Closed GoogleCodeExporter closed 9 years ago
Just to update, i was trying other proxies like watobo and the website i am
trying to open works perfectly fine in watobo. However, i would really like to
make it work in Owasp ZAP and try understand it better.
Original comment by dewansid...@gmail.com
on 28 Jun 2013 at 1:31
I've found this link, which looks like it might be very relevant:
http://yuriytkach.blogspot.co.uk/2011/10/javaxnetsslsslexception-badrecordmac.ht
ml
Towards the end of the page it recommends adding:
((SSLSocket) socket).setEnabledProtocols(new String[] { "SSLv3" });
((SSLSocket) socket).setUseClientMode(true);
It looks like we have the first of those lines in our code, but commented out:
http://code.google.com/p/zaproxy/source/browse/trunk/src/org/parosproxy/paros/ne
twork/SSLConnector.java#99
I've just created a test build with these 2 lines in - I've attached the
zap.jar to this ticket.
Could you backup your existing zap.jar file and see if this one fixes this
problem?
If it works then we'll probably need to define an option to enable it as it may
break other sites.
Thanks,
Simon
Original comment by psii...@gmail.com
on 9 Jul 2013 at 10:10
Attachments:
Getting similar issue with ZAP 2.3.0.1.
Response:
HTTP/1.1 502 Bad Gateway
Content-Length: 80
Content-Type: text/plain; charset=UTF-8
ZAP Error [javax.net.ssl.SSLException]: Received fatal alert: unexpected_message
No issues in log.
On a whim tried to use zap.jar from this post without success.
Suspect it has something to do with certificates on target web site. Imported
them into browser (FF). Maybe into Zap as well?
Original comment by randall....@gmail.com
on 22 May 2014 at 1:39
Which JRE/JDK implementation are you using?
You can import client certificates into ZAP in "Options" > "Certificate".
Let us know if that worked (or not).
Original comment by THC...@gmail.com
on 30 May 2014 at 10:19
We need further info in order to work on this issue.
If we don't receive anything by 20140827 it will be closed.
Original comment by kingtho...@gmail.com
on 14 Aug 2014 at 12:21
Original comment by kingtho...@gmail.com
on 28 Aug 2014 at 12:02
Hi, I am also facing the same issue for Path Traversal.
ZAP version is ZAP 2.3.1 , jre1.8.0_25
Error scanning parameters for Path Traversal: Received fatal alert:
bad_record_mac
82356263 [ZAP-ActiveScanner-0] ERROR org.zaproxy.zap.extension.ascanrules.TestPathTraversal - Error scanning parameters for Path Traversal: Connectio
n reset
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.readV3Record(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:141
3)
at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
at org.zaproxy.zap.extension.ascanrules.TestPathTraversal.scan(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scanVariant(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(Unknown Source)
at org.parosproxy.paros.core.scanner.AbstractPlugin.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Original comment by rajanban...@gmail.com
on 7 Jan 2015 at 11:28
Original issue reported on code.google.com by
dewansid...@gmail.com
on 27 Jun 2013 at 9:16Attachments: