我正在尝试将selenium与ZAP集成。
为实现这一目标,我使用以下代码在使用selenium启动浏览器之前自动打开ZAP工具。
我面临的问题是ZAP工具没有正确打开,它卡在中间。
以下代码我用来打开ZAP工具。
代码:
org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:311)
at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:220)
at com.exterro.fusion.selenium.controls.ZAPConfigurations.triggerZAP(ZAPConfigurations.java:61)
at com.exterro.fusion.selenium.core.FusionSignin.config(FusionSignin.java:54)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at sun.net.www.http.HttpClient$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.http.HttpClient.privilegedOpenServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:338)
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:327)
... 31 more
... Removed 27 stack frames
错误:
ImageOverlay
答案 0 :(得分:1)
在启动ZAP时,您似乎没有指定API密钥。如果是这样,那么ZAP将为您创建一个,但您不会知道它是什么,因此无法使用它,ZAP将忽略您的API调用。
要通过命令行设置API密钥,请使用以下选项:-config api.key=change-me-9203935709
您还可以在安全的环境中停用API密钥 - 详情请参阅:https://github.com/zaproxy/zaproxy/wiki/FAQapikey
答案 1 :(得分:0)
此错误消息...
org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:329)
...表示 Java客户端无法与zap Proxy 发起新连接。
由于多种原因,此错误可能浮出水面。解决此错误的几个检查点如下:
中找到相关的讨论
在启动 Java客户端连接时,您必须强制提及API keys,因为默认情况下ZAP需要API密钥才能调用对ZAP进行更改的API操作。因此,默认情况下需要API密钥才能调用任何API操作。这是一项安全功能,可防止恶意站点调用ZAP API。可以在API Options screen中找到API安全选项(包括API密钥)。
代码块:
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = "abcdefghijklmnop123456789";
private static final String ZAP_ADDRESS = "localhost";
private static final String TARGET = "https://public-firing-range.appspot.com";
中找到相关的讨论