HUD Tutorial is non-functional #1301
Description
Describe the bug
The ZAP HUD tutorial does not show
- the intended page alert:
- the intended site alert:
- any
WebSocketsrequests or responses:
- any data in the
Sites Tree:
Steps to reproduce the behavior
- Install ParrotOS 5.3 (Electro Ara) in VMWare Workstation 17 and update the pre-installed
zaproxyfrom 2.12 to 2.13, by downloading the ZIP via theUpdatepop-up and then replace the folder at /usr/share/zaproxy with the folder from the ZIP. Rename the folder from the zip tozaproxy, so that you have the path/usr/share/zaproxyagain. - Start zaproxy via the terminal with
zaproxyand then start the built-in Firefox. - Start the
HUD Tutorialeither via the pop-up or via the HUD menu on the bottom right of the browser (gearbox icon). - Progress the tutorial till at least the
Page Alertschapter. - It should not show the information in the HUD as proclaimed but the tutorial text.
Expected behavior
The HUD should indicate the vulnerabilities / issues in its UI, as explained in the tutorial's text.
Software versions
OWASP ZAP
Version: 2.13.0
Installed Add-ons: [[id=alertFilters, version=17.0.0],
[id=ascanrules, version=56.0.0], [id=authhelper,
version=0.9.0], [id=automation, version=0.30.0],
[id=bruteforce, version=14.0.0], [id=callhome,
version=0.7.0], [id=commonlib, version=1.15.0],
[id=database, version=0.2.0], [id=diff, version=13.0.0],
[id=directorylistv1, version=6.0.0], [id=domxss,
version=16.0.0], [id=encoder, version=1.2.0], [id=exim,
version=0.6.0], [id=formhandler, version=6.4.0], [id=fuzz,
version=13.10.0], [id=gettingStarted, version=15.0.0],
[id=graaljs, version=0.4.0], [id=graphql, version=0.18.0],
[id=help, version=16.0.0], [id=hud, version=0.17.0],
[id=invoke, version=13.0.0], [id=network, version=0.10.0],
[id=oast, version=0.16.0], [id=onlineMenu, version=11.0.0],
[id=openapi, version=35.0.0], [id=pscanrules,
version=50.0.0], [id=quickstart, version=38.0.0],
[id=replacer, version=13.0.0], [id=reports, version=0.23.0],
[id=requester, version=7.3.0], [id=retest, version=0.6.0],
[id=retire, version=0.24.0], [id=reveal, version=6.0.0],
[id=scripts, version=39.0.0], [id=selenium,
version=15.13.0], [id=soap, version=18.0.0], [id=spider,
version=0.5.0], [id=spiderAjax, version=23.15.0], [id=tips,
version=11.0.0], [id=webdriverlinux, version=57.0.0],
[id=websocket, version=29.0.0], [id=zest, version=39.0.0]]
Operating System: Linux
Architecture: amd64
Java Version: Debian 17.0.7
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_US
Default Charset: UTF-8
ZAP Home Directory: /home/killchain/.ZAP/
ZAP Installation Directory: /usr/share/zaproxy/./
Look and Feel: FlatLaf Dark (com.formdev.flatlaf.FlatDarkLaf)
Screenshots
Errors from the zap.log file
2023-10-02 14:23:03,641 [main ] INFO Constant - Copying default configuration to /home/killchain/.ZAP/config.xml
2023-10-02 14:23:03,922 [main ] INFO Constant - Creating directory /home/killchain/.ZAP/session
2023-10-02 14:23:03,923 [main ] INFO Constant - Creating directory /home/killchain/.ZAP/dirbuster
2023-10-02 14:23:03,924 [main ] INFO Constant - Creating directory /home/killchain/.ZAP/fuzzers
2023-10-02 14:23:03,925 [main ] INFO Constant - Creating directory /home/killchain/.ZAP/plugin
2023-10-02 14:23:04,104 [main ] INFO GuiBootstrap - OWASP ZAP 2.12.0 started 02/10/2023, 14:23:04 with home /home/killchain/.ZAP/
2023-10-02 14:23:04,262 [AWT-EventQueue-0] WARN GuiBootstrap - Failed to set awt app class name: Unable to make field private static java.lang.String sun.awt.X11.XToolkit.awtAppClassName accessible: module java.desktop does not "opens sun.awt.X11" to unnamed module @6f2fd062
2023-10-02 14:23:06,209 [AWT-EventQueue-0] INFO View - Initialising View
2023-10-02 14:23:11,622 [ZAP-BootstrapGUI] INFO ExtensionFactory - Installed add-ons: [[id=alertFilters, version=14.0.0], [id=ascanrules, version=49.0.0], [id=automation, version=0.19.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.5.0], [id=commonlib, version=1.11.0], [id=database, version=0.1.0], [id=diff, version=12.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=14.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.3.0], [id=formhandler, version=6.1.0], [id=fuzz, version=13.8.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.11.0], [id=help, version=15.0.0], [id=hud, version=0.15.0], [id=invoke, version=12.0.0], [id=network, version=0.3.0], [id=oast, version=0.13.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=29.0.0], [id=pscanrules, version=44.0.0], [id=quickstart, version=35.0.0], [id=replacer, version=11.0.0], [id=reports, version=0.16.0], [id=requester, version=7.0.0], [id=retest, version=0.4.0], [id=retire, version=0.16.0], [id=reveal, version=5.0.0], [id=scripts, version=33.0.0], [id=selenium, version=15.11.0], [id=soap, version=15.0.0], [id=spider, version=0.1.0], [id=spiderAjax, version=23.10.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=46.0.0], [id=websocket, version=27.0.0], [id=zest, version=37.0.0]]
2023-10-02 14:23:11,652 [ZAP-BootstrapGUI] INFO ExtensionFactory - Loading extensions
