HUD base directory lost on reboot ZAP v2.10.0 on Kali 2021.1

[faisalusuf]

Describe the bug HUD throwing exception

To Reproduce Steps to reproduce the behavior:

1. Go to 'Manually Explore'
2. Click on 'Launch Browser with HUD checked'
3. Browser load with target URL but no HUD'
4. See error

Expected behavior HUD should be loaded after browser launch

Screenshots None

Software versions OWASP ZAP Version: 2.10.0

Installed Add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=10.0.0], [id=allinonenotes, version=1.0.0], [id=ascanrules, version=38.0.0], [id=ascanrulesAlpha, version=30.0.0], [id=ascanrulesBeta, version=33.0.0], [id=attacksurfacedetector, version=1.1.4], [id=authstats, version=1.0.0], [id=beanshell, version=6.0.0], [id=browserView, version=5.0.0], [id=bruteforce, version=10.0.0], [id=cmss, version=2.0.0], [id=commonlib, version=1.2.0], [id=communityScripts, version=9.0.0], [id=custompayloads, version=0.9.0], [id=customreport, version=6.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=directorylistv2_3, version=3.0.0], [id=directorylistv2_3_lc, version=3.0.0], [id=domxss, version=10.0.0], [id=encoder, version=0.5.0], [id=exportreport, version=7.0.0], [id=formhandler, version=3.0.0], [id=fuzz, version=13.1.0], [id=fuzzdb, version=7.0.0], [id=fuzzdboffensive, version=3.0.0], [id=gettingStarted, version=12.0.0], [id=graaljs, version=0.1.0], [id=graphql, version=0.2.0], [id=groovy, version=3.0.0], [id=help, version=11.0.0], [id=highlighter, version=7.0.0], [id=hud, version=0.12.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=jsonview, version=1.0.0], [id=jwt, version=1.0.1], [id=neonmarker, version=1.3.0], [id=onlineMenu, version=8.0.0], [id=openapi, version=17.0.0], [id=plugnhack, version=11.0.0], [id=portscan, version=8.0.0], [id=pscanrules, version=33.0.0], [id=pscanrulesAlpha, version=30.0.0], [id=pscanrulesBeta, version=24.0.0], [id=quickstart, version=29.0.0], [id=reflect, version=0.0.11], [id=regextester, version=1.0.0], [id=replacer, version=8.0.0], [id=requester, version=4.0.0], [id=retire, version=0.6.0], [id=reveal, version=3.0.0], [id=revisit, version=3.0.0], [id=saml, version=8.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=28.0.0], [id=selenium, version=15.3.0], [id=soap, version=5.0.0], [id=spiderAjax, version=23.2.0], [id=sqliplugin, version=13.0.0], [id=sse, version=9.0.0], [id=svndigger, version=3.0.0], [id=tips, version=7.0.0], [id=tokengen, version=14.0.0], [id=treetools, version=7.0.0], [id=viewstate, version=2.0.0], [id=vulncheck, version=1.0.0], [id=wappalyzer, version=21.0.0], [id=webdriverlinux, version=25.0.0], [id=websocket, version=23.0.0]]

Operating System: Linux Java Version: Debian 11.0.10 System's Locale: en_US Display Locale: en_GB Format Locale: en_US ZAP Home Directory: /root/.ZAP/ ZAP Installation Directory: /usr/share/zaproxy/./ Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)

Errors from the zap.log file 2021-03-03 20:01:35,940 [ZAP-ProxyThread-36] WARN HudAPI - Failed to access script target/injectionHtml.html via the script extension 2021-03-03 20:01:35,940 [ZAP-ProxyThread-36] ERROR HudAPI - No such file /target/injectionHtml.html java.io.FileNotFoundException: target/injectionHtml.html at org.zaproxy.zap.extension.hud.HudAPI.getFile(HudAPI.java:427) [hud-beta-0.12.0.zap:?] at org.zaproxy.zap.extension.hud.ExtensionHUD.onHttpResponseReceive(ExtensionHUD.java:409) [hud-beta-0.12.0.zap:?] at org.parosproxy.paros.core.proxy.ProxyThread.notifyListenerResponseReceive(ProxyThread.java:733) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:570) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:319) [zap-2.10.0.jar:2.10.0] at java.lang.Thread.run(Thread.java:834) [?:?] 2021-03-03 20:01:35,941 [ZAP-ProxyThread-36] ERROR ExtensionHUD - null java.lang.NullPointerException: null at org.zaproxy.zap.extension.hud.ExtensionHUD.onHttpResponseReceive(ExtensionHUD.java:412) [hud-beta-0.12.0.zap:?] at org.parosproxy.paros.core.proxy.ProxyThread.notifyListenerResponseReceive(ProxyThread.java:733) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:570) [zap-2.10.0.jar:2.10.0] at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:319) [zap-2.10.0.jar:2.10.0] at java.lang.Thread.run(Thread.java:834) [?:?]

Additional context I recently upgraded my Kali to latest release 2021.1

Would you like to help fix this issue? Yes

[psiinon]

Ok, the key line here is "No such file /target/injectionHtml.html" If that files not available then the HUD will fail. @faisalusuf - what value do you have in "Options / HUD / Base Directory" ? Does that directory exist and if so does it have a subdirectory called "target" which contains "injectionHtml.html"?

[faisalusuf]

Hi There,

Do excuse me for a delayed response. Please see the snapshot. The base directory parameter is empty. Strange though.

[psiinon]

That could be the problem. Try setting it to the ZAP default dir followed by /hud The default dir will depend on your OS: https://www.zaproxy.org/faq/what-is-the-default-directory-that-zap-uses/ For Kali I guess it will be ~/.ZAP/hud but double check the directory exists, and expand the ~ in the dialog. We should probably correct that field if its empty but it doesnt like we do right now.

[faisalusuf]

Tried but failed, yes directory exist along with required file.

[faisalusuf]

OK the path is defined like below, the HUD tried to load start screen shown but tools not loaded properly.

[psiinon]

You need to replace ~ with the full path, ZAP wont expand that for you.

[psiinon]

Oh, you did that :/

[psiinon]

Any other zap.log or browser console errors?

[kingthorin]

Oh okay so you launched a browser and tried to browse something that wasn't accessible. HUD will only display properly if you actual manage to load some content. It doesn't display on about:blank, etc.

[faisalusuf]

Yes realized my VM network went down trying to reproduce the problem after adding the base directory

[faisalusuf]

Working like a charm all good now Thanks @psiinon so it was missing directory under HUD options in Kali.

All good now.

[psiinon]

Apparently the setting gets lost when Kali reboots, so reopenning and transfering...