Passive Scan Stuck....

[Josh]

Hello there!

I am running our testing suite against the ZAP Proxy and letting the passive scan do its thing. Unfortunately, it appears that it gets stuck on one or two URLs and never finishes the passive scan - it has 5 left in the queue, and I have left it for a number of hours.

I enabled debug & trace logging, but I am still not seeing anything relevant. It appears that the URLs just keep going through the same tests and generating the same alerts. It's the exact same URLs every time.

What are some next steps I can take to debug this further?

Thanks

[Josh]

Finally solved this. Realized that one of the URLs was returning a very large amount of data; I set ZAP to exclude response bodies > x bytes and its finishing fine.

Still find it odd that there wasn't any kind of error or warning in the logs?

[kingthorin+owaspzap]

It was still processing them. There would have been an info message in the log after it had got through them. If a rule takes more then 5 sec on a particular message then a log entry is added.