SOCKS (outgoing) proxy support about zaproxy HOT 27 CLOSED

There is, should be for next weekly.

from zaproxy.

(No text was entered with this change)

Original issue reported on code.google.com by psiinon on 2010-12-18 10:17:37

• Labels added: Type-Enhancement
• Labels removed: Type-Defect

from zaproxy.

I looked at this briefly this weekend: I need to familiarise myself with the code before
I am able to add in SOCKS proxy support, but in the meantime I found that with Java
5 and above you should be able to add the following parameters to the java command
line:

  -DsocksProxyHost=<proxyserver> -DsocksProxyPort=<proxyport>

This should work in Java 5 and above, and is documented at http://download.oracle.com/javase/6/docs/technotes/guides/net/proxies.html

I have tested this on Debian GNU/Linux 6.0 (“squeeze”) and Windows XP, and it mostly
works, although I get zero‐sized responses from some sites serving HTTPS.

Original issue reported on code.google.com by [email protected] on 2011-04-27 12:32:34

from zaproxy.

Thanks for looking at this :)
Let us know if you need any pointers to where to find things in the code.

Psiinon

Original issue reported on code.google.com by psiinon on 2011-04-27 13:05:07

from zaproxy.

You can also take a look at how OWASP Proxy has implemented this.

In fact, OWASP Proxy also has Socks server support, allowing you to get a completely
"clean" request, un-polluted with the browser's additional handling for an HTTP proxy.

I have no problem making this available for incorporation into ZAP

Original issue reported on code.google.com by rogan.dawes on 2012-01-04 19:08:05

from zaproxy.

Thanks for the offer of the OWASP proxy Rogan.
We've had some other issues with the HttpClient library modifying requests (Issue 257)
which your proxy will probably fix.
Changing proxies probably wont be a simple job, but might well make ZAP cleaner and
better.
Dont fancy doing this before 1.4 though ;)

Original issue reported on code.google.com by psiinon on 2012-01-04 20:22:51

from zaproxy.

any plans of getting this feature in Release 2.0

Original issue reported on code.google.com by [email protected] on 2012-09-14 19:59:44

from zaproxy.

I'm not aware of anyone working on this I'm afraid.
Want to have a go at it yourself? ;)

Cheers,

Simon

Original issue reported on code.google.com by psiinon on 2012-09-17 08:59:26

from zaproxy.

Here is a quick hack to the launcher if you want to go trough socks5 using tor bundle
: 

if [[ "$1" "untor" ]]
then
echo "[+] Not going trough Tor"
exec java ${JMEM} -XX:PermSize256M -jar "${BASEDIR}/zap.jar" $*
else
echo "[+] Going through socks5 on localhost:9150"
exec java ${JMEM} -XX:PermSize256M -DsocksProxyHost127.0.0.1 -DsocksProxyPort9150 -jar
"${BASEDIR}/zap.jar" $*
fi 

Cheers,
Zack

Original issue reported on code.google.com by badzack on 2014-02-18 10:18:55

from zaproxy.

this hack does not work 
port is 9050
and even after these changes it connects without proxy , or with proxy as specified
in 
options >> connections 
and in case of tor throws tor is not http error

Original issue reported on code.google.com by aloksaurabh2007 on 2014-06-21 12:30:54

from zaproxy.

Heard from anantshr_ on irc that
 -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=8085
does the trick.
Should be easy to add this to the UI options and set in the code as per https://stackoverflow.com/questions/120797/how-do-i-set-the-proxy-to-be-used-by-the-jvm

Original issue reported on code.google.com by psiinon on 2014-10-22 19:54:47

from zaproxy.

just adding more to what i added over at IRC.

the setting worked from commandline however it has to be made sure that there is no
configuration marked in Outbound proxy config inside the ZAP configuration.

Original issue reported on code.google.com by [email protected] on 2014-10-25 12:27:05

from zaproxy.

any plans of having this feature in next release or so running it from commandline always
is a tiresome effort ( I know we can create a shell/desktop shortcut which i have right
now) but internal feature would be nice.

Original issue reported on code.google.com by [email protected] on 2015-04-14 12:58:33

from zaproxy.

Simply adding the socksProxy* command line options to the JVM like
-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050
or whatever values are your proxy's settings did not work for me on Mac OS X 10.9.5
Mavericks.

