Issues with BDD-Security

[arcust]

Hi,

I was running the bdd-security application against a web application, having a normal login and which is hosted in my local machine.
I am running with the inbuilt zap coming along with the framework.
Mine is a windows machine and so running the zap.bat file.
I tried to run the app-scan and authentication features alone,

I faced the following issues,

1. in the config.xml, by default the zap.sh file is given and no comment was given to take the .bat file instead.

2. the zap attached , is of version 2.5.0 and the latest version is 2.6.0 because of which I think ,am getting a net.continuumsecurity.proxy.ProxyException
   Caused by: org.zaproxy.clientapi.core.ClientApiException
   Caused by: java.net.ConnectException

3. When I tried to manually put a 2.6.0 version jar file in the zap folder,(also edited the zap.bat) I ended up having a number of errors as the below,

55786 [ZAP-ProxyThread-1] WARN org.zaproxy.zap.extension.api.API - ApiException while handling API request:
No Implementor (no_implementor)
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:321)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:429)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:290)
at java.lang.Thread.run(Thread.java:745)

Please help me resolve in the right way.

[stephendv1]

We have not tested BDD-Security on windows. You can certainly try to change zap.sh to zap.bat in config.xml and see if it works.
The built in ZAP is version 2.5.0 and is the only supported version. We are currently doing work to migrate to 2.6.0 - but since this has a modified API, it is not a simple upgrade. The built in 2.5.0 should work as expected.
When starting the framework, check in the output whether ZAP was able to start and listen on a port.