search

zaproxy / zaproxy

The ZAP core project
https://www.zaproxy.org
Apache License 2.0
12.21k stars 2.21k forks source link

ZAP hangs due to large JSON body with the JSON view #8482

Open SkypLabs opened 1 month ago

SkypLabs commented 1 month ago

Describe the bug

I imported an on-purposely large HAR POST request to be replayed but when selected in the History tab, ZAP starts hanging forever.

The HAR file can be found here (anonymised): large_nb_colours.har.zip

Steps to reproduce the behavior

  1. Import HAR file with Import > Import HAR (HTTP Archive File)
  2. Select the imported request in the History tab
  3. ZAP starts hanging

Expected behavior

ZAP not hanging.

Software versions

ZAP Version: 2.15.0

Installed Add-ons: [[id=accessControl, version=10.0.0], [id=alertFilters, version=21.0.0], [id=allinonenotes, version=2.0.0], [id=ascanrules, version=66.0.0], [id=ascanrulesAlpha, version=47.0.0], [id=ascanrulesBeta, version=53.0.0], [id=attacksurfacedetector, version=1.1.4], [id=authhelper, version=0.13.0], [id=automation, version=0.40.0], [id=browserView, version=6.0.0], [id=bruteforce, version=16.0.0], [id=callhome, version=0.12.0], [id=client, version=0.8.0], [id=commonlib, version=1.25.0], [id=communityScripts, version=18.0.0], [id=custompayloads, version=0.13.0], [id=database, version=0.4.0], [id=diff, version=15.0.0], [id=directorylistv1, version=8.0.0], [id=directorylistv2_3, version=4.0.0], [id=domxss, version=19.0.0], [id=encoder, version=1.5.0], [id=evalvillain, version=0.3.0], [id=exim, version=0.9.0], [id=fileupload, version=1.2.1], [id=formhandler, version=6.6.0], [id=fuzz, version=13.13.0], [id=fuzzdb, version=9.0.0], [id=fuzzdboffensive, version=5.0.0], [id=gettingStarted, version=17.0.0], [id=graaljs, version=0.7.0], [id=graphql, version=0.24.0], [id=help, version=18.0.0], [id=highlighter, version=8.0.0], [id=hud, version=0.19.0], [id=imagelocationscanner, version=5.0.0], [id=invoke, version=15.0.0], [id=jsonview, version=3.0.0], [id=jwt, version=1.0.3], [id=neonmarker, version=1.6.0], [id=network, version=0.16.0], [id=oast, version=0.18.0], [id=onlineMenu, version=13.0.0], [id=openapi, version=40.0.0], [id=packpentester, version=0.1.0], [id=packscanrules, version=0.0.1], [id=paramdigger, version=0.2.0], [id=postman, version=0.4.0], [id=pscanrules, version=58.0.0], [id=pscanrulesAlpha, version=42.0.0], [id=pscanrulesBeta, version=37.0.0], [id=quickstart, version=47.0.0], [id=reflect, version=0.0.11], [id=regextester, version=2.0.0], [id=replacer, version=18.0.0], [id=reports, version=0.32.0], [id=requester, version=7.6.0], [id=retest, version=0.9.0], [id=retire, version=0.35.0], [id=reveal, version=8.0.0], [id=revisit, version=5.0.0], [id=saml, version=10.0.0], [id=scripts, version=45.3.0], [id=selenium, version=15.23.0], [id=sequence, version=7.0.0], [id=soap, version=23.0.0], [id=spider, version=0.11.0], [id=spiderAjax, version=23.19.0], [id=sqliplugin, version=15.0.0], [id=tips, version=13.0.0], [id=tokengen, version=15.0.0], [id=treetools, version=8.0.0], [id=viewstate, version=3.0.0], [id=wappalyzer, version=21.36.0], [id=webdriverlinux, version=83.0.0], [id=websocket, version=31.0.0], [id=zest, version=45.0.0]]

Operating System: Linux Architecture: amd64 CPU Cores: 4 Max Memory: 1 GB Java Version: Flathub 11.0.23 System's Locale: en_IE Display Locale: en_GB Format Locale: en_IE Default Charset: UTF-8 ZAP Home Directory: /home/skyper/.ZAP/ ZAP Installation Directory: /app/share/zap/./ Look and Feel: FlatLaf Darcula (com.formdev.flatlaf.FlatDarculaLaf)

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

SkypLabs commented 1 month ago

After discussing with @thc202 on IRC, he figured out this was caused by the JSON view extension. Once uninstalled, I could open, view and replay the request without any issue.

Thanks again for your help @thc202!