如何使用 Chrome webdriver 和 java 启动 OWASP ZAP 代理?
How to start OWASP ZAP proxy with Chrome webdriver and java?
我今天 (13-05-2020) 下载了一个新的 OWASP ZAP。我重新生成根 CA 证书。我将本地代理配置为 localhost:8092
在运行一个简单的java代码之后:
public static void main(String[] args) throws InterruptedException {
Proxy proxy = new Proxy();
proxy.setAutodetect(false);
proxy.setHttpProxy("localhost:8092");
proxy.setSslProxy("localhost:8092");
final OperatingSystem currentOperatingSystem = OperatingSystem.getCurrentOperatingSystem();
String pathWebdriver = String.format("src/test/resources/drivers/%s/googlechrome/%s/chromedriver%s", currentOperatingSystem.getOperatingSystemDir(),
SystemArchitecture.getCurrentSystemArchitecture().getSystemArchitectureName(), currentOperatingSystem.getSuffixBinary());
if (!new File(pathWebdriver).setExecutable(true)) {
logger.error("ERROR when change setExecutable on " + pathWebdriver);
}
System.setProperty("webdriver.chrome.driver", pathWebdriver);
final ChromeOptions chromeOptions = new ChromeOptions();
chromeOptions.addArguments("--ignore-certificate-errors");
chromeOptions.setCapability(CapabilityType.PROXY, proxy);
chromeOptions.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
chromeOptions.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);
WebDriver driver = new ChromeDriver(chromeOptions);
for (int i = 0; i < 6; i++) {
//driver.get("http://www.google.com/ncr");
// www.google.com work (OWASP ZAP list all requests) but not localhost
driver.get("http://localhost:8080/ui");
}
driver.quit();
}
Selenium 脚本 运行 好的,但 OWASP ZAP 不拦截任何请求。
您需要确保包含 SSL 代理详细信息(以及 HttpProxy 详细信息),例如:
proxy.setSslProxy("<proxy-host>:<proxy-port>");
,或更具体地说 proxy.setSslProxy("localhost:8092");
用于您的代码
为了能够在 Chrome 的现代版本中代理本地主机,您需要从代理旁路列表中删除环回,如下所示:
--proxy-bypass-list=<-loopback>
,或者在您的代码中明确:chromeOptions.addArguments("--proxy-bypass-list=<-loopback>");
您可能还想考虑添加:chromeOptions.addArguments("--ignore-certificate-errors");
我今天 (13-05-2020) 下载了一个新的 OWASP ZAP。我重新生成根 CA 证书。我将本地代理配置为 localhost:8092
在运行一个简单的java代码之后:
public static void main(String[] args) throws InterruptedException {
Proxy proxy = new Proxy();
proxy.setAutodetect(false);
proxy.setHttpProxy("localhost:8092");
proxy.setSslProxy("localhost:8092");
final OperatingSystem currentOperatingSystem = OperatingSystem.getCurrentOperatingSystem();
String pathWebdriver = String.format("src/test/resources/drivers/%s/googlechrome/%s/chromedriver%s", currentOperatingSystem.getOperatingSystemDir(),
SystemArchitecture.getCurrentSystemArchitecture().getSystemArchitectureName(), currentOperatingSystem.getSuffixBinary());
if (!new File(pathWebdriver).setExecutable(true)) {
logger.error("ERROR when change setExecutable on " + pathWebdriver);
}
System.setProperty("webdriver.chrome.driver", pathWebdriver);
final ChromeOptions chromeOptions = new ChromeOptions();
chromeOptions.addArguments("--ignore-certificate-errors");
chromeOptions.setCapability(CapabilityType.PROXY, proxy);
chromeOptions.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
chromeOptions.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);
WebDriver driver = new ChromeDriver(chromeOptions);
for (int i = 0; i < 6; i++) {
//driver.get("http://www.google.com/ncr");
// www.google.com work (OWASP ZAP list all requests) but not localhost
driver.get("http://localhost:8080/ui");
}
driver.quit();
}
Selenium 脚本 运行 好的,但 OWASP ZAP 不拦截任何请求。
您需要确保包含 SSL 代理详细信息(以及 HttpProxy 详细信息),例如:
proxy.setSslProxy("<proxy-host>:<proxy-port>");
,或更具体地说 proxy.setSslProxy("localhost:8092");
用于您的代码
为了能够在 Chrome 的现代版本中代理本地主机,您需要从代理旁路列表中删除环回,如下所示:
--proxy-bypass-list=<-loopback>
,或者在您的代码中明确:chromeOptions.addArguments("--proxy-bypass-list=<-loopback>");
您可能还想考虑添加:chromeOptions.addArguments("--ignore-certificate-errors");