2023-10-02 14:23:12,023 [ZAP-BootstrapGUI] WARN ExtensionScript - No default JavaScript/ECMAScript engine found, some scripts might no longer work.
2023-10-02 14:23:12,965 [ZAP-BootstrapGUI] INFO TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
2023-10-02 14:23:13,877 [ZAP-BootstrapGUI] INFO ExtensionFactory - Extensions loaded
2023-10-02 14:23:17,390 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
2023-10-02 14:23:17,747 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Options Extension - Options Extension
2023-10-02 14:23:19,278 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
2023-10-02 14:23:19,293 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
2023-10-02 14:23:19,363 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing History Extension - History Extension
2023-10-02 14:23:19,900 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
2023-10-02 14:23:19,934 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
2023-10-02 14:23:20,210 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
2023-10-02 14:23:20,559 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
2023-10-02 14:23:20,793 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
2023-10-02 14:23:20,797 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
2023-10-02 14:23:20,799 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
2023-10-02 14:23:20,814 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
2023-10-02 14:23:20,826 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
2023-10-02 14:23:20,832 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
2023-10-02 14:23:20,842 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
2023-10-02 14:23:20,851 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
2023-10-02 14:23:20,857 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: CSP
2023-10-02 14:23:20,860 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
2023-10-02 14:23:20,864 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
2023-10-02 14:23:20,870 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
2023-10-02 14:23:20,876 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
2023-10-02 14:23:20,887 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
2023-10-02 14:23:20,902 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
2023-10-02 14:23:20,905 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2023-10-02 14:23:20,914 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
2023-10-02 14:23:20,918 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
2023-10-02 14:23:20,930 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
2023-10-02 14:23:20,937 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
2023-10-02 14:23:20,941 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
2023-10-02 14:23:20,945 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
2023-10-02 14:23:20,948 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
2023-10-02 14:23:20,960 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
2023-10-02 14:23:20,969 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2023-10-02 14:23:20,973 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
2023-10-02 14:23:20,980 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
2023-10-02 14:23:20,988 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
2023-10-02 14:23:20,998 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
2023-10-02 14:23:21,004 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
2023-10-02 14:23:21,008 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
2023-10-02 14:23:21,012 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
2023-10-02 14:23:21,026 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
2023-10-02 14:23:21,037 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
2023-10-02 14:23:21,044 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
2023-10-02 14:23:21,050 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
2023-10-02 14:23:21,060 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
2023-10-02 14:23:21,063 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
2023-10-02 14:23:21,068 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
2023-10-02 14:23:21,079 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
2023-10-02 14:23:21,082 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
2023-10-02 14:23:21,086 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
2023-10-02 14:23:21,099 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Open Redirect
2023-10-02 14:23:21,114 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
2023-10-02 14:23:21,120 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Viewstate
2023-10-02 14:23:21,128 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
2023-10-02 14:23:21,144 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
2023-10-02 14:23:21,150 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
2023-10-02 14:23:21,170 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
2023-10-02 14:23:21,177 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
2023-10-02 14:23:21,186 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
