Security org.zaproxy.clientapi.core.ClientApiException:java.net.ConnectException:连接被拒绝:使用java API连接到ZAP时出现连接错误
我正在尝试将硒与ZAP结合起来 为了实现这一点,我使用下面的代码在使用selenium启动浏览器之前自动打开ZAP工具 我面临的问题是ZAP工具没有正确地打开,它被卡在中间。 下面是我用来打开ZAP工具的代码 代码:Security org.zaproxy.clientapi.core.ClientApiException:java.net.ConnectException:连接被拒绝:使用java API连接到ZAP时出现连接错误,security,selenium-webdriver,penetration-testing,zap,zapproxy,Security,Selenium Webdriver,Penetration Testing,Zap,Zapproxy,我正在尝试将硒与ZAP结合起来 为了实现这一点,我使用下面的代码在使用selenium启动浏览器之前自动打开ZAP工具 我面临的问题是ZAP工具没有正确地打开,它被卡在中间。 下面是我用来打开ZAP工具的代码 代码: public void triggerZAP() throws IOException, InterruptedException, ClientApiException { String[] command = { "CMD", "/C",zapLocati
public void triggerZAP() throws IOException, InterruptedException, ClientApiException
{
String[] command = { "CMD", "/C",zapLocation + "ZAP.exe" };
ProcessBuilder build = new ProcessBuilder(command);
build.directory(new File(zapLocation));
Process p = build.start();
p.waitFor();
Thread.sleep(5000);
ClientApi api = new ClientApi(zapAddress, zapPort);
currentURL = controls.getCurrentUrl();
System.out.println("Spider : " + currentURL);
ApiResponse resp = api.spider.scan(currentURL, null, null, null, null);
scanId = ((ApiResponseElement) resp).getValue();
while (true)
{
Thread.sleep(1000);
progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanId)).getValue());
System.out.println("Spider progress : " + progress + "%");
if (progress >= 100)
{
break;
}
}
System.out.println("Spider complete");
System.out.println(new String(api.core.xmlreport()));
}
org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:311)
at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:220)
at com.exterro.fusion.selenium.controls.ZAPConfigurations.triggerZAP(ZAPConfigurations.java:61)
at com.exterro.fusion.selenium.core.FusionSignin.config(FusionSignin.java:54)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.http.HttpClient.privilegedOpenServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:338)
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:327)
... 31 more
... Removed 27 stack frames
public void triggerZAP() throws IOException, InterruptedException, ClientApiException
{
String[] command = { "CMD", "/C",zapLocation + "ZAP.exe" };
ProcessBuilder build = new ProcessBuilder(command);
build.directory(new File(zapLocation));
Process p = build.start();
p.waitFor();
Thread.sleep(5000);
ClientApi api = new ClientApi(zapAddress, zapPort);
currentURL = controls.getCurrentUrl();
System.out.println("Spider : " + currentURL);
ApiResponse resp = api.spider.scan(currentURL, null, null, null, null);
scanId = ((ApiResponseElement) resp).getValue();
while (true)
{
Thread.sleep(1000);
progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanId)).getValue());
System.out.println("Spider progress : " + progress + "%");
if (progress >= 100)
{
break;
}
}
System.out.println("Spider complete");
System.out.println(new String(api.core.xmlreport()));
}
org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:311)
at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:220)
at com.exterro.fusion.selenium.controls.ZAPConfigurations.triggerZAP(ZAPConfigurations.java:61)
at com.exterro.fusion.selenium.core.FusionSignin.config(FusionSignin.java:54)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.http.HttpClient.privilegedOpenServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:338)
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:327)
... 31 more
... Removed 27 stack frames
org.zaproxy.clientapi.core.ClientApiException:java.net.ConnectException:拒绝连接:连接
位于org.zaproxy.clientapi.core.clientapi.callApiDom(clientapi.java:329)
位于org.zaproxy.clientapi.core.clientapi.callApi(clientapi.java:311)
位于org.zaproxy.clientapi.gen.Spider.scan(Spider.java:220)
位于com.exterro.fusion.selenium.controls.ZAPConfigurations.triggerZAP(ZAPConfigurations.java:61)
位于com.exterro.fusion.selenium.core.FusionSignin.config(FusionSignin.java:54)
原因:java.net.ConnectException:连接被拒绝:连接
位于java.net.DualStackPlainSocketImpl.connect0(本机方法)
位于java.net.DualStackPlainSocketImpl.socketConnect(未知源)
位于java.net.AbstractPlainSocketImpl.doConnect(未知源)
位于java.net.AbstractPlainSocketImpl.connectToAddress(未知源)
位于java.net.AbstractPlainSocketImpl.connect(未知源)
位于java.net.PlainSocketImpl.connect(未知源)
位于java.net.Socket.connect(未知源)
位于java.net.Socket.connect(未知源)
位于sun.net.NetworkClient.doConnect(未知源)
位于sun.net.www.http.HttpClient.openServer(未知来源)
位于sun.net.www.http.HttpClient$1.run(未知来源)
位于sun.net.www.http.HttpClient$1.run(未知来源)
位于java.security.AccessController.doPrivileged(本机方法)
在sun.net.www.http.HttpClient.privilegedOpenServer(未知来源)
位于sun.net.www.http.HttpClient.openServer(未知来源)
在sun.net.www.http.HttpClient。(来源不明)
位于sun.net.www.http.HttpClient.New(未知来源)
位于sun.net.www.http.HttpClient.New(未知来源)
位于sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(未知源)
位于sun.net.www.protocol.http.HttpURLConnection.plainConnect0(未知源)
位于sun.net.www.protocol.http.HttpURLConnection.plainConnect(未知源)
位于sun.net.www.protocol.http.HttpURLConnection.connect(未知源)
位于org.zaproxy.clientapi.core.clientapi.getConnectionInputStream(clientapi.java:338)
位于org.zaproxy.clientapi.core.clientapi.callApiDom(clientapi.java:327)
... 还有31个
... 移除27个堆叠框架
-config API.key=change-me-920395709org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
由于多种原因,可能会出现此错误。解决此错误的两个检查点如下所示:
- 在Java客户端尝试与代理通信之前,请确保ZAP代理已启动并正在运行。您可以在中找到相关的讨论
- 确保代理端的API设置已启用
- 当您启动Java客户机连接时,您需要强制提及,因为ZAP在默认情况下需要API键,以便调用对ZAP进行更改的API操作。因此,默认情况下,调用任何API操作都需要API密钥。这是一种安全功能,用于防止恶意站点调用ZAP API。可以在中找到API安全选项,包括API密钥
- 代码块:
private static final int ZAP_PORT = 8080; private static final String ZAP_API_KEY = "abcdefghijklmnop123456789"; private static final String ZAP_ADDRESS = "localhost"; private static final String TARGET = "https://public-firing-range.appspot.com";
- 代码块:
你好,Simon,我已经在ZAP工具UI中选中了禁用API密钥复选框。是否需要通过命令行..再次禁用?这取决于您是否使用相同的配置文件。您还需要启用API(默认情况下是这样),并且主机名是允许的主机名之一(默认情况下也是localhost和127.0.0.1)。如果你不能连接到API,那么这将是一个配置问题,在某个地方:)它也值得在zap.log文件中查找-这可能会给你一些线索。我在哪里可以找到日志文件..?对不起,圣诞节休息了一段时间:)看到了吗