search

ICTU / zap2docker-auth-weekly

Zap baseline scanner in Docker with authentication
Apache License 2.0
104 stars 70 forks source link

error in authenticate: None #42

Closed SirNeato closed 2 years ago

SirNeato commented 2 years ago

Hello, I'm trying to run authenticated scans of my web app and am running into a bit of a problem with authentication. I'm still getting a report out, but it doesn't contain any context past what can be scanned from the login page.

The command I'm running is:

docker run --rm -u 0 -v $(pwd):/zap/wrk/:rw -t ictu/zap2docker-weekly zap-baseline.py -I -j \
-t http://[my-website] -d \
-r zap_report_auth.html \
--hook=/zap/auth_hook.py \
-z "auth.loginurl=http://[website-login] \
  auth.username="user" \
  auth.password="pass""

Which produces the output:

2021-11-12 18:46:06,017 Finished Request
Traceback (most recent call last):
  File "/zap/zap_auth.py", line 84, in authenticate
    self.setup_webdriver()
  File "/zap/zap_auth.py", line 70, in setup_webdriver
    self.driver = webdriver.Firefox(
  File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/firefox/webdriver.py", line 170, in __init__
    RemoteWebDriver.__init__(
  File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webdriver.py", line 157, in __init__
    self.start_session(capabilities, browser_profile)
  File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webdriver.py", line 252, in start_session
    response = self.execute(Command.NEW_SESSION, parameters)
  File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute
    self.error_handler.check_response(response)
  File "/usr/local/lib/python3.8/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
    raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: Process unexpectedly closed with status 1

2021-11-12 18:46:06,019 error in authenticate: None

I'm sure this is a simple syntax problem or something but for the life of me I can't figure it out. Any help would be greatly appreciated.

nagyleventeboldizsar commented 2 years ago

Hi, I've seen this kind of error too. As far as I know, this solution gives you 5 seconds to load the application in webdriver. If it's more than 5 sec, then it will fail.

dicksnel commented 2 years ago

Hi, please try the new params that were recently added:

auth.check_delay How long to wait after submitting the form. auth.check_element Element to look for to verify login completed.

Please reopen the issue if you still have issues.

SirNeato commented 2 years ago

Appreciate the replies! I have since set auth.check_delay to a bunch of different ints, from 5 to 120, as well as auth.check_element to an XPath (it is supposed to be an XPath right?) of an element that appears after logging in and am still getting the same stack trace.

nagyleventeboldizsar commented 2 years ago

with configuring auth.check_delay, my application seems working. Appreciate the help!