Closed vinilnarayan closed 3 years ago
Hi, you are missing the closing quotes for the -z argument. So you need to add another “ at the end.
@dicksnel
Ohhhh noooooo... Accidentally I missed and its working fine now..
Hi,
Have you faced the issue which I mentioned din below.. I have tried to understand the issue. but could not get any solution.
raise exception_class(message, screen, stacktrace) selenium.common.exceptions.WebDriverException: Message: Reached error page: about:neterror?e=nssFailure2&u=https%3A//zero.webappsecurity.com/auth/accept-certs.html%3Fuser_token%3De9675ea7-8f36-40be-bd60-90fda2f96371&c=UTF-8&d=%20
2021-05-06 09:55:25,130 error in login: None WARNING: An illegal reflective access operation has occurred
Can you post the full command and output with -d ? Seems like it cannot load your site because of an invalid certificate.
Hi, The command which I tried is
docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j \
-t http://zero.webappsecurity.com/ \
-r testreport.html \
--hook=/zap/auth_hook.py \
-z "auth.loginurl=http://zero.webappsecurity.com/login.html \
auth.username="username" \
auth.password="password" \
auth.username_field="user_login" \
auth.password_field="user_password" \
auth.submit_field="submit" \
auth.exclude=".*logout.*""
And the output is
+ docker run --rm -v /Users/vinilnarayan/.jenkins/workspace/NewDocker-ZAP-Pipeline_session2@2:/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j -t http://zero.webappsecurity.com/ -r testreport.html --hook=/zap/auth_hook.py -z 'auth.loginurl=http://zero.webappsecurity.com/login.html auth.username=username auth.password=password auth.username_field=user_login auth.password_field=user_password auth.submit_field=submit auth.exclude=.*logout.*'
2021-05-06 09:55:00,481 Extra params passed by ZAP: ['-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall', 'pscanrulesBeta', 'auth.loginurl=http://zero.webappsecurity.com/login.html', 'auth.username=username', 'auth.password=password', 'auth.username_field=user_login', 'auth.password_field=user_password', 'auth.submit_field=submit', 'auth.exclude=.*logout.*']
2021-05-06 09:55:00,481 _get_zap_param auth.loginurl: http://zero.webappsecurity.com/login.html
2021-05-06 09:55:00,481 _get_zap_param auth.username: username
2021-05-06 09:55:00,481 _get_zap_param auth.password: password
2021-05-06 09:55:00,481 _get_zap_param auth.username_field: user_login
2021-05-06 09:55:00,482 _get_zap_param auth.password_field: user_password
2021-05-06 09:55:00,482 _get_zap_param auth.submit_field: submit
2021-05-06 09:55:00,482 _get_zap_param auth.exclude: ['.*logout.*']
May 06, 2021 9:55:06 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
2021-05-06 09:55:10,907 Included http://zero.webappsecurity.com/.*
2021-05-06 09:55:10,942 Excluded .*logout.*
2021-05-06 09:55:10,942 Start display
2021-05-06 09:55:11,008 Start webdriver
2021-05-06 09:55:15,086 authenticate using webdriver against URL: http://zero.webappsecurity.com/login.html
2021-05-06 09:55:22,484 automatically finding login elements
2021-05-06 09:55:22,484 Trying to find element user_login
2021-05-06 09:55:22,484 Built xpath: //input[(translate(@id, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='user_login') and (@type='text' or @type='email' or not(@type))]
2021-05-06 09:55:22,507 Found element user_login by id
2021-05-06 09:55:22,546 Filled the user_login element
2021-05-06 09:55:22,546 Trying to find element user_password
2021-05-06 09:55:22,546 Built xpath: //input[(translate(@id, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='user_password') and (@type='text' or @type='password' or not(@type))]
2021-05-06 09:55:22,555 Found element user_password by id
2021-05-06 09:55:22,578 Filled the user_password element
2021-05-06 09:55:22,578 Trying to find element submit
2021-05-06 09:55:22,579 Built xpath: //*[(translate(@id, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='submit') and (@type='submit' or @type='button' or button)]
2021-05-06 09:55:22,589 Built xpath: //*[(translate(@name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','abcdefghijklmnopqrstuvwxyz')='submit') and (@type='submit' or @type='button' or button)]
2021-05-06 09:55:22,594 Found element submit by name
Traceback (most recent call last):
File "/zap/zap_auth.py", line 77, in login
self.auto_login(config)
File "/zap/zap_auth.py", line 163, in auto_login
self.submit_form(config.auth_submitaction, config.auth_submit_field_name, username_element)
File "/zap/zap_auth.py", line 171, in submit_form
element.click()
File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webelement.py", line 80, in click
self._execute(Command.CLICK_ELEMENT)
File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webelement.py", line 633, in _execute
return self._parent.execute(command, params)
File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute
self.error_handler.check_response(response)
File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: Reached error page: about:neterror?e=nssFailure2&u=https%3A//zero.webappsecurity.com/auth/accept-certs.html%3Fuser_token%3De9675ea7-8f36-40be-bd60-90fda2f96371&c=UTF-8&d=%20
2021-05-06 09:55:25,130 error in login: None
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/zap/./plugin/spiderAjax-release-23.4.0.zap) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
1620294934433 geckodriver INFO Listening on 127.0.0.1:21597
1620294934780 mozrunner::runner INFO Running command: "/usr/lib/firefox/firefox" "--marionette" "-headless" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofileFBBUdS"
