硒ZAP装置

Question

我试图设置OWASP来处理我的selenium测试。

public class ZapScanTest {
static Logger log = Logger.getLogger(ZapScanTest.class.getName());
private final static String ZAP_PROXYHOST = "127.0.0.1";
private final static int ZAP_PROXYPORT = 8080;
private final static String ZAP_APIKEY = null;

// Change this to the appropriate driver for the OS, alternatives in the drivers directory
private final static String CHROME_DRIVER_PATH = "drivers/chromedriver.exe";
private final static String MEDIUM = "MEDIUM";
private final static String HIGH = "HIGH";
private ScanningProxy zapScanner;
private Spider zapSpider;
private WebDriver driver;
private Login login;
private final static String[] policyNames = {"directory-browsing","cross-site-scripting","sql-injection","path-traversal","remote-file-inclusion","server-side-include",
        "script-active-scan-rules","server-side-code-injection","external-redirect","crlf-injection"};
int currentScanID;


@Before
public void setup() {
    zapScanner = new ZAProxyScanner(ZAP_PROXYHOST,ZAP_PROXYPORT,ZAP_APIKEY);
    zapScanner.clear(); //Start a new session
    zapSpider = (Spider)zapScanner;
    log.info("Created client to ZAP API");
    driver = DriverFactory.createProxyDriver("chrome",createZapProxyConfigurationForWebDriver(), CHROME_DRIVER_PATH);
    myApp = new MyAppNavigation(driver);
    myApp.registerUser(); //Doesn't matter if user already exists, bodgeit just throws an error
}

@After
public void after() {
    driver.quit();
}

@Test
public void testSecurityVulnerabilitiesLogin() {
    login.navigateToLogin();
    log.info("Spidering...");
    spiderWithZap();
    login.navigateToLogin();

    setAlertAndAttackStrength();
    zapScanner.setEnablePassiveScan(true);
    scanWithZap();

    List<Alert> alerts = filterAlerts(zapScanner.getAlerts());
    logAlerts(alerts);
    assertThat(alerts.size(), equalTo(0));
}

然而，我一直得到eorror: org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection拒绝: connect

有人在如何设置其中一个方面得到任何帮助，因为我在我的设备上的网站上运行它真的有困难。

Answer 1

您是否在ZAP中禁用了API密钥？否则，您将无法连接。

您可以使用以下命令行设置ZAP密钥：

-config api.key=change 9203935709

然后，您需要在上面的脚本中指定它。

如果您已经这样做了，那么请在zap.log文件中查找任何错误消息。