2023-10-02 14:23:21,210 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js)
2023-10-02 14:23:21,216 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
2023-10-02 14:23:21,350 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
2023-10-02 14:23:21,917 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2023-10-02 14:23:22,319 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
2023-10-02 14:23:22,369 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
2023-10-02 14:23:22,575 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
2023-10-02 14:23:22,586 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
2023-10-02 14:23:22,655 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
2023-10-02 14:23:22,712 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Authentication Extension - Authentication Extension
2023-10-02 14:23:22,801 [ZAP-BootstrapGUI] INFO ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
2023-10-02 14:23:22,845 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
2023-10-02 14:23:22,861 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Users Extension - Users Extension
2023-10-02 14:23:22,896 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
2023-10-02 14:23:22,975 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Script Extension - Script integration
2023-10-02 14:23:23,032 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
2023-10-02 14:23:23,646 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Forced User Extension - Forced User Extension
2023-10-02 14:23:23,678 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
2023-10-02 14:23:23,811 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
2023-10-02 14:23:24,340 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
2023-10-02 14:23:24,345 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
2023-10-02 14:23:24,358 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
2023-10-02 14:23:24,561 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Session Management Extension - Session Management Extension
2023-10-02 14:23:24,587 [ZAP-BootstrapGUI] INFO ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
2023-10-02 14:23:24,596 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
2023-10-02 14:23:24,616 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
2023-10-02 14:23:24,939 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
2023-10-02 14:23:24,949 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
2023-10-02 14:23:24,952 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Authorization Extension - Authorization Extension
2023-10-02 14:23:24,956 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Requester - Allows to manually edit and send messages.
2023-10-02 14:23:25,439 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
2023-10-02 14:23:25,717 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
2023-10-02 14:23:25,816 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
2023-10-02 14:23:25,848 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
2023-10-02 14:23:25,855 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
2023-10-02 14:23:26,224 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
2023-10-02 14:23:26,232 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
2023-10-02 14:23:26,960 [ZAP-BootstrapGUI] INFO ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
2023-10-02 14:23:26,982 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
2023-10-02 14:23:27,139 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
2023-10-02 14:23:27,214 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
2023-10-02 14:23:27,303 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
2023-10-02 14:23:27,326 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
2023-10-02 14:23:27,400 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
2023-10-02 14:23:28,014 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2023-10-02 14:23:28,049 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
2023-10-02 14:23:28,081 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Statistics Extension - Statistics
2023-10-02 14:23:28,103 [ZAP-BootstrapGUI] INFO ExtensionStats - Start recording in memory stats
2023-10-02 14:23:28,108 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
2023-10-02 14:23:28,116 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
2023-10-02 14:23:28,147 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
2023-10-02 14:23:28,156 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
2023-10-02 14:23:28,162 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
2023-10-02 14:23:28,257 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Common Library - A library of shared functionality
2023-10-02 14:23:28,288 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
2023-10-02 14:23:28,393 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
2023-10-02 14:23:28,448 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
2023-10-02 14:23:28,470 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used for generated content (e.g. spiders, importers).
