Scanning a site fails

[GoogleCodeExporter]

What steps will reproduce the problem?
1. installed the latest ZAP 2.4
2. trying to scan my url which is only running in https 
3. but in ZAP https scanning is not working

What is the expected output? What do you see instead?
It should scan the https request also but failed to scan

What version of the product are you using? On what operating system?
ZAP 2.4

Please provide any additional information below.
Running ZAP 2.4 in windows 7

Original issue reported on code.google.com by niraj.v...@gmail.com on 15 Apr 2015 at 7:29

[GoogleCodeExporter]

Are you using the UI or API?
If its the UI, what do you see?
Are any errors logged?

Original comment by psii...@gmail.com on 15 Apr 2015 at 7:31

[GoogleCodeExporter]

OK, it looks like this is a problem scanning a site, ie 
http(s)://www.example.com
rather than scanning https sites.
https://www.example.com/app works fine

Working on this now

Original comment by psii...@gmail.com on 15 Apr 2015 at 7:39

• Changed title: Scanning a site fails
• Changed state: Accepted
• Added labels: Priority-Critical
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Having said that, the problem I found only applied to the trunk - I can scan 
sites like https://www.example.com ok.
So more info needed please.

Original comment by psii...@gmail.com on 15 Apr 2015 at 7:45

• Changed state: New
• Added labels: Priority-Medium
• Removed labels: Priority-Critical

[GoogleCodeExporter]

Might be it may work with https://www.xyz.com but I have 
https://testnet.xyz.com 

and its failed. Please find the below attachment

Original comment by niraj.v...@gmail.com on 15 Apr 2015 at 8:42

Attachments:

• zaproxy.png

[GoogleCodeExporter]

Can you proxy your browser through ZAP and see if your URL actually resolves to 
another URL?
Browsers handle this internally, the ZAP Quick Scan will not.
Alternatively can you email me (psiinon at gmail.com) the URL you're trying - I 
can scan it without specifying any tests.

Original comment by psii...@gmail.com on 15 Apr 2015 at 8:51

[GoogleCodeExporter]

Thanks for the URL - I can reproduce this.
It looks like CloudFlare is blocking ZAP based on the default ZAP signature:
"Access denied | REDACTED used CloudFlare to restrict access"
"The owner of this website (REDACTED) has banned your access based on your 
browser's signature (REDACTED)."

I found this out by performing a manual request from ZAP on the URL you 
supplied.
The good news is that if you proxy your browser through ZAP first and then 
start the active scan via the Active Scan dialog then it works fine.

Original comment by psii...@gmail.com on 15 Apr 2015 at 9:44

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hi

   Please remove my domain name. Dont post in public atleast !!!!!!!

Original comment by niraj.v...@gmail.com on 21 Apr 2015 at 5:26

[GoogleCodeExporter]

The comments are no longer publicly visible.

Original comment by THC...@gmail.com on 21 Apr 2015 at 11:08

[GoogleCodeExporter]

Reproducing the comment that should help resolve the issue:
---------
I've just created a FAQ for this :)
https://code.google.com/p/zaproxy/wiki/FAQquickScanFailed
Can you try using the Manual Request Editor and let us know what it returns.
In the case of [REDACTED] I cant access this via a browser.
Other https sites appear to work for me.
---------

Could you provide more details as per the above comment?

Original comment by THC...@gmail.com on 21 Apr 2015 at 1:39

[GoogleCodeExporter]

ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18

• Changed state: Done