Comments (27)
There is, should be for next weekly.
from zaproxy.
(No text was entered with this change)
Original issue reported on code.google.com by psiinon
on 2010-12-18 10:17:37
- Labels added: Type-Enhancement
- Labels removed: Type-Defect
from zaproxy.
I looked at this briefly this weekend: I need to familiarise myself with the code before
I am able to add in SOCKS proxy support, but in the meantime I found that with Java
5 and above you should be able to add the following parameters to the java command
line:
-DsocksProxyHost=<proxyserver> -DsocksProxyPort=<proxyport>
This should work in Java 5 and above, and is documented at http://download.oracle.com/javase/6/docs/technotes/guides/net/proxies.html
I have tested this on Debian GNU/Linux 6.0 (“squeeze”) and Windows XP, and it mostly
works, although I get zero‐sized responses from some sites serving HTTPS.
Original issue reported on code.google.com by [email protected]
on 2011-04-27 12:32:34
from zaproxy.
Thanks for looking at this :)
Let us know if you need any pointers to where to find things in the code.
Psiinon
Original issue reported on code.google.com by psiinon
on 2011-04-27 13:05:07
from zaproxy.
You can also take a look at how OWASP Proxy has implemented this.
In fact, OWASP Proxy also has Socks server support, allowing you to get a completely
"clean" request, un-polluted with the browser's additional handling for an HTTP proxy.
I have no problem making this available for incorporation into ZAP
Original issue reported on code.google.com by rogan.dawes
on 2012-01-04 19:08:05
from zaproxy.
Thanks for the offer of the OWASP proxy Rogan.
We've had some other issues with the HttpClient library modifying requests (Issue 257)
which your proxy will probably fix.
Changing proxies probably wont be a simple job, but might well make ZAP cleaner and
better.
Dont fancy doing this before 1.4 though ;)
Original issue reported on code.google.com by psiinon
on 2012-01-04 20:22:51
from zaproxy.
any plans of getting this feature in Release 2.0
Original issue reported on code.google.com by [email protected]
on 2012-09-14 19:59:44
from zaproxy.
I'm not aware of anyone working on this I'm afraid.
Want to have a go at it yourself? ;)
Cheers,
Simon
Original issue reported on code.google.com by psiinon
on 2012-09-17 08:59:26
from zaproxy.
Here is a quick hack to the launcher if you want to go trough socks5 using tor bundle
:
if [[ "$1" "untor" ]]
then
echo "[+] Not going trough Tor"
exec java ${JMEM} -XX:PermSize256M -jar "${BASEDIR}/zap.jar" $*
else
echo "[+] Going through socks5 on localhost:9150"
exec java ${JMEM} -XX:PermSize256M -DsocksProxyHost127.0.0.1 -DsocksProxyPort9150 -jar
"${BASEDIR}/zap.jar" $*
fi
Cheers,
Zack
Original issue reported on code.google.com by badzack
on 2014-02-18 10:18:55
from zaproxy.
this hack does not work
port is 9050
and even after these changes it connects without proxy , or with proxy as specified
in
options >> connections
and in case of tor throws tor is not http error
Original issue reported on code.google.com by aloksaurabh2007
on 2014-06-21 12:30:54
from zaproxy.
Heard from anantshr_ on irc that
-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=8085
does the trick.
Should be easy to add this to the UI options and set in the code as per https://stackoverflow.com/questions/120797/how-do-i-set-the-proxy-to-be-used-by-the-jvm
Original issue reported on code.google.com by psiinon
on 2014-10-22 19:54:47
from zaproxy.
just adding more to what i added over at IRC.
the setting worked from commandline however it has to be made sure that there is no
configuration marked in Outbound proxy config inside the ZAP configuration.
Original issue reported on code.google.com by [email protected]
on 2014-10-25 12:27:05
from zaproxy.
any plans of having this feature in next release or so running it from commandline always
is a tiresome effort ( I know we can create a shell/desktop shortcut which i have right
now) but internal feature would be nice.
Original issue reported on code.google.com by [email protected]
on 2015-04-14 12:58:33
from zaproxy.
Simply adding the socksProxy* command line options to the JVM like
-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050
or whatever values are your proxy's settings did not work for me on Mac OS X 10.9.5
Mavericks.
Java didn't complain about the addition of the options when I put them in the `zap.sh`
launcher script, but I still got ZAP's error response for every page I tried to load.
The error looked like this:
ZAP Error [java.net.SocketException]: SOCKS server general failure
I tried this with both the Mac OS X app bundle as well as the "Linux/cross platform"
download. Each behaved the same for me.
I also tried using
-Djava.net.useSystemProxies=true
thinking that this would force ZAP to respect the SOCKS proxy settings in my Mac OS
X Network System Preference pane, but to no avail.
Did I miss something obvious or is there some special magic spell required for Java
to play nice with proxies on Apple's OS? Thanks in advance for any pointers you might
have.
Original issue reported on code.google.com by meitarm
on 2015-05-23 02:00:02
from zaproxy.
+1 so then zap can connect with tor
from zaproxy.
@Woolworths it's possible to connect through Tor using the command line options.
