OWASP ZAP report generation bug

102 views
Skip to first unread message

Mohamed Ketata

unread,
Sep 22, 2022, 7:11:54 AM9/22/22
to OWASP ZAP User Group
hi, how are you doing?
OWASP ZAP version: 2.11.1
java version: 8
yesterday, we tried to analyse some of the applications that the company owns,
we got some alerts and we fixed some,
but there is an application (that I cannot share the URL here) that was made in Symfony (so PHP) that causes the report generation to fail with a null messageimage_2022-09-22_131029185.png
the command line says errors like:
JavaScript error: https://server/website, line 57: TypeError: document.loginform.credential_0 is undefined
console.warn: LoginRecipes: "Falling back to a synchronous message for: https://server."
please can you assist us on that matter?

Mohamed Ketata

unread,
Sep 22, 2022, 7:16:25 AM9/22/22
to OWASP ZAP User Group
one more thing: I am unable to run ZAP from the shortcut so I had to run the .sh script

kingthorin+owaspzap

unread,
Sep 22, 2022, 2:58:23 PM9/22/22
to OWASP ZAP User Group
Provide the command you're using?
Start with the GUI and see if things behave?

Please be much more specific than "Unable".... You can't find it? There's an error? It does nothing? (What platform? How as ZAP installed?)

kingthorin+owaspzap

unread,
Sep 22, 2022, 2:58:50 PM9/22/22
to OWASP ZAP User Group

Mohamed Ketata

unread,
Sep 23, 2022, 6:29:11 AM9/23/22
to OWASP ZAP User Group
hi,
sorry for sounding a bit confusing but when I wrote that I am unable to open ZAP from the .exe, I meant that I am really unable to do so, when I double click on it or click & hit enter, nothing happens
and I am not running ZAP from the CLI, just the GUI so the report generation was from the GUI,
I somehow found a solution to the report generation problem, so I generated a bunch yesterday, now my question, which is also related to a report generation problem, is that when I generate the report, it is so empty and only provides little information, we need to generate a HTML report so I kept everything by default, I just selected the servers and context, but the report is too tiny and the only useful information that it contains are the alert categories (just the names of the categories), the confidence categories and a list of servers, I cannot share it since it is confidential
can you assist us?
Reply all
Reply to author
Forward
0 new messages