2023-10-02 14:23:28,545 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
2023-10-02 14:23:28,571 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
2023-10-02 14:23:28,753 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
2023-10-02 14:23:28,770 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
2023-10-02 14:23:29,181 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
2023-10-02 14:23:29,223 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
2023-10-02 14:23:29,229 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Form Handler - GraphQL Form Handler Integration
2023-10-02 14:23:29,240 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Spider - GraphQL Spider Integration
2023-10-02 14:23:29,245 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
2023-10-02 14:23:29,722 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
2023-10-02 14:23:29,727 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
2023-10-02 14:23:29,855 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
2023-10-02 14:23:29,861 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
2023-10-02 14:23:29,872 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
2023-10-02 14:23:29,896 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
2023-10-02 14:23:29,916 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Form Handler - OpenAPI Form Handler Integration
2023-10-02 14:23:29,921 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Spider - OpenAPI Spider Integration
2023-10-02 14:23:29,934 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
2023-10-02 14:23:29,950 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications
2023-10-02 14:23:30,226 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
2023-10-02 14:23:30,268 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
2023-10-02 14:23:30,275 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
2023-10-02 14:23:30,395 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Spider Integration - Adds the option to use the traditional Spider in the Quick Start scan.
2023-10-02 14:23:30,447 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
2023-10-02 14:23:30,486 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
2023-10-02 14:23:30,508 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
2023-10-02 14:23:30,520 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
2023-10-02 14:23:30,535 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
2023-10-02 14:23:30,567 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
2023-10-02 14:23:30,576 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Form Handler - SOAP Form Handler Integration
2023-10-02 14:23:30,596 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Spider - SOAP Spider Integration
2023-10-02 14:23:30,600 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site.
2023-10-02 14:23:30,922 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Automation - Spider Automation Integration
2023-10-02 14:23:30,934 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Form Handler - Spider Form Handler Integration
2023-10-02 14:23:30,946 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
2023-10-02 14:23:30,954 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
2023-10-02 14:23:30,961 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
2023-10-02 14:23:30,967 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSocket Message Editor - Provides the WebSocket Message Editor dialogues.
2023-10-02 14:23:31,429 [ZAP-BootstrapGUI] WARN ExtensionImportWSDL - The Oracle Nashorn engine was not found, script variant will not be added.
2023-10-02 14:23:31,433 [ZAP-BootstrapGUI] INFO ExtensionKeyboard - Initializing keyboard shortcuts
2023-10-02 14:23:31,440 [ZAP-BootstrapGUI] WARN ExtensionGraphQl - The Oracle Nashorn engine was not found, script variant will not be added.
2023-10-02 14:23:32,384 [ZAP-BootstrapGUI] INFO VersionPrinter - Flyway Community Edition 9.4.0 by Redgate
2023-10-02 14:23:32,387 [ZAP-BootstrapGUI] INFO VersionPrinter - See what's new here: https://flywaydb.org/documentation/learnmore/releaseNotes#9.4.0
2023-10-02 14:23:32,392 [ZAP-BootstrapGUI] INFO VersionPrinter -
2023-10-02 14:23:32,433 [ZAP-BootstrapGUI] INFO BaseDatabaseType - Database: jdbc:hsqldb:file:/home/killchain/.ZAP/db/permanent (HSQL Database Engine 2.7)
2023-10-02 14:23:32,447 [ZAP-BootstrapGUI] WARN Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.
2023-10-02 14:23:32,493 [ZAP-BootstrapGUI] INFO DbValidate - Successfully validated 1 migration (execution time 00:00.026s)
2023-10-02 14:23:32,504 [ZAP-BootstrapGUI] INFO JdbcTableSchemaHistory - Creating Schema History table "PUBLIC"."flyway_schema_history" ...
2023-10-02 14:23:32,568 [ZAP-BootstrapGUI] INFO DbMigrate - Current version of schema "PUBLIC": << Empty Schema >>
2023-10-02 14:23:32,592 [ZAP-BootstrapGUI] INFO DbMigrate - Migrating schema "PUBLIC" to version "1 - Create table boast"
2023-10-02 14:23:32,623 [ZAP-BootstrapGUI] INFO DbMigrate - Successfully applied 1 migration to schema "PUBLIC", now at version v1 (execution time 00:00.066s)
2023-10-02 14:23:32,648 [ZAP-BootstrapGUI] INFO CallbackService - Started callback service on 0.0.0.0:39281
2023-10-02 14:23:32,831 [ZAP-BootstrapGUI] INFO ExtensionNetwork - Creating new root CA certificate.
2023-10-02 14:23:34,691 [ZAP-BootstrapGUI] INFO ExtensionNetwork - New root CA certificate created.