*** You are running in headless mode.
[GFX1-]: glxtest: libpci missing
[GFX1-]: glxtest: libEGL missing
[GFX1-]: glxtest: libEGL missing
(/usr/lib/firefox/firefox:501): GLib-GObject-CRITICAL **: 09:55:35.768: g_object_set: assertion 'G_IS_OBJECT (object)' failed
(/usr/lib/firefox/firefox:521): GLib-GObject-CRITICAL **: 09:55:35.867: g_object_set: assertion 'G_IS_OBJECT (object)' failed
console.warn: SearchSettings: "get: No settings file exists, new profile?" (new Error("", "(unknown module)"))
console.error: Region.jsm: "Error fetching region" (new TypeError("NetworkError when attempting to fetch resource.", ""))
console.error: Region.jsm: "Failed to fetch region" (new Error("NO_RESULT", "resource://gre/modules/Region.jsm", 419))
(/usr/lib/firefox/firefox:609): GLib-GObject-CRITICAL **: 09:55:37.411: g_object_set: assertion 'G_IS_OBJECT (object)' failed
1620294937472 Marionette INFO Listening on port 40501
1620294937514 Marionette WARN TLS certificate errors will be ignored for this session
(/usr/lib/firefox/firefox:764): GLib-GObject-CRITICAL **: 09:56:18.537: g_object_set: assertion 'G_IS_OBJECT (object)' failed
(/usr/lib/firefox/firefox:840): GLib-GObject-CRITICAL **: 09:56:39.678: g_object_set: assertion 'G_IS_OBJECT (object)' failed
1620295006811 Marionette INFO Stopped listening on port 40501
Total of 29 URLs
This error is due to the fact that the website is using TLS1.1 or older, which is deprecated and now blocked behind a warning by Firefox and Chrome.
I just pushed a commit which ignores this warning. Please pull the latest Docker image and try again.
Thank you soo much for the quick response.
Sorry , I'm new to docker actually. :(
can i use the same command to pull latest docker image?
docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j \
-t http://zero.webappsecurity.com/ \
-r testreport.html \
--hook=/zap/auth_hook.py \
-z "auth.loginurl=http://zero.webappsecurity.com/login.html \
auth.username="username" \
auth.password="password" \
auth.username_field="user_login" \
auth.password_field="user_password" \
auth.submit_field="submit" \
auth.exclude=".*logout.*""
Hi @dicksnel ,
With my limited knowledge, i have updated the command.
docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly:latest zap-baseline.py -I -j \
-t http://zero.webappsecurity.com/ \
-r testreport.html \
--hook=/zap/auth_hook.py \
-z "auth.loginurl=http://zero.webappsecurity.com/login.html \
auth.username="username" \
auth.password="password" \
auth.username_field="user_login" \
auth.password_field="user_password" \
auth.submit_field="submit" \
auth.exclude=".*logout.*""
and still getting
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: Reached error page: about:neterror?e=nssFailure2&u=https%3A//zero.webappsecurity.com/auth/accept-certs.html%3Fuser_token%3D3180a52e-017f-4095-b8a3-4ec039fd8a6d&c=UTF-8&d=%20
2021-05-07 10:03:13,500 error in login: None
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/zap/./plugin/spiderAjax-release-23.4.0.zap) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
1620381804040 geckodriver INFO Listening on 127.0.0.1:30153
1620381804641 mozrunner::runner INFO Running command: "/usr/lib/firefox/firefox" "--marionette" "-headless" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofileA5Wtmg"
*** You are running in headless mode.
[GFX1-]: glxtest: libpci missing
[GFX1-]: glxtest: libEGL missing
[GFX1-]: glxtest: libEGL missing
(/usr/lib/firefox/firefox:526): GLib-GObject-CRITICAL **: 10:03:26.711: g_object_set: assertion 'G_IS_OBJECT (object)' failed
(/usr/lib/firefox/firefox:546): GLib-GObject-CRITICAL **: 10:03:26.878: g_object_set: assertion 'G_IS_OBJECT (object)' failed
console.warn: SearchSettings: "get: No settings file exists, new profile?" (new Error("", "(unknown module)"))
console.error: Region.jsm: "Error fetching region" (new TypeError("NetworkError when attempting to fetch resource.", ""))
console.error: Region.jsm: "Failed to fetch region" (new Error("NO_RESULT", "resource://gre/modules/Region.jsm", 419))
(/usr/lib/firefox/firefox:610): GLib-GObject-CRITICAL **: 10:03:29.603: g_object_set: assertion 'G_IS_OBJECT (object)' failed
1620381809642 Marionette INFO Listening on port 40285
1620381809729 Marionette WARN TLS certificate errors will be ignored for this session
1620381848068 Marionette INFO Stopped listening on port 40285
Total of 22 URLs
Hi, you need to pull the latest image first:
docker pull ictu/zap2docker-weekly:latest
@dicksnel ,
Its really cool... very interesting.. Thanks for the help :)
Hi, I'm getting below error while running with
*docker run --rm -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j \ -t http://zero.webappsecurity.com/login.html \ -r testreport.html \ --hook=/zap/auth_hook.py \ -z "auth.loginurl=http://zero.webappsecurity.com/login.html \ auth.username="username" \ auth.password="password" \ auth.username_field="user_login" \ auth.password_field="user_password" \ auth.submit_field="submit" \ auth.exclude=".logout." auth.include="https://api.website.net."**
Error : _.jenkins/workspace/NewDocker-ZAP-Pipelinesession2@2@tmp/durable-5da50a65/script.sh: line 5: unexpected EOF while looking for matching `"'