Launch Firefox from app

Briefly describe your issue below:
While running OWASP-Zap, Firefox will not open from the app when clicking on Launch Browser. Is there a configuration I need to change for Firefox to launch from other applications.

What version of Parrot are you running? (include version (e.g. 4.6), edition(e.g. Home//KDE/OVA, etc.), and architecture (currently we only support amd64)
Version 4.8
Security Edition

What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)
Standard
Configured to multiboot with other systems? (yes / no)
No
If there are any similar issues or solutions, link to them below:
No
If there are any error messages or relevant logs, post them below:
No

1 Like

Just checked, I can reproduce the issue too,

Here is a similar issue (with log) : https://github.com/zaproxy/zaproxy/issues/5434

Version : 2.9.0 (I updated it)
zap.log was not generated.

Still same error as @2bluethumbs mentioned.

I tried it without sandbox, It launched firefox, but with a new profile. So maybe something to do with firefox profile?

Or something to do with geckodriver maybe?

@dmknght @RedRuby maybe you can look into it?

1 Like

nah let owasp fix their tool

1 Like

I updated the geckodriver to 0.26.0 without luck. I think dmknght has the right plan, but I hate waiting.

1 Like

I upgraded to zap 2.9.0. The firefox is opening for me under new profile. Zap is not running as root.

2 Likes

It seems like the error only persists on parrot. Ran zaproxy on backbox, launched and no errors. On Parrot I had to run it out of the sandbox for get it working

1 Like

If you run zap as root yeah firefox won’t run i believe. That is security feature. Trust me you don’t want any 0day RCE of Firefox or zap or exploit chain for both works under root permission.
IF you run as normal user, idk maybe it happens randomly (firejail problem)

1 Like

Yes.

I run all my pentesting tasks inside a VM, reset the state of it ones Im done, So I don’t really have to worry about my main system getting compromised.

It would be a bad day for me if one of those exploit were to be a VM escape, but that vector of attack on me would be a sophisticated attack and executing it with a good success rate, the chances are minimum to null for that (Of course, this is my scenario, Cannot speak on belalf of other users)

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.