Closed GoogleCodeExporter closed 9 years ago
Are you using the UI or API?
If its the UI, what do you see?
Are any errors logged?
Original comment by psii...@gmail.com
on 15 Apr 2015 at 7:31
OK, it looks like this is a problem scanning a site, ie
http(s)://www.example.com
rather than scanning https sites.
https://www.example.com/app works fine
Working on this now
Original comment by psii...@gmail.com
on 15 Apr 2015 at 7:39
Having said that, the problem I found only applied to the trunk - I can scan
sites like https://www.example.com ok.
So more info needed please.
Original comment by psii...@gmail.com
on 15 Apr 2015 at 7:45
Might be it may work with https://www.xyz.com but I have
https://testnet.xyz.com
and its failed. Please find the below attachment
Original comment by niraj.v...@gmail.com
on 15 Apr 2015 at 8:42
Attachments:
Can you proxy your browser through ZAP and see if your URL actually resolves to
another URL?
Browsers handle this internally, the ZAP Quick Scan will not.
Alternatively can you email me (psiinon at gmail.com) the URL you're trying - I
can scan it without specifying any tests.
Original comment by psii...@gmail.com
on 15 Apr 2015 at 8:51
Thanks for the URL - I can reproduce this.
It looks like CloudFlare is blocking ZAP based on the default ZAP signature:
"Access denied | REDACTED used CloudFlare to restrict access"
"The owner of this website (REDACTED) has banned your access based on your
browser's signature (REDACTED)."
I found this out by performing a manual request from ZAP on the URL you
supplied.
The good news is that if you proxy your browser through ZAP first and then
start the active scan via the Active Scan dialog then it works fine.
Original comment by psii...@gmail.com
on 15 Apr 2015 at 9:44
[deleted comment]
[deleted comment]
Hi
Please remove my domain name. Dont post in public atleast !!!!!!!
Original comment by niraj.v...@gmail.com
on 21 Apr 2015 at 5:26
The comments are no longer publicly visible.
Original comment by THC...@gmail.com
on 21 Apr 2015 at 11:08
Reproducing the comment that should help resolve the issue:
---------
I've just created a FAQ for this :)
https://code.google.com/p/zaproxy/wiki/FAQquickScanFailed
Can you try using the Manual Request Editor and let us know what it returns.
In the case of [REDACTED] I cant access this via a browser.
Other https sites appear to work for me.
---------
Could you provide more details as per the above comment?
Original comment by THC...@gmail.com
on 21 Apr 2015 at 1:39
ZAP has been migrated to github
This issue will be on github issues with the same ID:
https://github.com/zaproxy/zaproxy/issues
Original comment by psii...@gmail.com
on 5 Jun 2015 at 9:18
Original issue reported on code.google.com by
niraj.v...@gmail.com
on 15 Apr 2015 at 7:29