Revive ZAP with a Java Swap
Recently, I encountered persistent crashes while running ZAP 2.15 on macOS. The issue seemed to stem from the bundled Java version. After some debugging and testing, I found a solution by downgrading the bundled Java version in ZAP.
Here’s a detailed account of the process and the steps I took to resolve the issue.
The Problem
When I ran ZAP, it was forcibly terminated during the initial loading process. Then, an Apple Crash log was generated. The crash logs indicated issues related to the Java runtime environment. Here’s a snippet of the crash log:
Process: java [70259]
Path: /Applications/ZAP.app/Contents/PlugIns/jre-jdk-11.0.23+9-jre/Contents/Home/bin/java
Identifier: java
Version: ???
Code Type: ARM-64 (Native)
Parent Process: launchd [1]
....
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 AppKit 0x18a8ba4e4 _NSCarbonMenuCrashIfNeeded + 488
1 AppKit 0x18a8ba294 _NSGetCarbonMenu + 24
2 JavaRuntimeSupport 0x1f1e5dde8 -[JRSMenu installCarbonEventHandlers:] + 172
3 CoreFoundation 0x1865ea820 __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 148
4 CoreFoundation 0x18667e8ec ___CFXRegistrationPost_block_invoke + 88
5 CoreFoundation 0x18667e834 _CFXRegistrationPost + 440
....
Debug
ZAP Log Analysis
When I looked at the zap.sh file, there were no specific logs. However, the logs stop after the message indicating that an extension was loaded, and the crash occurs around this point.
[ZAP-BootstrapGUI] INFO ExtensionFactory - Loading extensions
[ZAP-BootstrapGUI] INFO TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
[ZAP-BootstrapGUI] INFO ExtensionFactory - Extensions loaded
.... ☠️
Will it crash if run from the CLI?
Yes, running ZAP with the CLI also results in a crash too.
./zap.sh
Found Java version 11.0.23
Available memory: 32768 MB
Using JVM args: -Xmx8192m
.... ☠️
The terminal displayed a Trace/BPT trap: 5 error when the crash occurred.
Will it crash if run with system Java?
ZAP on macOS runs using the bundled Java by default. So, I was curious whether it would run using the system Java instead. Therefore, I tested it, and the result was…
java -version
openjdk version "22.0.1" 2024-04-16
The crash continued even when using the system Java 😭
Process: java [73376]
Path: /Library/Java/JavaVirtualMachines/temurin-22.jdk/Contents/Home/bin/java
Identifier: java
Version: ???
Code Type: ARM-64 (Native)
Parent Process: zsh [96583]
Responsible: stable [84233]
Will it crash if run with daemon mode?
I wondered if it might be a GUI issue, so I decided to try running it in daemon mode.
./zasp.sh -daemon
# This worked fine
Running ZAP in daemon mode worked without issues!!
Is ZAP 2.14 okay?
Out of curiosity, I reinstalled version 2.14 and it ran smoothly. This led me to believe the issue might be related to differences between 2.14 and 2.15, possibly related to the GUI.
And it reminded me of a past issue.
Solution
Years ago, I resolved an other issue by swapping out some Java code, and that memory flashed through my mind as I examined the cause of this current issue. I decided to try the swap again, and it was successful.
Downgrading to ZAP 2.14 resolved the issue. This led me to suspect the Java version bundled with ZAP 2.15. Here’s a summary of the findings:
| - ZAP 2.14 with bundled Java | Works fine. |
|---|---|
| - ZAP 2.15 with ZAP 2.14’s Java | Works fine. |
| - ZAP 2.15 with its bundled Java | Fails. |
| - System Java with ZAP 2.15 | Fails. |
| - System Java with ZAP 2.14 | Fails. |
The ironic thing is that on my other Apple Silicon Mac, ZAP 2.15 works fine even with the bundled Java. It’s a mystery 😱
Now that I’ve figured out how to run version 2.15 properly, I can proceed with the Java swap. On MacOS, ZAP uses bundled Java first; if you look at zap.sh, you’ll see that you choose Java to run with regular expressions.
Using this approach, I adjusted it so that version 2.15 runs using the bundled Java from version 2.14.
Fix: Replace Java in ZAP 2.15
-
Install ZAP 2.14 and Copy its Java:
# Navigate to ZAP directory cd /Applications/ZAP.app/Contents/PlugIns # Backup ZAP 2.14's Java cp -R jre-jdk-11.0.20.1+1-jre/ ~ -
Re-Install ZAP(2.15) and Backup to 2.15’s Java:
# Workdir: /Applications/ZAP.app/Contents/PlugIns mv jre-jdk-11.0.23+9-jre/ backup_jre-jdk-11.0.23+9-jre/ -
Replace ZAP 2.15’s Java with ZAP 2.14’s Java:
# Workdir: /Applications/ZAP.app/Contents/PlugIns mv ~/jre-jdk-11.0.20.1+1-jre .
Now, ZAP 2.15 runs using the JRE (jre-jdk-11.0.20.1+1-jre) from version 2.14, and no errors occur.
Yea 🙌🏼
Conclusion
The issue with ZAP 2.15 crashing on macOS was actually because of the bundled Java version. Switching to the Java runtime from ZAP 2.14 fixed it perfectly in my setup. It seems like this wasn’t a common problem and might be specific to certain setups.
It’d be great if they could look into it in ZAP Core too, just my take on it.
This workaround lets you keep enjoying ZAP’s latest features without running into crashes. If you run into similar issues, try downgrading ZAP’s bundled Java or finding a compatible alternative :D