mozilla :: #websectools

15 Mar 2017
07:47psiinonmorning
12:03diogood morning all!
12:03dio(at least it is in the UK)
12:03dioI came here firstm, rather than opening an issue on github as I believe my query is me doing something silly rather than a problem in ZAP/docker
12:04dioim trying to integrate ZAP into our CI pipeline, using zap2docker
12:04diofollowing the multiple tutorials out there, I can onlly get the stable build to scan my container, live and weekly fail
12:04diowhen I inspect the output, its full of messages like this
12:04dio72525 [ZAP-ProxyThread-68] WARN org.zaproxy.zap.extension.api.API - Request to API URL http://zap/JSON/core/view/version/ from 0:0:0:0:0:0:0:1 not permitted
12:05dioI havent actually been able to find a reference to this anywhere else, hence why I am here
12:05dioany help would be much appreciated!
12:06thc202dio, hi, right, that's a new feature
12:06thc202how are you calling the ZAP API?
12:07diovia zap-baseline.py I believe
12:07dioso what Im doing is
12:08diosudo docker run --rm -ti owasp/zap2docker-live zap-baseline.py -t 172.17.0.3:3000
12:08thc202ok, the python API client needs to be updated to support the new feature, we will do that soon
12:08dioah ok
12:08dioso basically stick with stable for the time?
12:09thc202until then you need to start ZAP with -config api.nokeyforsafeops=true
12:09thc202(for live/weekly)
12:11thc202with that command it needs to be: -z "-config api.nokeyforsafeops=true"
12:22* psiinon needs to update the FAQ for that :/
12:27dioah
12:27dioI will try it out and report back!
12:27diothank you :)
12:33thc202np
12:39psiinonhi dio - welcome to #websectools (dont think I've spotted you here before;)
12:39psiinonhow are you getting on with ZAP (apart from the above issue)?
12:46dio@psiinon I havent used it that much tbh
12:46dioI used to be a heavy burp user
12:46diobut Im trying to give it a go!
12:46diobecause Id really like it to succeed as a project :)
12:48psiinonso would we :D
12:49psiinonlet us know how you get on, and if you have any suggestions for improvements
12:49psiinon(or if you'd like to get involved of course;)
21:24stephendany chance you're around, thc202?
21:25thc202I am
21:25stephendhello!
21:26stephendso, sorry - so far, I've gotten nowhere w/Incapsula, for http://iscarlycrawlingyet.com/
21:27stephendwhile it says it's not-yet-active (and that I need to set up DNS zone transfers), it's clearly being served by or at least resolved through them
21:27stephendbut I was wondering if you've been able to get that Docker image close to being able for me to run on my problematic instance
21:29thc202you seeing same errors?
21:29thc202re docker image, not yet, will take care of that tomorrow
21:30thc202I'll ping you when ready
22:15stephendoops, sorry, forgot to check back
22:15* stephend looks
22:29stephendthc202: yeah, same: https://gist.github.com/stephendonner/b4eeb1f2167400241ac91666955a4a53
22:31thc202ok
22:33thc202could you try adding also: -config connection.dnsTtlSuccessfulQueries=-1
22:33thc202just to see if it makes any difference there
23:03kingthorinHeya, anyone around?
23:06thc202hi kingthorin
23:07kingthorinHeya
23:08kingthorinso I got that new method working, but my old problem came back :(
23:09kingthorinjust commiting/pushing
23:10kingthorinthere it is
23:11kingthorinYer day going ok? You know you can always tell me if I catch you at a bad time? I understand you've got stuff on the go too....
23:12thc202old problem? not selecting the correct node?
23:12thc202good, no worries, I've time :)
23:13kingthorinit's selects it but doesn't display the selection
23:15thc202ah, it needs to be getTreeModel().getAlertNode(alert).getPath()
23:15kingthorinoh I hope that's all I missed
23:16kingthorinsweet!
23:17thc202working now?
23:17kingthorinyup
23:17thc202cool
23:18thc202I'll try reproduce the issue you mentioned in the PR (does not seem related to the PR changes)
23:18kingthorinI hate that get path from path, getting path from node seems more natural to me......I know getPath() technically isn't returning path but rather a list of path components, but still seems weird for some reason.....
23:18kingthorinok glad to hear that
23:20thc202yeah, it could return a TreePath
23:21thc202(just noticed your comment in the PR)
23:22kingthorinno no the problem isn't the new method ....it's that new TreePath expects an array of TreeNodes i.e.: via getPath() so it seems funny yo have to code new TreePath = node.getPath() ..... which is make a path from a path
23:22kingthorinwhich comment?
23:23thc202the one about the selections you did earlier (~24 minutes ago)
23:23thc202right
23:24kingthorinoh ok
23:24thc202there are no other changes left for that PR, right? (if so, could be merged tomorrow for the weekly :)
23:25kingthorinwell as long as that other bug really isn't realated
23:25kingthorin*related
23:25thc202your changes should not cause that
23:26kingthorinok just pushed that last fix (fingers crossed)
23:29thc202lgtm :)
23:29kingthoringreat
23:30thc202just left the help changes (but that's another PR)
23:30kingthorinyup I'll knock that together now
23:31thc202ok
16 Mar 2017
No messages
   
Last message: 158 days and 15 hours ago