Zaproxy: WAFP Extension not working

Created on 24 Feb 2017 · 3Comments · Source: zaproxy/zaproxy

Steps to reproduce the issue:

Run ZAP with WAFP Extension add-on;
Select Tools > Fingerprinting tools;
Add the target URL and press Fingerprint;
Note that nothing happens, in the console output there's;

java.lang.NoClassDefFoundError: org/json/simple/parser/ParseException
    at org.zaproxy.zap.extension.cmss.FastFingerprinter.filterResults(FastFingerprinter.java:310)
    at org.zaproxy.zap.extension.cmss.FingerPrintingThread.run(FingerPrintingThread.java:21)
Caused by: java.lang.ClassNotFoundException
    at org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:214)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    ... 2 more

add-on bug

Source

thc202

Most helpful comment

I propose that we simply remove/retire this add-on. It's code will live on in the repo history. Wappalyzer has been implemented and kept up-to-date as it's own add-on. At least some of the finger printing employed by CMSS/WAFP is hard coded and unmaintained (and maintenance unfriendly).