我使用ZAP软件我的系统上配置了CentOS的7安全性测试。这个问题是软件的URL不能攻击,并具有以下错误 -
19713 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Spider initializing...
19740 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider...
43779 [ZAP-SpiderThreadPool-0-thread-1] INFO
org.zaproxy.zap.spider.Spider - Spidering process is complete.
Shutting down...
43780 [ZAP-SpiderShutdownThread-0] INFO
org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning
complete: true
46259 [ZAP-QuickStart-AttackThread] ERROR
org.zaproxy.zap.ZAP$UncaughtExceptionLogger - Exception in
thread "ZAP-QuickStart-AttackThread"
java.lang.NoClassDefFoundError: javax/xml/soap/SOAPException
at java.base/java.lang.Class.getDeclaredConstructors0(Native
Method)
at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3138)
at java.base/java.lang.Class.getConstructor0(Class.java:3343)
at java.base/java.lang.Class.getConstructor(Class.java:2152)
at org.zaproxy.zap.control.AddOnLoaderUtils.loadAndInstantiateClassImpl(AddOnLoaderUtils.java:111)
at org.zaproxy.zap.control.AddOnLoaderUtils.loadDeclaredClasses(AddOnLoaderUtils.java:151)
at org.zaproxy.zap.control.AddOnLoaderUtils.getActiveScanRules(AddOnLoaderUtils.java:177)
at org.zaproxy.zap.control.AddOnLoader.getActiveScanRules(AddOnLoader.java:791)
at org.parosproxy.paros.core.scanner.PluginFactory.initPlugins(PluginFactory.java:100)
at org.parosproxy.paros.core.scanner.PluginFactory.getLoadedPlugins(PluginFactory.java:132)
at org.parosproxy.paros.core.scanner.PluginFactory.loadAllPlugin(PluginFactory.java:398)
at org.zaproxy.zap.extension.ascan.ScanPolicy.<init>(ScanPolicy.java:31)
at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:142)
at org.zaproxy.zap.extension.ascan.PolicyManager.loadPolicy(PolicyManager.java:129)
at org.zaproxy.zap.extension.ascan.PolicyManager.getDefaultScanPolicy(PolicyManager.java:205)
at org.zaproxy.zap.extension.ascan.ActiveScanController.startScan(ActiveScanController.java:161)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:273)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:238)
at org.zaproxy.zap.extension.ascan.ExtensionActiveScan.startScan(ExtensionActiveScan.java:234)
at org.zaproxy.zap.extension.quickstart.AttackThread.run(AttackThread.java:143)
Caused by: java.lang.ClassNotFoundException
at org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:256)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 20 more
这一点已经在ZAP用户组https://groups.google.com/forum/m/#!topic/zaproxy-users/OpEBt72gA7w解决
原来的海报是用Java 11.从Java 9中引入的各种变化影响Java的SOAP类的位置。 ZAP目前主要的Java 8。
选项:
这是一个正在被跟踪以及对工作的已知问题:https://github.com/zaproxy/zaproxy/issues/4037