Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HUD not updating percentage for Spider, Ajax Spider and Attack #1089

Open
1 task done
globeone opened this issue Mar 8, 2022 · 1 comment
Open
1 task done

HUD not updating percentage for Spider, Ajax Spider and Attack #1089

globeone opened this issue Mar 8, 2022 · 1 comment
Labels
bug

Comments

@globeone
Copy link

globeone commented Mar 8, 2022
edited by thc202
Loading

Describe the bug

When running a web security scan with the ZAP HUD I usually start with a Spider, then Ajax Spider then Attack. When clicking on the Spider button, in the HUD the percentage remains 0, even though the Java GUI is showing 100%

Steps to reproduce the behavior

Start a scan from Manual Explore
Click on the Spider icon in the hud
Wait a few minutes for it to complete
Observe the Java GUI is finished spidering 100%, but the HUD is still reporting 100%

repeat Ajax Spider
and again for Attack

Adjusted the Read Timeout as suggested in the log file but still the same behavior

Expected behavior

The HUD should show the actual percentage that is finished for the scan type selected

Software versions

OWASP ZAPD 2022-03-07
(would be nice if we could copy past the version number instead of having to type it over) ;-)

Screenshots

image

Errors from the zap.log file

2022-03-08 14:54:58,700 [ZAP-SpiderInitThread-0] INFO  SpiderThread - Starting spidering scan on https://{MYURL}/ at 2022-03-08T14:54:58.700+0100
2022-03-08 14:54:58,707 [ZAP-SpiderInitThread-0] INFO  Spider - Spider initializing...
2022-03-08 14:54:58,783 [ZAP-SpiderInitThread-0] INFO  Spider - Starting spider...
2022-03-08 14:54:59,168 [ZAP-SpiderThreadPool-0-thread-1] INFO  Spider - Spidering process is complete. Shutting down...
2022-03-08 14:54:59,180 [ZAP-SpiderShutdownThread-0] INFO  SpiderThread - Spider scanning complete: true on https://{MYURL}/ at 2022-03-08T14:54:59.180+0100
2022-03-08 14:55:27,908 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Wappalyzer Scanner (Tech Detection) took 21 seconds to scan https://{MYURL}themes/resurface-admincentral/styles.css?v=8.14.1 text/css;charset=UTF-8 718649
2022-03-08 14:55:31,016 [ZAP-IO-EventExecutor-3-7] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:55:34,093 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Application Error Disclosure took 6 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:55:45,605 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Information Disclosure - Suspicious Comments took 6 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:55:57,487 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Vulnerable JS Library took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:56:31,030 [ZAP-IO-EventExecutor-3-6] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:57:30,992 [ZAP-IO-EventExecutor-3-5] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:58:16,055 [ZAP-IO-EventExecutor-3-2] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:58:55,331 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Wappalyzer Scanner (Tech Detection) took 171 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:01,585 [ZAP-IO-EventExecutor-3-4] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:59:12,656 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Application Error Disclosure took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:24,877 [ZAP-PassiveScanner] WARN  PassiveScanThread - Passive Scan rule Information Disclosure - Suspicious Comments took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:46,816 [ZAP-IO-EventExecutor-3-6] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:00:46,855 [ZAP-IO-EventExecutor-3-2] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:01:46,777 [ZAP-IO-EventExecutor-3-4] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:02:46,809 [ZAP-IO-EventExecutor-3-5] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:03:46,888 [ZAP-IO-EventExecutor-3-5] WARN  HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.

Additional context

This bug entered the code around the D-2022-02-15 release.

Would you like to help fix this issue?

  • Yes
@globeone globeone added the bug label Mar 8, 2022
@thc202 thc202 transferred this issue from zaproxy/zaproxy Mar 8, 2022
@psiinon
Copy link
Member

psiinon commented Mar 10, 2022

So are you starting the spider(s) from the desktop GUI and looking at their progress in the HUD?
If so then I'm not too surprised that they are out of sync - if you want to see the progress in the HUD then start the spiders from the HUD.
I agree that it would be good it they were always in sync but tbh that has not been a priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@psiinon @globeone