2023-10-02 14:23:48,757 [AWT-EventQueue-0] INFO Control - New Session
2023-10-02 14:23:48,784 [AWT-EventQueue-0] INFO Control - Create and Open Untitled Db
2023-10-02 14:26:23,263 [ZAP-Shutdown] INFO Control - OWASP ZAP 2.12.0 terminated.
2023-10-02 14:26:23,264 [ZAP-Shutdown] INFO Control - Openning file /home/killchain/.ZAP/plugin/ZAP_2.13.0_Linux.tar.gz
2023-10-02 14:31:34,225 [main ] INFO Constant - Backing up config file to /home/killchain/.ZAP/config.xml.bak
2023-10-02 14:31:34,252 [main ] INFO Constant - Upgraded from 20012000
2023-10-02 14:31:34,679 [main ] INFO GuiBootstrap - OWASP ZAP 2.13.0 started 02/10/2023, 14:31:34 with home /home/killchain/.ZAP/
2023-10-02 14:31:34,853 [AWT-EventQueue-0] WARN GuiBootstrap - Failed to set awt app class name: Unable to make field private static java.lang.String sun.awt.X11.XToolkit.awtAppClassName accessible: module java.desktop does not "opens sun.awt.X11" to unnamed module @6f2fd062
2023-10-02 14:31:36,832 [AWT-EventQueue-0] INFO View - Initialising View
2023-10-02 14:31:41,909 [ZAP-BootstrapGUI] INFO ExtensionFactory - Installed add-ons: [[id=alertFilters, version=17.0.0], [id=ascanrules, version=56.0.0], [id=authhelper, version=0.9.0], [id=automation, version=0.30.0], [id=bruteforce, version=14.0.0], [id=callhome, version=0.7.0], [id=commonlib, version=1.15.0], [id=database, version=0.2.0], [id=diff, version=13.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=16.0.0], [id=encoder, version=1.2.0], [id=exim, version=0.6.0], [id=formhandler, version=6.4.0], [id=fuzz, version=13.10.0], [id=gettingStarted, version=15.0.0], [id=graaljs, version=0.4.0], [id=graphql, version=0.18.0], [id=help, version=16.0.0], [id=hud, version=0.17.0], [id=invoke, version=13.0.0], [id=network, version=0.10.0], [id=oast, version=0.16.0], [id=onlineMenu, version=11.0.0], [id=openapi, version=35.0.0], [id=pscanrules, version=50.0.0], [id=quickstart, version=38.0.0], [id=replacer, version=13.0.0], [id=reports, version=0.23.0], [id=requester, version=7.3.0], [id=retest, version=0.6.0], [id=retire, version=0.24.0], [id=reveal, version=6.0.0], [id=scripts, version=39.0.0], [id=selenium, version=15.13.0], [id=soap, version=18.0.0], [id=spider, version=0.5.0], [id=spiderAjax, version=23.15.0], [id=tips, version=11.0.0], [id=webdriverlinux, version=57.0.0], [id=websocket, version=29.0.0], [id=zest, version=39.0.0]]
2023-10-02 14:31:41,915 [ZAP-BootstrapGUI] INFO ExtensionFactory - Loading extensions
2023-10-02 14:31:42,421 [ZAP-BootstrapGUI] WARN ExtensionScript - No default JavaScript/ECMAScript engine found, some scripts might no longer work.