Java didn't complain about the addition of the options when I put them in the `zap.sh`
launcher script, but I still got ZAP's error response for every page I tried to load.
The error looked like this:

    ZAP Error [java.net.SocketException]: SOCKS server general failure

I tried this with both the Mac OS X app bundle as well as the "Linux/cross platform"
download. Each behaved the same for me.

I also tried using
-Djava.net.useSystemProxies=true

thinking that this would force ZAP to respect the SOCKS proxy settings in my Mac OS
X Network System Preference pane, but to no avail.

Did I miss something obvious or is there some special magic spell required for Java
to play nice with proxies on Apple's OS? Thanks in advance for any pointers you might
have.

Original issue reported on code.google.com by meitarm on 2015-05-23 02:00:02

from zaproxy.

+1 so then zap can connect with tor

from zaproxy.

@Woolworths it's possible to connect through Tor using the command line options.
Anyway, it shouldn't take too much time to add this as an option...

from zaproxy.

@thc202, I have just updated to OWASP ZAP 2.4.2 and was able to connect via Tor by adding -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9050 directly into the zap.sh script, but ZAP did not connect via Tor when I added the same JVM options to the new "JVM" preference window nor did it do so when passing directly from the command line (like ./zap.sh -DsocksProxyHost=127.0.0.1-DsocksProxyPort=9050).

In the former case (using the JVM options free form text field from within ZAP and then restarting it), the options simply seemed to be ignored, even though they were written to the .ZAP_JVM.properties file. That is, running a ps -ef | grep java on my system showed that ZAP was launched without the -D* options in the .ZAP_JVM.properties file being passed to the JVM at all.

In the latter case (passing the arguments on the command line to the zap.sh) script resulted in an "unrecognized option" dialogue in the ZAP GUI after ZAP had launched. I believe this is because the JVM options must be specified before the path to the jar being loaded (java [ options ] -jar file.jar [ argument... ] according to my system's java man page), but the zap.sh script for ZAP 2.4.2 places the arguments after the jar, passing them to ZAP itself instead of the JVM. Making this small change resolves at least that problem, for me.

For reference, I am on a Mac OS X 10.10.5 (Yosemite) system.

from zaproxy.

Also, some good news: the previous error I was reporting as well as a related issue wherein browsing http://localhost/ through ZAP returned a similar SOCKS error, has been resolved by an update to the latest JRE (1.8.0_60).

Specifically, the zap.sh script prefers the JVM bundled with the OWASP ZAP distribution. This means when ZAP runs without modifications it uses JRE 1.7.0_79. But by moving that out of the way and then launching ZAP normally, the SOCKS error vanishes, even when testing against web sites hosted by the same machine running the local ZAP proxy. Even more specifically:

MyMachine:bin me$ pwd
/Applications/OWASP ZAP.app/Contents/PlugIns/jre1.7.0_79.jre/Contents/Home/bin
MyMachine:bin me$ ls
java        keytool     orbd        pack200     policytool  rmid        rmiregistry servertool  tnameserv   unpack200
MyMachine:bin me$ ./java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)
MyMachine:bin me$ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home
MyMachine:bin me$ mv java java.DISABLED
MyMachine:bin me$ open -a "OWASP ZAP.app" # This time, ZAP runs in JRE version 1.8.0_60. Yay!

from zaproxy.

Hello,
is this feature not supported in zaproxy 2.6 , because i receive "unsupported -DsocksProxyHost option"
error on start.
i run with this command. ./zap.sh -DsocksProxyHost=127.0.0.1-DsocksProxyPort=9050

from zaproxy.

That needs to be set as JVM arguments, either by editing zap.sh script (e.g. setting before -jar arg) or adding them to Options > JVM. [1]

[1] https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsJvm

from zaproxy.

Please make it changeable from UI itself. This would be the update many are waiting for

from zaproxy.

Hi, is there any update on this? Would be really convenient if we could just set this from the options pane instead of some configfile.

from zaproxy.

There is no update at this time.

from zaproxy.

That's so freakin' bugging. I didn't get any error and yet it didn't work. I'm trying to assess an application inside a VPN (which is only accessible through a VPS, only command-line/ssh).

from zaproxy.

@john-goes You didn't get an error for/about what? Did you have something to add that was actually about this enhancement request? (Ex: wanting/needing/contributing SOCKS support?)

If you're look for advice on how to assess something please post the question to the ZAP User Group (https://groups.google.com/forum/#!forum/zaproxy-users), the issue tracker isn't really a good place for such discussions.

from zaproxy.

Any news on this? Would be awesome to have this option.

from zaproxy.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from zaproxy.