Group
I have previously used ZAP through the regular MAC/Windows installations and was able to successfully access the API through a browser or command line while starting them in daemon mode.
This is first time I am trying to use the docker container and as you know without much success. I am still not able to access the API using the 172.17.0.2 which docker specifies that this container is accessible on.
Could this be a docker issue on Mac?
Thanks.
This is first time I am trying to use the docker container and as you know without much success. I am still not able to access the API using the 172.17.0.2 which docker specifies that this container is accessible on.
Could this be a docker issue on Mac?
Thanks.
thc...@gmail.com
Mar 5, 2018, 5:03:54 PM3/5/18
to zaprox...@googlegroups.com
I'd expect Docker to work fine as well. Is the connection being
reset/closed or still a "timeout"? If the latter it seems that it's not
connecting to ZAP.
Could you try proxy through that address/port? Are you able to access
the site?
Best regards.
reset/closed or still a "timeout"? If the latter it seems that it's not
connecting to ZAP.
Could you try proxy through that address/port? Are you able to access
the site?
Best regards.
V_Reddy
Mar 5, 2018, 5:42:52 PM3/5/18
to OWASP ZAP User Group
http://172.17.0.2:8090/UI connection is still a timeout.
Although,
works fine and am able to access through "http://localhost:8080/?anonym=true&app=ZAP" without any issue.
Although,
docker run -u zap -p 8080:8080 -p 8090:8090 -i owasp/zap2docker-stable zap-webswing.shworks fine and am able to access through "http://localhost:8080/?anonym=true&app=ZAP" without any issue.
Could you try proxy through that address/port?
Can you please be more specific? Do you mean if I set the proxy as 172.17.0.2:8093 (which is where ZAP is running) on browser, am I able to access a site? If so, yes, I am able to access a site through that proxy but docker logs doesnt indicate that. So, am confused.
Thanks.
thc...@gmail.com
Mar 5, 2018, 5:53:51 PM3/5/18
to zaprox...@googlegroups.com
Interesting, so what happens if you try access http://zap/ while proxying?
(For normal traffic ZAP does not log anything, unless in DEBUG.)
Just to make sure there's a typo in the port, "8090" not "8093"?
Best regards.
(For normal traffic ZAP does not log anything, unless in DEBUG.)
Just to make sure there's a typo in the port, "8090" not "8093"?
Best regards.
V_Reddy
Mar 5, 2018, 6:07:51 PM3/5/18
to OWASP ZAP User Group
Actually, I am running ZAP on port 8093 -
My previous reply was indicating the '8090' on zap-webswing, not ZAP. Sorry for the confusion!
When I try to access http://zap/ while proxying, it shows connecting but ultimately gives up as 'connection timed out'.
Thanks.
4070 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:8093My previous reply was indicating the '8090' on zap-webswing, not ZAP. Sorry for the confusion!
When I try to access http://zap/ while proxying, it shows connecting but ultimately gives up as 'connection timed out'.
Thanks.
Reply all
Reply to author
Forward
0 new messages