2023-10-02 14:31:43,409 [ZAP-BootstrapGUI] INFO TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
2023-10-02 14:31:44,261 [ZAP-BootstrapGUI] INFO ExtensionFactory - Extensions loaded
2023-10-02 14:31:45,938 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
2023-10-02 14:31:46,091 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Options Extension - Options Extension
2023-10-02 14:31:46,617 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
2023-10-02 14:31:46,633 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
2023-10-02 14:31:46,676 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing History Extension - History Extension
2023-10-02 14:31:47,083 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
2023-10-02 14:31:47,110 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
2023-10-02 14:31:47,294 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
2023-10-02 14:31:47,512 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
2023-10-02 14:31:47,714 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
2023-10-02 14:31:47,716 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
2023-10-02 14:31:47,721 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Authentication Request Identified
2023-10-02 14:31:47,726 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Session Management Response Identified
2023-10-02 14:31:47,733 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Verification Request Identified
2023-10-02 14:31:47,736 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
2023-10-02 14:31:47,739 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
2023-10-02 14:31:47,741 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
2023-10-02 14:31:47,744 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
2023-10-02 14:31:47,748 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
2023-10-02 14:31:47,751 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
2023-10-02 14:31:47,755 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: CSP
2023-10-02 14:31:47,758 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
2023-10-02 14:31:47,762 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
2023-10-02 14:31:47,770 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
2023-10-02 14:31:47,774 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
2023-10-02 14:31:47,787 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
2023-10-02 14:31:47,793 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
2023-10-02 14:31:47,803 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2023-10-02 14:31:47,817 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
2023-10-02 14:31:47,828 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
2023-10-02 14:31:47,835 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
2023-10-02 14:31:47,842 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
2023-10-02 14:31:47,849 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
2023-10-02 14:31:47,852 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
2023-10-02 14:31:47,859 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
2023-10-02 14:31:47,864 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
2023-10-02 14:31:47,871 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2023-10-02 14:31:47,879 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
2023-10-02 14:31:47,887 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
2023-10-02 14:31:47,895 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
2023-10-02 14:31:47,897 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
2023-10-02 14:31:47,904 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
2023-10-02 14:31:47,907 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
2023-10-02 14:31:47,914 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
2023-10-02 14:31:47,922 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
2023-10-02 14:31:47,927 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
2023-10-02 14:31:47,940 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
2023-10-02 14:31:47,945 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
2023-10-02 14:31:47,952 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
2023-10-02 14:31:47,956 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
2023-10-02 14:31:47,958 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
2023-10-02 14:31:47,964 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
2023-10-02 14:31:47,967 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
2023-10-02 14:31:47,975 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
2023-10-02 14:31:47,981 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Open Redirect
2023-10-02 14:31:47,989 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
2023-10-02 14:31:47,995 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Viewstate
2023-10-02 14:31:48,001 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
2023-10-02 14:31:48,008 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
2023-10-02 14:31:48,012 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
2023-10-02 14:31:48,021 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
2023-10-02 14:31:48,027 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
2023-10-02 14:31:48,036 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
2023-10-02 14:31:48,044 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js)
2023-10-02 14:31:48,052 [ZAP-BootstrapGUI] INFO ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
2023-10-02 14:31:48,146 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
2023-10-02 14:31:48,510 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2023-10-02 14:31:48,732 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
2023-10-02 14:31:48,773 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
2023-10-02 14:31:48,905 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
2023-10-02 14:31:48,918 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
2023-10-02 14:31:49,007 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
2023-10-02 14:31:49,045 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Authentication Extension - Authentication Extension
2023-10-02 14:31:49,107 [ZAP-BootstrapGUI] INFO ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
2023-10-02 14:31:49,124 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
2023-10-02 14:31:49,127 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Users Extension - Users Extension
2023-10-02 14:31:49,138 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
2023-10-02 14:31:49,176 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Script Extension - Script integration
2023-10-02 14:31:49,211 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
2023-10-02 14:31:49,865 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Forced User Extension - Forced User Extension
2023-10-02 14:31:49,879 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
2023-10-02 14:31:49,990 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
2023-10-02 14:31:50,522 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
2023-10-02 14:31:50,531 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
2023-10-02 14:31:50,553 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
2023-10-02 14:31:50,803 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Session Management Extension - Session Management Extension
2023-10-02 14:31:50,815 [ZAP-BootstrapGUI] INFO ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
2023-10-02 14:31:50,820 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
2023-10-02 14:31:50,848 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
2023-10-02 14:31:51,100 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
2023-10-02 14:31:51,107 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
2023-10-02 14:31:51,116 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Authorization Extension - Authorization Extension
2023-10-02 14:31:51,133 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Requester - Allows to manually edit and send messages.
