search

ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

target.tld:port/path not possible #1648

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. start zap (proxy on port 8080)
2. point browser to localhost:8080
3. use URL in browser like:  http://FQDN:4711/whatever

What is the expected output?
the website

What do you see instead?
Connection reset by browser/proxy (default error page of browser)

What version of the product are you using?
2.4.0
Found Java version 1.7.0_76
Available memory:  15984 MB
Setting jvm heap size: -Xmx512m

On what operating system?
debian 8, kernel 3.16

Please provide any additional information below.
7891 [Thread-7] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open end
30925 [ZAP-ProxyThread-1] ERROR org.parosproxy.paros.core.proxy.ProxyThread  - 
Invalid HTTP minor version number: HTTP/1.4.2015
org.apache.commons.httpclient.ProtocolException: Invalid HTTP minor version 
number: HTTP/1.4.2015
    at org.apache.commons.httpclient.HttpVersion.parse(HttpVersion.java:244)
    at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(Unknown Source)
    at org.zaproxy.zap.ZapGetMethod.readResponse(Unknown Source)
    at org.apache.commons.httpclient.HttpMethodBase.execute(Unknown Source)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
    at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
    at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
    at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
    at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
    at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
    at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
    at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Original issue reported on code.google.com by ac...@owasp.org on 25 May 2015 at 7:55

GoogleCodeExporter commented 9 years ago 
The problem is that the server returned an unsupported HTTP version number.
Which server was used? Is it using a custom HTTP version? Could you provide the 
response?

Original comment by THC...@gmail.com on 25 May 2015 at 9:16

GoogleCodeExporter commented 9 years ago 
This is a custom server and indeed returns somthing uncommon HTTP/1.4.2015

The "HTTP"- version in response is unimportant, somehow, just to be mentioned.
The same applies to "HTTP" itself in the version field.

That ZAP crashes at this point is a bit strange, as such things (response line)
may be the result of parameter manipulation, i.e. \r\n or a like.

I'd be happy if ZAP handles this properly (I know it's the fault of the used
java library;-)
It'sa warning, error, or detected attack.

My subject line for this defect is wrong then, should be: "uncommon response
line not handled".

Does this all sound reasonable?

Original comment by ac...@owasp.org on 25 May 2015 at 9:42

GoogleCodeExporter commented 9 years ago 
ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18