Forced Browse uses wrong scheme when "attacking" a site accessed over a secure connection (HTTPS) on a non-default port

[GoogleCodeExporter]

Steps to reproduce the issue:
1. Run ZAP;
2. Access a site over a secure connection on a non-default port (example: 
https://example.com:8888/);
3. Select the "Forced Browse" tab and choose the accessed site ("Site" combo 
box);
4. Press the "Start Forced Browse" button ("play");
5. Check the console for "DirBuster" output (or check the messages with 
wireshark), the forced browsed site is using the scheme HTTP instead of HTTPS; 
Output with "DirBuster" debug enabled:
[...]
DEBUG WokerGen: 2 adding dir to work list HEAD http://example.com:8888/cgi-bin/
DEBUG WokerGen: 2 adding dir to work list HEAD 
http://example.com:8888/education/
DEBUG WokerGen: 2 adding dir to work list HEAD 
http://example.com:8888/accessibility/
DEBUG WokerGen: 2 adding dir to work list HEAD 
http://example.com:8888/accesskeys/
DEBUG WokerGen: 2 adding dir to work list HEAD http://example.com:8888/go/
DEBUG WokerGen: 2 adding dir to work list HEAD http://example.com:8888/toolbar/
DEBUG WokerGen: 2 adding dir to work list HEAD http://example.com:8888/-/
[...]

Remarks:
It works correctly when using the port 8443.

ZAP Version:
Version 2.0.0 (and trunk r3020).

Original issue reported on code.google.com by THC...@gmail.com on 8 Apr 2013 at 3:58

[GoogleCodeExporter]

r4513

Original comment by THC...@gmail.com on 28 Mar 2014 at 3:05

• Changed state: Committed

[GoogleCodeExporter]

Original comment by psii...@gmail.com on 31 Mar 2014 at 11:17

• Added labels: Build-20140327

[GoogleCodeExporter]

Fixed in ZAP 2.3.0

Original comment by psii...@gmail.com on 10 Apr 2014 at 3:25

• Changed state: Fixed