Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java.lang.RuntimeException: No HTTP requests-responses recorded - in iriusrisk-cwe-693-clickjack #109

Open
AbhiAuto opened this issue Apr 28, 2021 · 0 comments
Open

java.lang.RuntimeException: No HTTP requests-responses recorded - in iriusrisk-cwe-693-clickjack #109

AbhiAuto opened this issue Apr 28, 2021 · 0 comments

Comments

@AbhiAuto
Copy link

Hi Team,

I am getting the below error while running the below scenario for a sample application. While debugging some time its working, but not always. Please let me know the solution to fix this.

@iriusrisk-cwe-693-clickjack
Scenario: Restrict other sites from placing it in an iframe in order to prevent ClickJacking attacks

[RemoteTestNG] detected TestNG version 6.14.3
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/D:/Repo/.m2/org/slf4j/slf4j-simple/1.7.10/slf4j-simple-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/D:/Repo/.m2/org/apache/logging/log4j/log4j-slf4j-impl/2.11.0/log4j-slf4j-impl-2.11.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/D:/Repo/.m2/org/slf4j/slf4j-nop/1.7.10/slf4j-nop-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
Starting ChromeDriver 89.0.4389.23 (61b08ee2c50024bab004e48d2b1b083cdbdac579-refs/branch-heads/4389@{#294}) on port 30224
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
Apr 28, 2021 10:55:06 AM org.openqa.selenium.remote.ProtocolHandshake createSession
INFO: Detected dialect: W3C
Apr 28, 2021 10:55:07 AM org.openqa.selenium.remote.DesiredCapabilities chrome
INFO: Using new ChromeOptions() is preferred to DesiredCapabilities.chrome()
Apr 28, 2021 10:55:07 AM net.continuumsecurity.scanner.ZapManager startZAP
INFO: Setting upstream proxy for ZAP to: 165.225.106.40:9400
Apr 28, 2021 10:55:07 AM net.continuumsecurity.scanner.ZapManager startZAP
INFO: Start ZAProxy [\src\main\resources\Security\ZAP_2.6.0\zap.bat] on port: 65508
Apr 28, 2021 10:55:08 AM net.continuumsecurity.scanner.ZapManager waitForSuccessfulConnectionToZap
INFO: Attempting to connect to ZAP API on: 127.0.0.1 port: 65508

\src\main\resources\Security\ZAP_2.6.0>if exist "OWASP ZAP.ZAP_JVM.properties" (set /p jvmopts= 0<"OWASP ZAP.ZAP_JVM.properties" ) else (set jvmopts=-Xmx512m )

