Closed akshay1991raj closed 9 years ago
The error comes from the ZAP cross site scripting plugin, so the first thing to try is to run ZAP standalone and navigate the application manually with a browser, then perform a ZAP scan and see whether you get the same error.
You could also try to disable the XSS test in bdd-security by adding the @skip meta tag to the scenario and see whether the other ZAP scenarios work ok.
I am getting "invalid port number" error after running id xss_scan in app_scan.story. Following is a snapshot of my terminal:-
[java] 18:22:45,636 DEBUG [net.continuumsecurity.steps.AppScanningSteps] - Scan is 0% complete. [java] 18:22:47,645 DEBUG [net.continuumsecurity.steps.AppScanningSteps] - Scan is 0% complete. [java] 67790 [ZAP-ActiveScanner-1] ERROR org.zaproxy.zap.extension.ascanrules.TestCrossSiteScriptV2 - invalid port number [java] org.apache.commons.httpclient.URIException: invalid port number [java] at org.apache.commons.httpclient.URI.parseAuthority(URI.java:2248) [java] at org.apache.commons.httpclient.URI.parseUriReference(URI.java:1978) [java] at org.apache.commons.httpclient.URI.(URI.java:167)
[java] at org.apache.commons.httpclient.URI.(URI.java:455)
[java] at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(Unknown Source)
[java] at org.zaproxy.zap.extension.ascanrules.TestCrossSiteScriptV2.scan(TestCrossSiteScriptV2.java:127)
[java] at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scanVariant(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(Unknown Source)
[java] at org.parosproxy.paros.core.scanner.AbstractPlugin.run(Unknown Source)
[java] at java.lang.Thread.run(Thread.java:745)
Please mention how to resolve this.