I'm trying to use zap proxy via Docker Pulled it down with:
docker pull owasp/zap2docker-stable
Ran it with the command described in "Accessing the API from outside of the Docker container" section:
docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0
But I don't seem to be able to be able to connect to it. When I run docker inspect <CONTAINER ID> | grep IPAddress I'm getting 172.17.0.2 (EDIT: I can a scan to run and it took me changing ZAP_SERVER_PROXY from 172.17.0.2:8090 to 0.0.0.0:8090 on Mac so editing that into code example below). So the start of my script looks like:
import os
import time
from pprint import pprint
from zapv2 import ZAPv2
BASE_URL = os.getenv('BASE_URL', 'https://example.appspot.com/')
ZAP_SERVER_PROXY = os.getenv('ZAP_SERVER_PROXY', '0.0.0.0:8090')
API_KEY = ''
zap = ZAPv2(
# apikey=API_KEY,
proxies={
'http': "http://%s" % ZAP_SERVER_PROXY,
'https': "https://%s" % ZAP_SERVER_PROXY
}
)
Just trying to run it through terminal using python right now and keep getting connection refused errors. Also I've tried it with the API_KEY parts commented out as well, does anyone know where you find that don't see it in the documentation.
Note: I'm on macos but running docker-machine ip default doesn't do anything, so not sure how to get at bottom of linked page and new to docker. Modeled the test after their own example. Running in a virtualenv -p python3 env not sure if that is effecting it.
Also, you will need to disable ip filtering - see here for details on how to do that, basically just use the following:
Be careful as it will allow connections from any ip to Zaproxy, which is fine while running it in isolated docker container.