启动时,ZAP工具卡在中间

问题描述 投票:0回答:1

我正在尝试将硒与ZAP整合。

为此,我使用以下代码在使用selenium启动浏览器之前自动打开ZAP工具。

我面临的问题是ZAP工具没有正确打开,它卡在中间。

我用以下代码打开了ZAP工具。

码:

public void triggerZAP() throws IOException, InterruptedException, ClientApiException
{       
    String[] command = { "CMD", "/C",zapLocation + "ZAP.exe" };
    ProcessBuilder build = new ProcessBuilder(command);
    build.directory(new File(zapLocation));
    Process p = build.start();
    p.waitFor();
    Thread.sleep(5000);
    ClientApi api = new ClientApi(zapAddress, zapPort);
    currentURL = controls.getCurrentUrl();
    System.out.println("Spider : " + currentURL);
    ApiResponse resp = api.spider.scan(currentURL, null, null, null, null);
    scanId = ((ApiResponseElement) resp).getValue();
    while (true)
    {
        Thread.sleep(1000);
        progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanId)).getValue());
        System.out.println("Spider progress : " + progress + "%");
        if (progress >= 100)
        {
            break;
        }
    }
    System.out.println("Spider complete");
    System.out.println(new String(api.core.xmlreport()));

}

错误:

org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:311)
at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:220)
at com.exterro.fusion.selenium.controls.ZAPConfigurations.triggerZAP(ZAPConfigurations.java:61)
at com.exterro.fusion.selenium.core.FusionSignin.config(FusionSignin.java:54)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.http.HttpClient.privilegedOpenServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:338)
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:327)
... 31 more
... Removed 27 stack frames
security selenium-webdriver penetration-testing zap zapproxy
1个回答
1
投票

在启动ZAP时,您似乎没有指定API密钥。如果是这样,那么ZAP将为您创建一个,但您不会知道它是什么,所以将无法使用它,ZAP将忽略您的API调用。

要通过命令行设置API密钥,请使用以下选项:-config api.key=change-me-9203935709

您还可以在安全的环境中禁用API密钥 - 更多详细信息:https://github.com/zaproxy/zaproxy/wiki/FAQapikey

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.