2023-10-02 14:31:51,502 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
2023-10-02 14:31:51,731 [ZAP-BootstrapGUI] INFO AjaxSpiderParam - Updating configurations from v4 to v6
2023-10-02 14:31:51,742 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
2023-10-02 14:31:51,805 [ZAP-BootstrapGUI] INFO SeleniumOptions - Updating configurations from v2 to v3
2023-10-02 14:31:51,840 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
2023-10-02 14:31:51,852 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
2023-10-02 14:31:52,162 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
2023-10-02 14:31:52,172 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
2023-10-02 14:31:53,584 [ZAP-BootstrapGUI] INFO ConnectionOptions - Updating configurations from v2 to v3
2023-10-02 14:31:53,592 [ZAP-BootstrapGUI] INFO ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
2023-10-02 14:31:53,594 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
2023-10-02 14:31:53,795 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
2023-10-02 14:31:53,882 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
2023-10-02 14:31:53,931 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
2023-10-02 14:31:53,972 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
2023-10-02 14:31:54,002 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
2023-10-02 14:31:54,601 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2023-10-02 14:31:54,621 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
2023-10-02 14:31:54,641 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Statistics Extension - Statistics
2023-10-02 14:31:54,653 [ZAP-BootstrapGUI] INFO ExtensionStats - Start recording in memory stats
2023-10-02 14:31:54,658 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
2023-10-02 14:31:54,669 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
2023-10-02 14:31:54,686 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
2023-10-02 14:31:54,700 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
2023-10-02 14:31:54,705 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Authentication Helper - Authentication Helper
2023-10-02 14:31:54,725 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing AJAX Spider Browser Based Authentication Support - Enables browser based authentication when performing an authenticated AJAX Spider scan.
2023-10-02 14:31:54,736 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
2023-10-02 14:31:54,894 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Common Library - A library of shared functionality
2023-10-02 14:31:54,942 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
2023-10-02 14:31:55,117 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
2023-10-02 14:31:55,161 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
2023-10-02 14:31:55,184 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used for generated content (e.g. spiders, importers).
2023-10-02 14:31:55,301 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
2023-10-02 14:31:55,357 [ZAP-BootstrapGUI] INFO FuzzOptions - Updating configurations from v1 to v2
2023-10-02 14:31:55,376 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
2023-10-02 14:31:55,455 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
2023-10-02 14:31:55,459 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
2023-10-02 14:31:55,804 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
2023-10-02 14:31:55,845 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
2023-10-02 14:31:55,867 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Form Handler - GraphQL Form Handler Integration
2023-10-02 14:31:55,876 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing GraphQL Spider - GraphQL Spider Integration
2023-10-02 14:31:55,890 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
2023-10-02 14:31:56,296 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
2023-10-02 14:31:56,299 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
2023-10-02 14:31:56,409 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
2023-10-02 14:31:56,413 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
2023-10-02 14:31:56,425 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
2023-10-02 14:31:56,436 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
2023-10-02 14:31:56,444 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Form Handler - OpenAPI Form Handler Integration
2023-10-02 14:31:56,446 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing OpenAPI Spider - OpenAPI Spider Integration
2023-10-02 14:31:56,455 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
2023-10-02 14:31:56,457 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications
2023-10-02 14:31:56,648 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
2023-10-02 14:31:56,701 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
2023-10-02 14:31:56,704 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
2023-10-02 14:31:56,836 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Quick Start Spider Integration - Adds the option to use the traditional Spider in the Quick Start scan.
2023-10-02 14:31:56,843 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
2023-10-02 14:31:56,905 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
2023-10-02 14:31:56,924 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
2023-10-02 14:31:56,938 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
2023-10-02 14:31:56,953 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
2023-10-02 14:31:56,964 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
2023-10-02 14:31:56,976 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Form Handler - SOAP Form Handler Integration
2023-10-02 14:31:56,985 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing SOAP Spider - SOAP Spider Integration
2023-10-02 14:31:56,991 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site.
2023-10-02 14:31:57,198 [ZAP-BootstrapGUI] INFO SpiderParam - Updating configurations from v1 to v2
2023-10-02 14:31:57,204 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Automation - Spider Automation Integration
2023-10-02 14:31:57,238 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Spider Form Handler - Spider Form Handler Integration
2023-10-02 14:31:57,243 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
2023-10-02 14:31:57,256 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
2023-10-02 14:31:57,272 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
2023-10-02 14:31:57,274 [ZAP-BootstrapGUI] INFO ExtensionLoader - Initializing WebSocket Message Editor - Provides the WebSocket Message Editor dialogues.
