Fatal编程技术网
  • owasp/
  • Owasp 使用ZAP时出现SOAP异常

Owasp 使用ZAP时出现SOAP异常

Owasp 使用ZAP时出现SOAP异常,owasp,zap,Owasp,Zap,我正在使用ZAP软件对配置了centos 7的系统进行安全测试。问题是软件无法攻击url,并且下面有错误- 19713 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Spider initializing... 19740 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider... 43779 [ZAP-Spide

我正在使用ZAP软件对配置了centos 7的系统进行安全测试。问题是软件无法攻击url,并且下面有错误-

19713 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider  - Spider initializing...
19740 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider  - Starting spider...
43779 [ZAP-SpiderThreadPool-0-thread-1] INFO 
org.zaproxy.zap.spider.Spider  - Spidering process is complete. 
Shutting down...
43780 [ZAP-SpiderShutdownThread-0] INFO 
org.zaproxy.zap.extension.spider.SpiderThread  - Spider scanning 
complete: true
46259 [ZAP-QuickStart-AttackThread] ERROR 
 org.zaproxy.zap.ZAP$UncaughtExceptionLogger  - Exception in 
 thread "ZAP-QuickStart-AttackThread"
 java.lang.NoClassDefFoundError: javax/xml/soap/SOAPException
    at java.base/java.lang.Class.getDeclaredConstructors0(Native 
  Method)
    at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3138)
    at java.base/java.lang.Class.getConstructor0(Class.java:3343)
    at java.base/java.lang.Class.getConstructor(Class.java:2152)
    at org.zaproxy.zap.control.AddOnLoaderUtils.loadAndInstantiateClassImpl(AddOnLoaderUtils.java:111)
    at org.zaproxy.zap.control.AddOnLoaderUtils.loadDeclaredClasses(AddOnLoaderUtils.java:151)
    at org.zaproxy.zap.control.AddOnLoaderUtils.getActiveScanRules(AddOnLoaderUtils.java:177)
    at org.zaproxy.zap.control.AddOnLoader.getActiveScanRules(AddOnLoader.java:791)
    at org.parosproxy.paros.core.scanner.PluginFactory.initPlugins(PluginFactory.java:100)
    at org.parosproxy.paros.core.scanner.PluginFactory.getLoadedPlugins(PluginFactory.java:132)
    at org.parosproxy.paros.core.scanner.PluginFactory.loadAllPlugin(PluginFactory.java:398)
    at org.zaproxy.zap.extension.ascan.ScanPolicy.<init>(ScanPolicy.java:31)
    at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:142)
    at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:129)
    at org.zaproxy.zap.extension.ascan.PolicyManager.getDefaultScanPolicy(PolicyManager.java:205)
    at org.zaproxy.zap.extension.ascan.ActiveScanController.startScan(ActiveScanController.java:161)
    at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:273)
    at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:238)
    at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:234)
    at org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:143)
 Caused by: java.lang.ClassNotFoundException
    at org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:256)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
    ... 20 more

19713[ZAP-SpiderInitThread-0]INFO org.zaproxy.ZAP.spider.spider-spider初始化。。。
19740[ZAP-SpiderInitThread-0]INFO org.zaproxy.ZAP.spider.spider-正在启动spider。。。
43779[ZAP-SpiderThreadPool-0-thread-1]信息
org.zaproxy.zap.spider.spider-爬行过程已完成。
关闭。。。
43780[ZAP-SpiderShutdownThread-0]信息
org.zaproxy.zap.extension.spider.SpiderThread-蜘蛛扫描
完全正确
46259[ZAP QuickStart AttackThread]错误
org.zaproxy.zap.zap$UncaughtExceptionLogger-中的异常
线程“ZAP QuickStart AttackThread”
NoClassDefFoundError:javax/xml/soap/SOAPException
位于java.base/java.lang.Class.getDeclaredConstructors0(本机
(方法)
位于java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3138)
位于java.base/java.lang.Class.getConstructor0(Class.java:3343)
位于java.base/java.lang.Class.getConstructor(Class.java:2152)
位于org.zaproxy.zap.control.AddOnLoaderUtils.LoadAndInstallateClassImpl(AddOnLoaderUtils.java:111)
位于org.zaproxy.zap.control.AddOnLoaderUtils.loadDeclaredClasses(AddOnLoaderUtils.java:151)
位于org.zaproxy.zap.control.AddOnLoaderUtils.getActiveScanRules(AddOnLoaderUtils.java:177)
位于org.zaproxy.zap.control.AddOnLoader.getActiveScanRules(AddOnLoader.java:791)
位于org.parosproxy.paros.core.scanner.PluginFactory.initPlugins(PluginFactory.java:100)
位于org.parosproxy.paros.core.scanner.PluginFactory.getLoadedPlugins(PluginFactory.java:132)
位于org.parosproxy.paros.core.scanner.PluginFactory.loadAllPlugin(PluginFactory.java:398)
位于org.zaproxy.zap.extension.ascan.ScanPolicy(ScanPolicy.java:31)
位于org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:142)
位于org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:129)
位于org.zaproxy.zap.extension.ascan.PolicyManager.getDefaultScanPolicy(PolicyManager.java:205)
位于org.zaproxy.zap.extension.ascan.ActiveScanController.startScan(ActiveScanController.java:161)
位于org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:273)
位于org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:238)
位于org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:234)
位于org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:143)
原因:java.lang.ClassNotFoundException
位于org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:256)
位于java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
位于java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 20多
这已在ZAP用户组中解决

原始海报使用的是Java11。从Java9开始,引入了各种影响Java SOAP类位置的更改。ZAP目前的目标是Java8

选项:

  • 使用Java8
  • 卸载SOAP附加组件(扩展)
这是一个正在跟踪和解决的已知问题:

您缺少适合soap类的JAR。类路径上有哪些JAR?使用javax-xml-soap-1.6.0、javax、commons-httpclient-3.1