SOCKS proxy support

[GoogleCodeExporter]

Due to some restrictions, I usually push all of my tool traffic through a 
server that everyone knows is 'safe'. I usually use SSH tunnels for this sort 
of thing (ssh -D $PORT $HOST), which creates a SOCKS5 proxy listening locally 
to $HOST. 

That way I can use proxychains to wrap anything I want through my proxy, but 
ZAP only accepts http proxies, so I have a polipo instance running acting as a 
liaison between my local SOCKS listener and ZAP. It'd be quite nice if ZAP 
could support SOCKS proxying!

Original issue reported on code.google.com by fitblip@gmail.com on 17 Dec 2010 at 7:07

[GoogleCodeExporter]

Original comment by psii...@gmail.com on 18 Dec 2010 at 10:17

• Changed state: Accepted
• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

I looked at this briefly this weekend: I need to familiarise myself with the 
code before I am able to add in SOCKS proxy support, but in the meantime I 
found that with Java 5 and above you should be able to add the following 
parameters to the java command line:

  -DsocksProxyHost=<proxyserver> -DsocksProxyPort=<proxyport>

This should work in Java 5 and above, and is documented at 
http://download.oracle.com/javase/6/docs/technotes/guides/net/proxies.html

I have tested this on Debian GNU/Linux 6.0 (“squeeze”) and Windows XP, and 
it mostly works, although I get zero‐sized responses from some sites serving 
HTTPS.

Original comment by si...@bleah.co.uk on 27 Apr 2011 at 12:32

[GoogleCodeExporter]

Thanks for looking at this :)
Let us know if you need any pointers to where to find things in the code.

Psiinon

Original comment by psii...@gmail.com on 27 Apr 2011 at 1:05

[GoogleCodeExporter]

You can also take a look at how OWASP Proxy has implemented this.

In fact, OWASP Proxy also has Socks server support, allowing you to get a 
completely "clean" request, un-polluted with the browser's additional handling 
for an HTTP proxy.

I have no problem making this available for incorporation into ZAP

Original comment by rogan.da...@gmail.com on 4 Jan 2012 at 7:08

[GoogleCodeExporter]

Thanks for the offer of the OWASP proxy Rogan.
We've had some other issues with the HttpClient library modifying requests 
(Issue 257) which your proxy will probably fix.
Changing proxies probably wont be a simple job, but might well make ZAP cleaner 
and better.
Dont fancy doing this before 1.4 though ;)

Original comment by psii...@gmail.com on 4 Jan 2012 at 8:22

[GoogleCodeExporter]

any plans of getting this feature in Release 2.0

Original comment by anant@anantshri.info on 14 Sep 2012 at 7:59

[GoogleCodeExporter]

I'm not aware of anyone working on this I'm afraid.
Want to have a go at it yourself? ;)

Cheers,

Simon

Original comment by psii...@gmail.com on 17 Sep 2012 at 8:59

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Here is a quick hack to the launcher if you want to go trough socks5 using tor 
bundle : 

if [[ "$1" "untor" ]]
then
echo "[+] Not going trough Tor"
exec java ${JMEM} -XX:PermSize256M -jar "${BASEDIR}/zap.jar" $*
else
echo "[+] Going through socks5 on localhost:9150"
exec java ${JMEM} -XX:PermSize256M -DsocksProxyHost127.0.0.1 
-DsocksProxyPort9150 -jar "${BASEDIR}/zap.jar" $*
fi 

Cheers,
Zack

Original comment by badz...@gmail.com on 18 Feb 2014 at 10:18

[GoogleCodeExporter]

this hack does not work 
port is 9050
and even after these changes it connects without proxy , or with proxy as 
specified in 
options >> connections 
and in case of tor throws tor is not http error

Original comment by aloksaur...@gmail.com on 21 Jun 2014 at 12:30

[GoogleCodeExporter]

Heard from anantshr_ on irc that
 -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=8085
does the trick.
Should be easy to add this to the UI options and set in the code as per 
https://stackoverflow.com/questions/120797/how-do-i-set-the-proxy-to-be-used-by-
the-jvm

Original comment by psii...@gmail.com on 22 Oct 2014 at 7:54

[GoogleCodeExporter]

just adding more to what i added over at IRC.

the setting worked from commandline however it has to be made sure that there 
is no configuration marked in Outbound proxy config inside the ZAP 
configuration.

Original comment by anant@anantshri.info on 25 Oct 2014 at 12:27

[GoogleCodeExporter]

any plans of having this feature in next release or so running it from 
commandline always is a tiresome effort ( I know we can create a shell/desktop 
shortcut which i have right now) but internal feature would be nice.

Original comment by anant@anantshri.info on 14 Apr 2015 at 12:58

[GoogleCodeExporter]

Simply adding the socksProxy* command line options to the JVM like
-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050
or whatever values are your proxy's settings did not work for me on Mac OS X 
10.9.5 Mavericks.

Java didn't complain about the addition of the options when I put them in the 
`zap.sh` launcher script, but I still got ZAP's error response for every page I 
tried to load. The error looked like this:

    ZAP Error [java.net.SocketException]: SOCKS server general failure

I tried this with both the Mac OS X app bundle as well as the "Linux/cross 
platform" download. Each behaved the same for me.

I also tried using
-Djava.net.useSystemProxies=true

thinking that this would force ZAP to respect the SOCKS proxy settings in my 
Mac OS X Network System Preference pane, but to no avail.

Did I miss something obvious or is there some special magic spell required for 
Java to play nice with proxies on Apple's OS? Thanks in advance for any 
pointers you might have.

Original comment by meit...@gmail.com on 23 May 2015 at 2:00

[GoogleCodeExporter]

ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:17

• Changed state: Done