\src\main\resources\Security\ZAP_2.6.0>java -Xmx512m -jar zap-2.6.0.jar -daemon -host 127.0.0.1 -port 65508 -dir tmp -config scanner.threadPerHost=20 -config spider.thread=10 -config api.key=zapapisecret -config connection.proxyChain.hostName=165.225.106.40 -config connection.proxyChain.port=9400 -config connection.proxyChain.enabled=true
0 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.6.0 started 28/04/21 10:55:09
29 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config scanner.threadPerHost = 20 was 20
29 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config spider.thread = 10 was 10
30 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.key = zapapisecret was zapapisecret
30 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config connection.proxyChain.hostName = 165.225.106.40 was 165.225.106.40
30 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config connection.proxyChain.port = 9400 was 9400
30 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config connection.proxyChain.enabled = true was true
31 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
31 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
45 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
54 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
236 [main] INFO hsqldb.db..ENGINE - open start - state not modified
383 [main] INFO hsqldb.db..ENGINE - dataFileCache open start
410 [main] INFO hsqldb.db..ENGINE - dataFileCache open end
448 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
912 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=alertFilters, fileVersion=4], [id=ascanrules, fileVersion=26], [id=ascanrulesAlpha, fileVersion=19], [id=ascanrulesBeta, fileVersion=21], [id=bruteforce, fileVersion=6], [id=coreLang, fileVersion=11], [id=diff, fileVersion=7], [id=directorylistv1, fileVersion=3], [id=fuzz, fileVersion=8, version=2.0.1], [id=gettingStarted, fileVersion=6], [id=help, fileVersion=7], [id=invoke, fileVersion=6], [id=jxbrowser, fileVersion=2], [id=jxbrowserlinux32, fileVersion=1], [id=jxbrowserlinux64, fileVersion=1], [id=jxbrowsermacos, fileVersion=1], [id=jxbrowserwindows, fileVersion=1], [id=onlineMenu, fileVersion=5], [id=pscanrules, fileVersion=19], [id=pscanrulesBeta, fileVersion=16], [id=quickstart, fileVersion=19], [id=replacer, fileVersion=2], [id=reveal, fileVersion=2], [id=saverawmessage, fileVersion=3], [id=scripts, fileVersion=18], [id=selenium, fileVersion=10, version=1.1.0], [id=spiderAjax, fileVersion=17], [id=sqliplugin, fileVersion=11], [id=tips, fileVersion=6], [id=webdriverlinux, fileVersion=2], [id=webdrivermacos, fileVersion=2], [id=webdriverwindows, fileVersion=2], [id=websocket, fileVersion=12], [id=zest, fileVersion=23]]
1132 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
1244 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince)
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter\get.xls
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter\post.xls
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter\message.txt
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern.
1245 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern.
1246 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern.
1246 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID
1409 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
1412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption
1412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit
1412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter
1412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
1431 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState
1431 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport
1431 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory
1432 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
1433 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
1433 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...
1434 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
1434 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
1474 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Informations in URL
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
1475 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
1476 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner
1485 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts
1485 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
1489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
1493 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
1493 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
1494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest
1494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
1494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
1494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
1495 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication
1503 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
1504 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
1514 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
1514 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement
1515 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
1516 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration
1521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
1521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser
1521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions
1522 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
1622 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff
1622 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView
1622 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement
1623 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]
1623 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView
1624 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
1626 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.
1626 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization
1626 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax
1627 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs
1627 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
1627 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
1627 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide
1627 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a URL suitable for calling from target sites
Apr 28, 2021 10:55:11 AM net.continuumsecurity.scanner.ZapManager waitForSuccessfulConnectionToZap
INFO: Attempting to connect to ZAP API on: 127.0.0.1 port: 65508
1846 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
1846 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView
1847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration
1848 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics
1848 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - alpha
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files
1849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionJxBrowser
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionJxBrowserLinux32
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtSelJxBrowserLinux32
1850 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionJxBrowserLinux64
1851 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtSelJxBrowserLinux64
1851 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionJxBrowserMaxOS
1851 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtSelJxBrowserMacOs
1851 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionJxBrowserWindows
1851 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtSelJxBrowserWindows
1856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links
1856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules
1856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta
1856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel
1857 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses
1857 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
1857 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
1858 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Helper extension for Advanced SQL Injection scanner.
1858 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks
1858 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.
1859 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - This ZAP installation is over a year old - its probably very out of date
1889 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback - Started callback server on 0.0.0.0:65511
1995 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 127.0.0.1:65508
Apr 28, 2021 10:55:11 AM net.continuumsecurity.scanner.ZapManager waitForSuccessfulConnectionToZap
INFO: Connected to ZAP
Starting ChromeDriver 89.0.4389.23 (61b08ee2c50024bab004e48d2b1b083cdbdac579-refs/branch-heads/4389@{#294}) on port 19296
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
Apr 28, 2021 10:55:13 AM org.openqa.selenium.remote.ProtocolHandshake createSession
INFO: Detected dialect: W3C
15074 [ZAP-ProxyThread-8] INFO org.parosproxy.paros.control.Control - Discard Session
16333 [ZAP-ProxyThread-8] INFO org.parosproxy.paros.control.Control - New Session
16333 [ZAP-ProxyThread-8] INFO org.parosproxy.paros.control.Control - Create and Open Untitled Db
16389 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - dataFileCache commit start
16410 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - dataFileCache commit end
16470 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - Database closed
16594 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - open start - state not modified
16655 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - dataFileCache open start
16677 [ZAP-ProxyThread-8] INFO hsqldb.db..ENGINE - dataFileCache open end
@http_headers
Feature: Security settings on HTTP headers
Verify that HTTP headers adequately protect data from attackers

Background: # Features/BDDSecurity/http_headers.feature:5
Given a new browser or client instance # WebApplicationSteps.createAppForAnyClient()
When the following URLs are visited and their HTTP responses recorded # WebApplicationSteps.accessSecureBaseUrlAndRecordHTTPResponse(String>)
java.lang.RuntimeException: No HTTP requests-responses recorded
at com.scripted.securitystepdefs.WebApplicationSteps.recordFirstHarEntry(WebApplicationSteps.java:521)
at com.scripted.securitystepdefs.WebApplicationSteps.accessSecureBaseUrlAndRecordHTTPResponse(WebApplicationSteps.java:559)
at ?.the following URLs are visited and their HTTP responses recorded(file:Features/BDDSecurity/http_headers.feature:7)

@http_headers @iriusrisk-cwe-693-clickjack
Scenario: Restrict other sites from placing it in an iframe in order to prevent ClickJacking attacks # Features/BDDSecurity/http_headers.feature:11
Then the X-Frame-Options header is either SAMEORIGIN or DENY # WebApplicationSteps.checkIfXFrameOptionsHeaderIsSet(String,String)
FAILED: runScenario("Restrict other sites from placing it in an iframe in order to prevent ClickJacking attacks", "Security settings on HTTP headers")
Runs Cucumber Scenarios
java.lang.RuntimeException: No HTTP requests-responses recorded
at com.scripted.securitystepdefs.WebApplicationSteps.recordFirstHarEntry(WebApplicationSteps.java:521)
at com.scripted.securitystepdefs.WebApplicationSteps.accessSecureBaseUrlAndRecordHTTPResponse(WebApplicationSteps.java:559)
at ?.the following URLs are visited and their HTTP responses recorded(file:Features/BDDSecurity/http_headers.feature:7)

===============================================
Default test
Tests run: 1, Failures: 1, Skips: 0

Apr 28, 2021 10:56:08 AM net.continuumsecurity.scanner.ZapManager stopZap
INFO: Stopping ZAP
60619 [Thread-5] INFO hsqldb.db..ENGINE - dataFileCache commit start
60667 [Thread-5] INFO hsqldb.db..ENGINE - dataFileCache commit end
60747 [Thread-5] INFO hsqldb.db..ENGINE - Database closed
60855 [Thread-5] INFO org.zaproxy.zap.extension.api.CoreAPI - OWASP ZAP 2.6.0 terminated.

===============================================
Default suite
Total tests run: 1, Failures: 1, Skips: 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AbhiAuto