2023-10-02 14:31:57,606 [ZAP-BootstrapGUI] WARN ExtensionImportWSDL - The Oracle Nashorn engine was not found, script variant will not be added.
2023-10-02 14:31:57,610 [ZAP-BootstrapGUI] INFO ExtensionKeyboard - Initializing keyboard shortcuts
2023-10-02 14:31:58,531 [ZAP-BootstrapGUI] INFO VersionPrinter - Flyway Community Edition 9.20.0 by Redgate
2023-10-02 14:31:58,536 [ZAP-BootstrapGUI] INFO VersionPrinter - See release notes here: https://rd.gt/416ObMi
2023-10-02 14:31:58,539 [ZAP-BootstrapGUI] INFO VersionPrinter -
2023-10-02 14:31:58,628 [ZAP-BootstrapGUI] INFO BaseDatabaseType - Database: jdbc:hsqldb:file:/home/killchain/.ZAP/db/permanent (HSQL Database Engine 2.7)
2023-10-02 14:31:58,672 [ZAP-BootstrapGUI] WARN Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.
2023-10-02 14:31:58,828 [ZAP-BootstrapGUI] INFO DbValidate - Successfully validated 1 migration (execution time 00:00.094s)
2023-10-02 14:31:58,887 [ZAP-BootstrapGUI] INFO DbMigrate - Current version of schema "PUBLIC": 1
2023-10-02 14:31:58,928 [ZAP-BootstrapGUI] INFO DbMigrate - Schema "PUBLIC" is up to date. No migration necessary.
2023-10-02 14:31:58,967 [ZAP-BootstrapGUI] INFO CallbackService - Started callback service on 0.0.0.0:45749
2023-10-02 14:32:06,533 [AWT-EventQueue-0] INFO Control - New Session
2023-10-02 14:32:06,555 [AWT-EventQueue-0] INFO Control - Create and Open Untitled Db
2023-10-02 16:29:09,153 [ZAP-PassiveScan-3] WARN PassiveScanTask - Passive Scan rule html_mailto took 21 seconds to scan https://duckduckgo.com/d.f5440947ec8fc57a050f.js application/x-javascript 451416
2023-10-02 16:29:10,101 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Timestamp Disclosure took 5 seconds to scan https://services.vlitag.com/adv1/?q=adf050ece17b957604b4bbfc1829059f application/javascript; charset=utf-8 587839
2023-10-02 16:29:19,357 [ZAP-PassiveScan-1] WARN PassiveScanTask - Passive Scan rule Timestamp Disclosure took 5 seconds to scan https://dsp.vlitag.com/js/v1/adtag.js application/javascript; charset=utf-8 104010
2023-10-02 16:29:28,786 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule html_mailto took 17 seconds to scan https://services.vlitag.com/adv1/?q=adf050ece17b957604b4bbfc1829059f application/javascript; charset=utf-8 587839
2023-10-02 16:29:29,924 [ZAP-PassiveScan-3] WARN PassiveScanTask - Passive Scan rule html_mailto took 8 seconds to scan https://assets.vlitag.com/prebid/default/prebid-7.48.0.js application/javascript 574475
2023-10-02 16:29:36,117 [ZAP-PassiveScan-4] WARN PassiveScanTask - Passive Scan rule html_mailto took 46 seconds to scan https://duckduckgo.com/g.89481267d81157d24b30.js application/x-javascript 1008170
2023-10-02 16:29:42,138 [ZAP-PassiveScan-1] WARN PassiveScanTask - Passive Scan rule Session Management Response Identified took 10 seconds to scan https://pastebin.com/ text/html; charset=UTF-8 0
2023-10-02 16:29:43,832 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Session Management Response Identified took 11 seconds to scan https://pastebin.com/hnqMn1gx text/html; charset=UTF-8 16167
2023-10-02 16:29:45,051 [ZAP-PassiveScan-3] WARN PassiveScanTask - Passive Scan rule Session Management Response Identified took 7 seconds to scan https://pastebin.com/site/check-last-posts?k=0&d=1 application/json; charset=UTF-8 2
Additional context
No response
Would you like to help fix this issue?
- Yes