Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sent Http Requests with Exceptions are not displayed in the ActiveScan Panel #7004

Open
denniskniep opened this issue Jan 4, 2022 · 0 comments · May be fixed by #7005
Open

Sent Http Requests with Exceptions are not displayed in the ActiveScan Panel #7004

denniskniep opened this issue Jan 4, 2022 · 0 comments · May be fixed by #7005
Assignees
@denniskniep
Labels
enhancement

Comments

@denniskniep
Copy link
Member

Describe the bug
An active scanner sends a http request. On IOException occurs e.g. java.net.SocketTimeoutException: Read timed out. That sent Http Message is not displayed in the Active Scan Table Panel

To Reproduce
Steps to reproduce the behavior:

  1. Start sudo docker run -p 8000:8080 --rm ghcr.io/denniskniep/vulnerable-app-log4shell-2.14.1:latest
  2. Scan with Log4Shell Scanner
  3. Some Http Messages will throw a Read timed out Error

Expected behavior
The Http Messages that were sent should be visible

Screenshots
If applicable, add screenshots to help explain your problem.

Software versions

  • ZAP: 2.11.1

Errors from the zap.log file

132974 [ZAP-ActiveScanner-0] WARN  org.zaproxy.zap.extension.ascanrulesAlpha.Log4ShellScanRule - Read timed out
java.net.SocketTimeoutException: Read timed out
	at java.net.SocketInputStream.socketRead0(Native Method) ~[?:?]
	at java.net.SocketInputStream.socketRead(SocketInputStream.java:115) ~[?:?]
	at java.net.SocketInputStream.read(SocketInputStream.java:168) ~[?:?]
	at java.net.SocketInputStream.read(SocketInputStream.java:140) ~[?:?]
	at java.io.BufferedInputStream.fill(BufferedInputStream.java:252) ~[?:?]
	at java.io.BufferedInputStream.read(BufferedInputStream.java:271) ~[?:?]
	at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78) ~[commons-httpclient-3.1.jar:?]
	at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106) ~[commons-httpclient-3.1.jar:?]
	at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1153) ~[main/:?]
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413) ~[commons-httpclient-3.1.jar:?]
	at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:2138) ~[main/:?]
	at org.zaproxy.zap.ZapGetMethod.readResponse(ZapGetMethod.java:112) ~[main/:?]
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1162) ~[main/:?]
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:470) ~[main/:?]
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:207) ~[main/:?]
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1.jar:?]
	at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:430) ~[main/:?]
	at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:672) ~[main/:?]
	at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:627) ~[main/:?]
	at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:602) ~[main/:?]
	at org.parosproxy.paros.network.HttpSender.sendAndReceiveImpl(HttpSender.java:1034) ~[main/:?]
	at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:994) ~[main/:?]
	at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:314) ~[main/:?]
	at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:246) ~[main/:?]
	at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:218) ~[main/:?]
	at org.zaproxy.zap.extension.ascanrulesAlpha.Log4ShellScanRule.scanWithPayloads(Log4ShellScanRule.java:164) [ascanrulesAlpha-alpha-35.zap:?]
	at org.zaproxy.zap.extension.ascanrulesAlpha.Log4ShellScanRule.scan(Log4ShellScanRule.java:140) [ascanrulesAlpha-alpha-35.zap:?]
	at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(AbstractAppParamPlugin.java:201) [main/:?]
	at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(AbstractAppParamPlugin.java:126) [main/:?]
	at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(AbstractAppParamPlugin.java:87) [main/:?]
	at org.parosproxy.paros.core.scanner.AbstractPlugin.run(AbstractPlugin.java:335) [main/:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]

Additional context
#2399

Would you like to help fix this issue?
Yes
@denniskniep denniskniep added the bug label Jan 4, 2022
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 4, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
2adde5a 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 4, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
8808e34 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
@thc202 thc202 added enhancement and removed bug labels Jan 4, 2022
@thc202 thc202 linked a pull request Jan 4, 2022 that will close this issue
Open
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 14, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
0d4ba97 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 14, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
b2f6be5 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 16, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
7f82c53 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
denniskniep added a commit to denniskniep/zaproxy that referenced this issue Jan 16, 2022
@denniskniep
Process triggers and notifications also on exception during ActiveSca…
e965de5 
…ns sendAndReceive. Fixes zaproxy#7004

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
@denniskniep denniskniep mentioned this issue Jan 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@denniskniep denniskniep

Labels
enhancement
Milestone
No milestone
2 participants
@denniskniep @thc202