Computers, Programming, Technology, Music, Literature

Archive for the ‘Java’ Category

OWASP ZAP: Global Exclude URL (Beta) – bug and fix

leave a comment »

As you proxy your browser traffic through OWASP ZAP, chances are that you are annoyed by noise.  That is by default browsers these days make a lot of requests to update version, update cache, addons update and what not. It get’s really difficult to focus on the website at hand when you have other sites cluttering your Sites and History tab.

The Global Exclude URL functionality was supposed to work and it did work partially.

There was a minor bug and that was fixed.  A screen recording of the bug and the bug fix url below:

Global Exclude URL (beta) – after close and reopen does not pick up added regex for excluding URLs #3275

 

 

Advertisements

Written by gmaran23

March 22, 2017 at 2:08 am

OWASP ZAP Development – Fixing the Can’t find bundle for base name lang.Messages error

leave a comment »

 

I have been generating the API files for OWASP ZAP DOT NET API since the inception. There is the core zaproxy project that has the DotNetAPIGenerator.java class. And there is the extensions project, including the beta and alpha.

image

Now, when I tried to generate the ‘non-optional’, i.e., the core API files for .Net, everything would work fine, the API files would be generated as below.

 

image

OWASP ZAP is internationalized, so the source code comes with a bunch of resource bundles with supporting language files.

When you try to generate the API files for the extensions project, you get this wonderful error message.

Exception in thread "main" java.util.MissingResourceException: Can’t find bundle for base name lang.Messages, locale en at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1564) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1387) at java.util.ResourceBundle.getBundle(ResourceBundle.java:890) at org.zaproxy.zap.extension.api.AbstractAPIGenerator.(AbstractAPIGenerator.java:68) at org.zaproxy.zap.extension.api.JavaAPIGenerator.(JavaAPIGenerator.java:81) at org.zaproxy.zap.extension.ApiGenerator.main(ApiGenerator.java:73)

 

image

I have fixed this error message before when I was trying to generate the api files back in 2015. Running in debug mode and stepping through pointed out that the zaproxy core project had the resource files under a directory that was not available to the extensions project.

This error was gruesome.

In the end all I had to do was copy the contents of the workspaceowaspzap\zaproxy\src\lang directory to workspaceowaspzap\zap-extensions\bin\lang

That’s it. Do the same thing for the alpha, and beta extensions’ bin directory too.

 

image

Cheers. Try the OWASP ZAP DOT NET API available at nuget.org.

Written by gmaran23

March 22, 2017 at 1:46 am

Downloading and Building OWASP ZAP source from Github using Eclipse IDE

with one comment

 

Download this blog as PDF – https://renouncedthoughts.files.wordpress.com/2015/07/downloading-and-building-owasp-zap-source-from-github-using-eclipse-ide1.pdf 

 

This is a quick and dirty blog for those that are new to Eclipse IDE and want to try tweaking the OWASP Zed Attack Proxy’s code. I must say that that you might stumble upon this well written guide titled “Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers” here -  http://www.taddong.com/docs/Building_ZAP_with_Eclipse_v3.0.pdf . First time I was trying to build ZAP with Eclipse this guide was my complete reference. However, OWASP ZAP’s code was recently move to GitHub in the month of May-June 2015 rendering that guide obsolete and my OWASP ZAP Eclipse workspace – connected to google code SVN – a little defunct. Raul Siles, the author of the above guide would update it for changes with respect to the GitHub move.

Recently I was trying to download OWASP ZAP’s code from GitHub and build it because the existing code from SVN (google code) went obsolete. I am not an advanced Eclipse user or Java developer and I was a little lost trying to clone the new OWASP ZAP GitHub repo to my Eclipse. As I was trying, I took screenshots and ended up posted in this blog. Remember, this blog is not a step by step instruction, but it is a quick and dirty steps (5 major steps) to get OWASP ZAP’s code running in your Eclipse IDE.

Glimpse through the articles titled

  1. Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers
  2. Building ZAP (https://github.com/zaproxy/zaproxy/wiki/Building),
  3. Downloading and Building OWASP ZAP source from Github using Eclipse IDE (this article)

and I am sure you’d get ZAP running on your Eclipse IDE.

1

Download Eclipse

…  from https://eclipse.org/downloads/. If you are confused which edition to download, pick the Eclipse IDE for Java Developers

image

 

When you open Eclipse for the first time choose the default workspace and proceed. If you’d like create a workspace such as workspaceowaspzap like I did. Refer to Raul Siles guide for workspace screenshots.

Make sure you have EGit plugin installed. If you are a prime time command liner with Git you may not need this plugin.

If you have downloaded Eclipse from Eclipse for Java Developers, then please ensure in the Eclipse Installation Details you have the below three components highlighted

  1. Eclipse Git Team Provider
  2. Java Implementation of Git
  3. Mylyn Versions Connector: Git

At the time of this writing Eclipse IDE for Java Developers comes with all required plugins to work with Git ( and hence GitHub)

image

2

Add a Git Perspective

… to view Git Repositories and stuff..bla bla

Hit the Open Perspective button at the right top corner 

image

Choose Git at the Open Perspective Dialog

image

Hit OK to view the Git Repositories view.

image

Tip: From time to time you could hit the Java perspective to view the Java related tools and views, you could hit the Git perspective to view your Git Repositories.

image

 

If you look at the workspace that we choose when opening Eclipse, in Windows Explorer now it just has one folder named .metadata. Time to download the code from https://github.com/zaproxy 

 

image

3

Downloading the OWASP ZAP’s code

Choose File –> Import

image

Select Team –> Team Project Set. Hit Next.

image

In the Team Project Set Dialog, Input the Url –
https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZAP-projectSet.psf 
and hit Finish.

image

Tip: Always refer to the recent project set Url available at https://github.com/zaproxy/zaproxy/wiki/Building

image

 

4

Wait for the ZAP projects to be downloaded and built

Watch the progress as the Git Repositories view would show projects as and when they are downloaded

image

Once all the ZAP projects are downloaded, your workspace the Git Repositories view should look like below. The approximate size of the workspace with all the ZAP coded summed up to 2.27 GB for me (on July 4 2015).

image

5

Run ZAP’s source and start playing (and contributing)

Switch to the Java perspective

image

In the Package Explorer, right click zaproxy and choose Run As –> Java Application

image

Eclipse would search for the Main types. In the Select Java Application dialog choose ZAP and hit OK

image

Witness the Console Logs

image

Start ZAPping

image

 

Tip: You can also start ZAP by hitting the play button in Eclipse

image

If you encounter any problems, try fixing it yourself first – spend a day or two Winking smile, as a last resort – post at the ZAP Developer group here – https://groups.google.com/forum/#!forum/zaproxy-develop

Written by gmaran23

July 5, 2015 at 1:25 pm