Open faisalusuf opened 3 years ago
Ok, the key line here is "No such file /target/injectionHtml.html" If that files not available then the HUD will fail. @faisalusuf - what value do you have in "Options / HUD / Base Directory" ? Does that directory exist and if so does it have a subdirectory called "target" which contains "injectionHtml.html"?
Hi There,
Do excuse me for a delayed response. Please see the snapshot. The base directory parameter is empty. Strange though.
That could be the problem. Try setting it to the ZAP default dir followed by /hud
The default dir will depend on your OS: https://www.zaproxy.org/faq/what-is-the-default-directory-that-zap-uses/
For Kali I guess it will be ~/.ZAP/hud
but double check the directory exists, and expand the ~
in the dialog.
We should probably correct that field if its empty but it doesnt like we do right now.
Tried but failed, yes directory exist along with required file.
OK the path is defined like below, the HUD tried to load start screen shown but tools not loaded properly.
You need to replace ~
with the full path, ZAP wont expand that for you.
Oh, you did that :/
Any other zap.log or browser console errors?
Oh okay so you launched a browser and tried to browse something that wasn't accessible. HUD will only display properly if you actual manage to load some content. It doesn't display on about:blank, etc.
Yes realized my VM network went down trying to reproduce the problem after adding the base directory
Working like a charm all good now Thanks @psiinon so it was missing directory under HUD options in Kali.
All good now.
Apparently the setting gets lost when Kali reboots, so reopenning and transfering...
Describe the bug HUD throwing exception
To Reproduce Steps to reproduce the behavior:
Expected behavior HUD should be loaded after browser launch
Screenshots None
Software versions OWASP ZAP Version: 2.10.0
Installed Add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=10.0.0], [id=allinonenotes, version=1.0.0], [id=ascanrules, version=38.0.0], [id=ascanrulesAlpha, version=30.0.0], [id=ascanrulesBeta, version=33.0.0], [id=attacksurfacedetector, version=1.1.4], [id=authstats, version=1.0.0], [id=beanshell, version=6.0.0], [id=browserView, version=5.0.0], [id=bruteforce, version=10.0.0], [id=cmss, version=2.0.0], [id=commonlib, version=1.2.0], [id=communityScripts, version=9.0.0], [id=custompayloads, version=0.9.0], [id=customreport, version=6.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=directorylistv2_3, version=3.0.0], [id=directorylistv2_3_lc, version=3.0.0], [id=domxss, version=10.0.0], [id=encoder, version=0.5.0], [id=exportreport, version=7.0.0], [id=formhandler, version=3.0.0], [id=fuzz, version=13.1.0], [id=fuzzdb, version=7.0.0], [id=fuzzdboffensive, version=3.0.0], [id=gettingStarted, version=12.0.0], [id=graaljs, version=0.1.0], [id=graphql, version=0.2.0], [id=groovy, version=3.0.0], [id=help, version=11.0.0], [id=highlighter, version=7.0.0], [id=hud, version=0.12.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=jsonview, version=1.0.0], [id=jwt, version=1.0.1], [id=neonmarker, version=1.3.0], [id=onlineMenu, version=8.0.0], [id=openapi, version=17.0.0], [id=plugnhack, version=11.0.0], [id=portscan, version=8.0.0], [id=pscanrules, version=33.0.0], [id=pscanrulesAlpha, version=30.0.0], [id=pscanrulesBeta, version=24.0.0], [id=quickstart, version=29.0.0], [id=reflect, version=0.0.11], [id=regextester, version=1.0.0], [id=replacer, version=8.0.0], [id=requester, version=4.0.0], [id=retire, version=0.6.0], [id=reveal, version=3.0.0], [id=revisit, version=3.0.0], [id=saml, version=8.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=28.0.0], [id=selenium, version=15.3.0], [id=soap, version=5.0.0], [id=spiderAjax, version=23.2.0], [id=sqliplugin, version=13.0.0], [id=sse, version=9.0.0], [id=svndigger, version=3.0.0], [id=tips, version=7.0.0], [id=tokengen, version=14.0.0], [id=treetools, version=7.0.0], [id=viewstate, version=2.0.0], [id=vulncheck, version=1.0.0], [id=wappalyzer, version=21.0.0], [id=webdriverlinux, version=25.0.0], [id=websocket, version=23.0.0]]
Operating System: Linux Java Version: Debian 11.0.10 System's Locale: en_US Display Locale: en_GB Format Locale: en_US ZAP Home Directory: /root/.ZAP/ ZAP Installation Directory: /usr/share/zaproxy/./ Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)
Errors from the zap.log file 2021-03-03 20:01:35,940 [ZAP-ProxyThread-36] WARN HudAPI - Failed to access script target/injectionHtml.html via the script extension 2021-03-03 20:01:35,940 [ZAP-ProxyThread-36] ERROR HudAPI - No such file /target/injectionHtml.html java.io.FileNotFoundException: target/injectionHtml.html at org.zaproxy.zap.extension.hud.HudAPI.getFile(HudAPI.java:427) [hud-beta-0.12.0.zap:?] at org.zaproxy.zap.extension.hud.ExtensionHUD.onHttpResponseReceive(ExtensionHUD.java:409) [hud-beta-0.12.0.zap:?] at org.parosproxy.paros.core.proxy.ProxyThread.notifyListenerResponseReceive(ProxyThread.java:733) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:570) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:319) [zap-2.10.0.jar:2.10.0] at java.lang.Thread.run(Thread.java:834) [?:?] 2021-03-03 20:01:35,941 [ZAP-ProxyThread-36] ERROR ExtensionHUD - null java.lang.NullPointerException: null at org.zaproxy.zap.extension.hud.ExtensionHUD.onHttpResponseReceive(ExtensionHUD.java:412) [hud-beta-0.12.0.zap:?] at org.parosproxy.paros.core.proxy.ProxyThread.notifyListenerResponseReceive(ProxyThread.java:733) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:570) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:319) [zap-2.10.0.jar:2.10.0] at java.lang.Thread.run(Thread.java:834) [?:?]
Additional context I recently upgraded my Kali to latest release 2021.1
Would you like to help fix this issue? Yes