0

我最近开始使用 Jenkins 的 Zap 代理插件。我正在使用 ZAP 2.5.0 版。我已经设法在 Jenkins 中配置了这个插件。有什么方法可以为 AJAX Spider URL 选择不同的浏览器(而不是默认的 Firefox)?在 Zap 的独立版本中,可以选择不同的浏览器。

如果我使用 Firefox(版本 49),我会收到以下错误。因此,在从 Jenkins 运行时,我打算使用 phantomjs 或 htmlunit。

--------------------------------------------------------------------  

Status spider = running
    Alerts number =         ApiResponseElement numberOfAlerts = 92

    org.openqa.selenium.firefox.NotConnectedException: Unable to connect to host 127.0.0.1 on port 7055 after 45000 ms. Firefox console output:
    xpi DEBUG   Updating database with changes to installed add-ons
    1478780397489   addons.xpi-utils    DEBUG   Updating add-on states
    1478780397490   addons.xpi-utils    DEBUG   Writing add-ons list
    1478780397494   addons.xpi  DEBUG   Registering manifest for C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
    1478780397495   addons.xpi  DEBUG   Calling bootstrap method startup on e10srollout@mozilla.org version 1.3
    1478780397495   addons.xpi  DEBUG   Registering manifest for C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
    1478780397495   addons.xpi  DEBUG   Calling bootstrap method startup on firefox@getpocket.com version 1.0.4
    1478780397496   addons.xpi  DEBUG   Registering manifest for C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
    1478780397497   addons.xpi  DEBUG   Calling bootstrap method startup on webcompat@mozilla.org version 1.0
    1478780397499   addons.manager  DEBUG   Registering shutdown blocker for XPIProvider
    1478780397499   addons.manager  DEBUG   Provider finished startup: XPIProvider
    1478780397499   addons.manager  DEBUG   Starting provider: LightweightThemeManager
    1478780397499   addons.manager  DEBUG   Registering shutdown blocker for LightweightThemeManager
    1478780397499   addons.manager  DEBUG   Provider finished startup: LightweightThemeManager
    1478780397500   addons.manager  DEBUG   Starting provider: GMPProvider
    1478780397520   addons.manager  DEBUG   Registering shutdown blocker for GMPProvider
    1478780397520   addons.manager  DEBUG   Provider finished startup: GMPProvider
    1478780397521   addons.manager  DEBUG   Starting provider: PluginProvider
    1478780397521   addons.manager  DEBUG   Registering shutdown blocker for PluginProvider
    1478780397522   addons.manager  DEBUG   Provider finished startup: PluginProvider
    1478780397522   addons.manager  DEBUG   Completed startup sequence
    1478780400822   addons.manager  DEBUG   Starting provider: <unnamed-provider>
    1478780400822   addons.manager  DEBUG   Registering shutdown blocker for <unnamed-provider>
    1478780400823   addons.manager  DEBUG   Provider finished startup: <unnamed-provider>
    1478780403674   DeferredSave.extensions.json    DEBUG   Write succeeded
    1478780403674   addons.xpi-utils    DEBUG   XPI Database saved, setting schema version preference to 17
    1478780403674   DeferredSave.extensions.json    DEBUG   Starting timer
    1478780403695   addons.repository   DEBUG   No addons.json found.
    1478780403706   DeferredSave.addons.json    DEBUG   Save changes
    1478780403726   DeferredSave.addons.json    DEBUG   Starting timer
    1478780404682   addons.manager  DEBUG   Starting provider: PreviousExperimentProvider
    1478780404682   addons.manager  DEBUG   Registering shutdown blocker for PreviousExperimentProvider
    1478780404683   addons.manager  DEBUG   Provider finished startup: PreviousExperimentProvider
    1478780404687   DeferredSave.extensions.json    DEBUG   Starting write
    1478780404737   DeferredSave.addons.json    DEBUG   Starting write
    1478780404994   DeferredSave.extensions.json    DEBUG   Write succeeded
    1478780405052   DeferredSave.addons.json    DEBUG   Write succeeded
    1478780419483   addons.xpi  DEBUG   Calling bootstrap method shutdown on e10srollout@mozilla.org version 1.3
    1478780419483   addons.xpi  DEBUG   Calling bootstrap method shutdown on firefox@getpocket.com version 1.0.4
    1478780419483   addons.xpi  DEBUG   Calling bootstrap method shutdown on webcompat@mozilla.org version 1.0
    1478780420249   addons.manager  DEBUG   shutdown
    1478780420250   addons.manager  DEBUG   Calling shutdown blocker for XPIProvider
    1478780420250   addons.xpi  DEBUG   shutdown
    1478780420250   addons.xpi-utils    DEBUG   shutdown
    1478780420251   addons.manager  DEBUG   Calling shutdown blocker for LightweightThemeManager
    1478780420251   addons.manager  DEBUG   Calling shutdown blocker for GMPProvider
    1478780420253   addons.manager  DEBUG   Calling shutdown blocker for PluginProvider
    1478780420254   addons.manager  DEBUG   Calling shutdown blocker for <unnamed-provider>
    1478780420255   addons.manager  DEBUG   Calling shutdown blocker for PreviousExperimentProvider
    1478780420258   addons.xpi  DEBUG   Notifying XPI shutdown observers
    1478780420261   addons.manager  DEBUG   Async provider shutdown done

        at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:112)
        at org.openqa.selenium.firefox.FirefoxDriver.startClient(FirefoxDriver.java:271)
        at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:119)
        at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:218)
        at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:211)
        at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:129)
        at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:241)
        at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:224)
        at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:358)
        at org.zaproxy.zap.extension.spiderAjax.SpiderThread$AjaxSpiderBrowserBuilder.get(SpiderThread.java:329)
        at com.google.inject.util.Providers$3.get(Providers.java:109)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
        at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
        at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
        at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
        at com.crawljax.core.CrawlController.call(CrawlController.java:65)
        at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
        at org.zaproxy.zap.extension.spiderAjax.SpiderThread.run(SpiderThread.java:196)
        at java.lang.Thread.run(Unknown Source)
    55912 [Thread-8] WARN org.zaproxy.zap.extension.spiderAjax.SpiderThread  - Failed to start browser firefox
    com.google.inject.ProvisionException: Guice provision errors:
4

1 回答 1

0

现有的zaproxy-plugin将停止分发,但它们将允许插件的现有用户使用当前版本。该插件长期以来被遗弃,据我所知,UI 并没有产生 1 对 1 的结果(来自我自己的测试)。此外,它从来都不是官方的 zap 插件,而是由一些用户制作的。

官方 OWASP Zed 攻击代理 Jenkins 插件即将推出,我是该项目的首席开发人员。下周查看 Jenkins 市场或下周 ZAP 博客了解更多信息。

回答您有关官方插件的问题。

有什么方法可以为 AJAX Spider URL 选择不同的浏览器(而不是默认的 Firefox)?目前不支持,目前只支持火狐。

我使用 Firefox(版本 49) 你不应该使用最新最好的 Firefox,大多数第三方开源软件通常需要时间才能赶上。话虽如此,我使用 Firefox 46 并且没有问题。有关支持的浏览器的更多详细信息,请参见此处

PS 未来注意事项,用于发布您正在使用的插件版本。

编辑:firefox 是默认设置,但可以通过命令行更改浏览器。

-config ajaxSpider.browserId=htmlunit -config ajaxSpider.browserId=phantomjs

我不知道这是否可行并且不会导致旧 zaproxy-plugin 或新插件出现问题。

于 2016-11-14T18:12:55.740 回答