Anyway, it shouldn't take too much time to add this as an option...
from zaproxy.
@thc202, I have just updated to OWASP ZAP 2.4.2 and was able to connect via Tor by adding -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050
directly into the zap.sh
script, but ZAP did not connect via Tor when I added the same JVM options to the new "JVM" preference window nor did it do so when passing directly from the command line (like ./zap.sh -DsocksProxyHost=127.0.0.1-DsocksProxyPort=9050
).
In the former case (using the JVM options free form text field from within ZAP and then restarting it), the options simply seemed to be ignored, even though they were written to the .ZAP_JVM.properties
file. That is, running a ps -ef | grep java
on my system showed that ZAP was launched without the -D*
options in the .ZAP_JVM.properties
file being passed to the JVM at all.
In the latter case (passing the arguments on the command line to the zap.sh
) script resulted in an "unrecognized option" dialogue in the ZAP GUI after ZAP had launched. I believe this is because the JVM options must be specified before the path to the jar being loaded (java [ options ] -jar file.jar [ argument... ]
according to my system's java
man page), but the zap.sh
script for ZAP 2.4.2 places the arguments after the jar, passing them to ZAP itself instead of the JVM. Making this small change resolves at least that problem, for me.
For reference, I am on a Mac OS X 10.10.5 (Yosemite) system.
from zaproxy.
Also, some good news: the previous error I was reporting as well as a related issue wherein browsing http://localhost/
through ZAP returned a similar SOCKS error, has been resolved by an update to the latest JRE (1.8.0_60).
Specifically, the zap.sh
script prefers the JVM bundled with the OWASP ZAP distribution. This means when ZAP runs without modifications it uses JRE 1.7.0_79. But by moving that out of the way and then launching ZAP normally, the SOCKS error vanishes, even when testing against web sites hosted by the same machine running the local ZAP proxy. Even more specifically:
MyMachine:bin me$ pwd
/Applications/OWASP ZAP.app/Contents/PlugIns/jre1.7.0_79.jre/Contents/Home/bin
MyMachine:bin me$ ls
java keytool orbd pack200 policytool rmid rmiregistry servertool tnameserv unpack200
MyMachine:bin me$ ./java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)
MyMachine:bin me$ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home
MyMachine:bin me$ mv java java.DISABLED
MyMachine:bin me$ open -a "OWASP ZAP.app" # This time, ZAP runs in JRE version 1.8.0_60. Yay!
from zaproxy.
Hello,
is this feature not supported in zaproxy 2.6 , because i receive "unsupported -DsocksProxyHost option"
error on start.
i run with this command. ./zap.sh -DsocksProxyHost=127.0.0.1-DsocksProxyPort=9050
from zaproxy.
That needs to be set as JVM arguments, either by editing zap.sh script (e.g. setting before -jar arg) or adding them to Options > JVM. [1]
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsJvm
from zaproxy.
Please make it changeable from UI itself. This would be the update many are waiting for
from zaproxy.
Hi, is there any update on this? Would be really convenient if we could just set this from the options pane instead of some configfile.
from zaproxy.
There is no update at this time.
from zaproxy.
That's so freakin' bugging. I didn't get any error and yet it didn't work. I'm trying to assess an application inside a VPN (which is only accessible through a VPS, only command-line/ssh).
from zaproxy.
@john-goes You didn't get an error for/about what? Did you have something to add that was actually about this enhancement request? (Ex: wanting/needing/contributing SOCKS support?)
If you're look for advice on how to assess something please post the question to the ZAP User Group (https://groups.google.com/forum/#!forum/zaproxy-users), the issue tracker isn't really a good place for such discussions.
from zaproxy.
Any news on this? Would be awesome to have this option.
from zaproxy.
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
from zaproxy.
Related Issues (20)
- Latest owasp/zap2docker-weekly Image Missing `linux/amd64` Build HOT 4
- Command output: exec /zap/zap-baseline.py: exec format error HOT 1
- AMD64 docker images not longer available in Docker Hub HOT 1
- owasp/zap2docker-stable:latest Getting error while building docker image on Jenkins exec /zap/zap.sh: exec format error HOT 1
- 2.14版本的报告问题 HOT 6
- Dockerhub: amd64 images HOT 1
- Web App does not redirect in ZAP browser HOT 3
- Platform Mismatch Error When Running zap2docker-stable:latest HOT 2
- As of 4 days ago there are only arm64 versions of the docker image available for zap2docker-stable HOT 2
- publishing only linux/arm64 images to dockerhub? HOT 2
- Release 2.15 HOT 8
- Can't find Browser View extension HOT 1
- Incomplete report for template Risk and Confidence HTML HOT 14
- Why did I not have a quick start when installing zap2.14 for Win10 HOT 1
- no quick start HOT 2
- ZAP hanging when starting with Tech Detection add-on loading data HOT 3
- Provide ZAP Docker image for `windows/amd64` HOT 11
- alertFilters filter not working fine with contexts. HOT 1
- GraalVM JavaScript engine not loading with Java 22 HOT 4
- ZAP hangs due to large JSON body with the JSON view HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.