Closed n7902 closed 4 years ago
Fixed, an extra tick in the auth.loginurl switch was the culprit, cheers
Can you pleas send the exact command that fixed the issue? I am also facing the same issue here
@sai-yanamandra are you using the latest version? Error messages were recently improved. Please provide your full command.
@n7902 Could you please share the Fix on auth.loginurl switch am facing same issue
@rameshrangaswamy can you share your full command and output?
@dicksnel here it is please help in resolving this.
chmod -R 777 ./ docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-full-scan.py -I -j -m 10 -T 60 \ -t https://example.net \ -r testreport.html \ -d \ --hook=/zap/auth_hook.py \ -x OWASP-ZAP-Report.xml \ -z "auth.loginurl=https://example.net/signin.aspx \ auth.username="username" \ auth.password="password" \ auth.username_field="txtEmail" \ auth.password_field="txtPassword" \ auth.submit_field="submit" \ auth.exclude=".signout." auth.include="https://example.*"
@rameshrangaswamy you are missing a closing " at the end. The entire -z arg should be quoted:
docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-full-scan.py -I -j -m 10 -T 60
-t https://example.net \
-r testreport.html \
-d \
--hook=/zap/auth_hook.py \
-x OWASP-ZAP-Report.xml \
-z "auth.loginurl=https://example.net/signin.aspx \
auth.username="username" \
auth.password="password" \
auth.username_field="txtEmail" \
auth.password_field="txtPassword" \
auth.submit_field="submit" \
auth.exclude=".signout."
auth.include="https://example.*""
Running this command works, displaying that it's loading the provided params when it runs.
docker run --network="host" --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-full-scan.py -t http://myexample.com -z "auth.loginurl=http://myexample/#/login "auth.username="admin" auth.username_field="email" auth.password_field="password" auth.password="admin123""
But adding the switch for the --auth.hook after -t http:myexample.com results in the below error, which appears to view the provided login page as an object.