ZAP produces blank html reports(some times report with incomplete data)
640 views
Skip to first unread message
ak...@daiviktech.com
May 16, 2018, 6:27:17 AM5/16/18
to OWASP ZAP User Group
When I do passive scan I can see alerts from ZAP's alert tab but when I try to generate a html report using this I got a blank page(some times report with incomplete data).
I have checked ZAP logs but I couldn't find any errors related to this.
Can you help me to figure out the issue?
Can you help me to figure out the issue?
kingthorin+owaspzap
May 16, 2018, 6:46:27 AM5/16/18
to OWASP ZAP User Group
How are you generating the report?
kingthorin+owaspzap
May 16, 2018, 6:48:02 AM5/16/18
to OWASP ZAP User Group
Also is blank literally devoid of content or just lacking useful content? Is the file size zero? If you view source is there any content?
ak...@daiviktech.com
May 16, 2018, 12:45:53 PM5/16/18
to OWASP ZAP User Group
That is I am proxying my request through ZAP and I am generating zap html report using java api. Some times I am getting blank html reports but zap ui actually showed some alerts. I have attached that blank html here.
ak...@daiviktech.com
May 16, 2018, 12:47:47 PM5/16/18
to OWASP ZAP User Group
I am not running active scan.
kingthorin+owaspzap
May 16, 2018, 3:45:18 PM5/16/18
to OWASP ZAP User Group
If you generate the report from within ZAP does the same thing happen?
Have you checked the log or console for errors?
Are you marking the alerts as False Positives? (Do you have Context Alert Filters configured?)
ak...@daiviktech.com
May 17, 2018, 2:37:30 AM5/17/18
to OWASP ZAP User Group
1) If you generate the report from within ZAP does the same thing happen?
When I create report from zap ui, correct report generated.
2) Have you checked the log or console for errors?
When I create report from zap ui, correct report generated.
2) Have you checked the log or console for errors?
Yes I checked log.
I have started the zap from command prompt,
that is from C:\Program Files\OWASP\Zed Attack Proxy directory I ran following command "java -Xmx512m -jar zap-2.7.0.jar". I got this command from zap.bat file. That way I checked logs.
I have started the zap from command prompt,
that is from C:\Program Files\OWASP\Zed Attack Proxy directory I ran following command "java -Xmx512m -jar zap-2.7.0.jar". I got this command from zap.bat file. That way I checked logs.
3) Are you marking the alerts as False Positives? (Do you have Context Alert Filters configured?
No.
ak...@daiviktech.com
May 21, 2018, 6:04:23 AM5/21/18
to OWASP ZAP User Group
Hi,
Thanks, I fixed this issue.
I have added a "Thread.sleep(5000)" before calling "api.core.htmlreport()".
I don't know why I want to add a delay before generating report.
thc...@gmail.com
May 21, 2018, 6:55:13 AM5/21/18
to zaprox...@googlegroups.com
Thanks for letting us know.
The passive scanner might take some time to finish scanning all the
messages, that's why the delay makes a difference. Note though that the
recommended way is to check if the passive scanner no longer has any
messages in the queue (i.e. poll `zap.pscan.recordsToScan()` instead of
using a hardcoded sleep).
Best regards.
> I have added a "*Thread.sleep(5000)*" before calling "
> *api.core.htmlreport()*".
The passive scanner might take some time to finish scanning all the
messages, that's why the delay makes a difference. Note though that the
recommended way is to check if the passive scanner no longer has any
messages in the queue (i.e. poll `zap.pscan.recordsToScan()` instead of
using a hardcoded sleep).
Best regards.
> I have added a "*Thread.sleep(5000)*" before calling "
> *api.core.htmlreport()*".
ak...@daiviktech.com
May 23, 2018, 7:47:16 AM5/23/18
to OWASP ZAP User Group
Hi,
Thanks for your suggestion I will try that.
Reply all
Reply to author
Forward
0 new messages