我正在使用ZAP软件在配置了centos 7的系统上进行安全性测试。问题是该软件无法攻击该网址,并在下面显示错误-
19713 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Spider initializing...
19740 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider...
43779 [ZAP-SpiderThreadPool-0-thread-1] INFO
org.zaproxy.zap.spider.Spider - Spidering process is complete.
Shutting down...
43780 [ZAP-SpiderShutdownThread-0] INFO
org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning
complete: true
46259 [ZAP-QuickStart-AttackThread] ERROR
org.zaproxy.zap.ZAP$UncaughtExceptionLogger - Exception in
thread "ZAP-QuickStart-AttackThread"
java.lang.NoClassDefFoundError: javax/xml/soap/SOAPException
at java.base/java.lang.Class.getDeclaredConstructors0(Native
Method)
at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3138)
at java.base/java.lang.Class.getConstructor0(Class.java:3343)
at java.base/java.lang.Class.getConstructor(Class.java:2152)
at org.zaproxy.zap.control.AddOnLoaderUtils.loadAndInstantiateClassImpl(AddOnLoaderUtils.java:111)
at org.zaproxy.zap.control.AddOnLoaderUtils.loadDeclaredClasses(AddOnLoaderUtils.java:151)
at org.zaproxy.zap.control.AddOnLoaderUtils.getActiveScanRules(AddOnLoaderUtils.java:177)
at org.zaproxy.zap.control.AddOnLoader.getActiveScanRules(AddOnLoader.java:791)
at org.parosproxy.paros.core.scanner.PluginFactory.initPlugins(PluginFactory.java:100)
at org.parosproxy.paros.core.scanner.PluginFactory.getLoadedPlugins(PluginFactory.java:132)
at org.parosproxy.paros.core.scanner.PluginFactory.loadAllPlugin(PluginFactory.java:398)
at org.zaproxy.zap.extension.ascan.ScanPolicy.<init>(ScanPolicy.java:31)
at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:142)
at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:129)
at org.zaproxy.zap.extension.ascan.PolicyManager.getDefaultScanPolicy(PolicyManager.java:205)
at org.zaproxy.zap.extension.ascan.ActiveScanController.startScan(ActiveScanController.java:161)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:273)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:238)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:234)
at org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:143)
Caused by: java.lang.ClassNotFoundException
at org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:256)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 20 more
答案 0 :(得分:1)
此问题已在ZAP用户组https://groups.google.com/forum/m/#!topic/zaproxy-users/OpEBt72gA7w
上解决。最初的发布者正在使用Java11。从Java 9开始,引入了各种更改,这些更改影响了Java SOAP类的位置。 ZAP当前针对Java 8。
选项:
这是一个已知问题,正在跟踪和解决:https://github.com/zaproxy/zaproxy/issues/4037