psiinon
commented
3 weeks ago Visiting https://vseosvita.ua/ I get a quick popup that said something like "verifying that you are human". This led me to suspect that there are anti-automation measures being employed by this site. A quick test with the AJAX spider confirmed this. As such this is not a bug in ZAP - ZAP is intended to be used by people who have permission to attack a target. If you do have permission to use automated tools then you need to ask your clients to provide an instance without such measured in place.
JuraLys
Describe the bug
Failed to attack URL error appeared during autoscan specific site vseosvita.ua
Steps to reproduce the behavior
Run ZAP and start autoscan specific site vseosvita.ua using only traditional spider
Expected behavior
Autoscan should complete without errors
Software versions
ZAP Version: 2.15.0
Installed Add-ons: [[id=alertFilters, version=21.0.0], [id=ascanrules, version=66.0.0], [id=ascanrulesBeta, version=53.0.0], [id=authhelper, version=0.13.0], [id=automation, version=0.40.1], [id=bruteforce, version=16.0.0], [id=callhome, version=0.12.0], [id=commonlib, version=1.26.0], [id=coreLang, version=15.0.0], [id=custompayloads, version=0.13.0], [id=database, version=0.4.0], [id=diff, version=15.0.0], [id=directorylistv1, version=8.0.0], [id=directorylistv2_3, version=4.0.0], [id=directorylistv2_3_lc, version=4.0.0], [id=domxss, version=19.0.0], [id=encoder, version=1.5.0], [id=exim, version=0.9.0], [id=formhandler, version=6.6.0], [id=fuzz, version=13.13.0], [id=gettingStarted, version=17.0.0], [id=graaljs, version=0.7.0], [id=graphql, version=0.24.0], [id=groovy, version=3.2.0], [id=help, version=18.0.0], [id=hud, version=0.19.0], [id=imagelocationscanner, version=5.0.0], [id=invoke, version=15.0.0], [id=jruby, version=8.0.0], [id=jython, version=15.0.0], [id=network, version=0.16.0], [id=oast, version=0.18.0], [id=onlineMenu, version=13.0.0], [id=openapi, version=41.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=postman, version=0.4.0], [id=pscanrules, version=58.0.0], [id=pscanrulesBeta, version=37.0.0], [id=quickstart, version=47.0.0], [id=replacer, version=18.0.0], [id=reports, version=0.32.0], [id=requester, version=7.6.0], [id=retest, version=0.9.0], [id=retire, version=0.35.0], [id=reveal, version=8.0.0], [id=scripts, version=45.4.0], [id=selenium, version=15.25.0], [id=soap, version=23.0.0], [id=spider, version=0.11.0], [id=spiderAjax, version=23.19.0], [id=sqliplugin, version=15.0.0], [id=svndigger, version=4.0.0], [id=tips, version=13.0.0], [id=tokengen, version=15.0.0], [id=treetools, version=8.0.0], [id=wappalyzer, version=21.37.0], [id=webdriverwindows, version=89.0.0], [id=websocket, version=31.0.0], [id=zest, version=45.0.0]]
Operating System: Windows 10 Architecture: amd64 CPU Cores: 8 Max Memory: 8 GB Java Version: Eclipse Adoptium 21.0.1 System's Locale: uk_UA Display Locale: en_GB Format Locale: uk_UA Default Charset: UTF-8 ZAP Home Directory: C:\Users\Admin\ZAP\ ZAP Installation Directory: C:\Program Files\ZAP\Zed Attack Proxy.\ Look and Feel: Metal (javax.swing.plaf.metal.MetalLookAndFeel)
Screenshots
Errors from the zap.log file
ZAP-logs.zip ZAP-failed-attack.txt
Additional context
No response
Would you like to help fix this issue?