zaproxy Flatpak version doesn't launch Firefox from Manual Explore

To Reproduce Steps to reproduce the behavior:

Install OWASP ZAP using the Flatpak procedure in a Linux machine with Firefox installed.
Go to Manual Explore.
Define an address.
Select "Firefox" and press "Launch Browser".

Expected behavior Firefox is launched with the defined URL

Screenshots If applicable, add screenshots to help explain your problem.

Software versions

ZAP: 2.9.0 (flatpak)
Add-on: None installed.
OS: Fedora 31, 64-bit.
Java: OpenJDK 11.0.6
Browser: Firefox 72.0.1.

Errors from the zap.log file This is what ZAP reports on button press:

233311 [ZAP-BrowserLauncher] ERROR org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch  - Cannot find firefox binary in PATH. Make sure firefox is installed. OS appears to be: LINUX
Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: 'Unknown', ip: 'Unknown', os.name: 'Linux', os.arch: 'amd64', os.version: '5.4.12-200.fc31.x86_64', java.version: '11.0.6'
Driver info: driver.version: FirefoxDriver
org.openqa.selenium.WebDriverException: Cannot find firefox binary in PATH. Make sure firefox is installed. OS appears to be: LINUX
Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: 'Unknown', ip: 'Unknown', os.name: 'Linux', os.arch: 'amd64', os.version: '5.4.12-200.fc31.x86_64', java.version: '11.0.6'
Driver info: driver.version: FirefoxDriver
	at org.openqa.selenium.firefox.FirefoxBinary.<init>(FirefoxBinary.java:100)
	at java.base/java.util.Optional.orElseGet(Optional.java:369)
	at org.openqa.selenium.firefox.FirefoxOptions.getBinary(FirefoxOptions.java:216)
	at org.openqa.selenium.firefox.FirefoxDriver.toExecutor(FirefoxDriver.java:187)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:147)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:778)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:700)
	at org.zaproxy.zap.extension.selenium.internal.BuiltInSingleWebDriverProvider.getWebDriver(BuiltInSingleWebDriverProvider.java:62)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:639)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:509)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowser(ExtensionSelenium.java:602)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:566)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:552)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:542)
	at org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch$2.run(ExtensionQuickStartLaunch.java:227)
	at java.base/java.lang.Thread.run(Thread.java:834)

Jan 23 '20 15:01 injcristianrojas

Cannot find firefox binary in PATH put Firefox in your $PATH?

Jan 23 '20 16:01 kingthorin

I know this doesnt work with snapcraft - this may be the same problem. If we cant get it to work then we should look at seeing if we can detect these environments and disable those options :/

Jan 23 '20 16:01 psiinon

@kingthorin My Firefox is global (/usr/bin/firefox) I also tried defining Firefox's location in Tools->Options...->Selenium, Binaries/Firefox section. This is the log output in this case:

41227 [ZAP-BrowserLauncher] ERROR org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch  - Specified firefox binary location does not exist or is not a real file: /usr/bin/firefox
java.lang.IllegalStateException: Specified firefox binary location does not exist or is not a real file: /usr/bin/firefox
	at com.google.common.base.Preconditions.checkState(Preconditions.java:504)
	at org.openqa.selenium.firefox.Executable.<init>(Executable.java:43)
	at org.openqa.selenium.firefox.FirefoxBinary.<init>(FirefoxBinary.java:123)
	at org.openqa.selenium.firefox.FirefoxOptions$Binary.asBinary(FirefoxOptions.java:420)
	at java.base/java.util.Optional.map(Optional.java:265)
	at org.openqa.selenium.firefox.FirefoxOptions.getBinaryOrNull(FirefoxOptions.java:220)
	at org.openqa.selenium.firefox.FirefoxOptions.getBinary(FirefoxOptions.java:216)
	at org.openqa.selenium.firefox.FirefoxDriver.toExecutor(FirefoxDriver.java:187)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:147)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:778)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:700)
	at org.zaproxy.zap.extension.selenium.internal.BuiltInSingleWebDriverProvider.getWebDriver(BuiltInSingleWebDriverProvider.java:62)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:639)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:509)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowser(ExtensionSelenium.java:602)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:566)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:552)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:542)
	at org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch$2.run(ExtensionQuickStartLaunch.java:227)
	at java.base/java.lang.Thread.run(Thread.java:834)

Jan 23 '20 18:01 injcristianrojas

If I'm reading the documentation correctly you would have to use /var/run/host/usr/bin/firefox.

@kurobeats ping, fyi and in case you can provide more info.

Jan 23 '20 22:01 thc202

Sorry for the massive delay all. I'm going to see if I can resolve this. My day to day involves using Zap and I've been proxying through the app manually but I want the convenience I used to have too.

Apr 08 '20 21:04 kurobeats

see https://github.com/flathub/org.zaproxy.ZAP/commit/7fabcd05fe41408d3199abf695476a3109ee51ba

Apr 08 '20 21:04 kurobeats

Thanks!

Apr 08 '20 23:04 thc202

Alrighty, permissions added and we are looking at a new error. Zaproxy/selenium this time? Relation to this? https://stackoverflow.com/a/49791342

71069 [AWT-EventQueue-0] INFO org.parosproxy.paros.network.SSLConnector  - ClientCert disabled
76065 [ZAP-BrowserLauncher] ERROR org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch  - Unable to find a matching set of capabilities
Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: 'compoota', ip: '10.1.1.111', os.name: 'Linux', os.arch: 'amd64', os.version: '5.5.15-200.fc31.x86_64', java.version: '11.0.7'
Driver info: driver.version: FirefoxDriver
remote stacktrace: 
org.openqa.selenium.SessionNotCreatedException: Unable to find a matching set of capabilities
Build info: version: 'unknown', revision: 'unknown', time: 'unknown'
System info: host: 'compoota', ip: '10.1.1.111', os.name: 'Linux', os.arch: 'amd64', os.version: '5.5.15-200.fc31.x86_64', java.version: '11.0.7'
Driver info: driver.version: FirefoxDriver
remote stacktrace: 
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at org.openqa.selenium.remote.W3CHandshakeResponse.lambda$errorHandler$0(W3CHandshakeResponse.java:62)
	at org.openqa.selenium.remote.HandshakeResponse.lambda$getResponseFunction$0(HandshakeResponse.java:30)
	at org.openqa.selenium.remote.ProtocolHandshake.lambda$createSession$0(ProtocolHandshake.java:126)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
	at java.base/java.util.Spliterators$ArraySpliterator.tryAdvance(Spliterators.java:958)
	at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127)
	at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543)
	at org.openqa.selenium.remote.ProtocolHandshake.createSession(ProtocolHandshake.java:128)
	at org.openqa.selenium.remote.ProtocolHandshake.createSession(ProtocolHandshake.java:74)
	at org.openqa.selenium.remote.HttpCommandExecutor.execute(HttpCommandExecutor.java:136)
	at org.openqa.selenium.remote.service.DriverCommandExecutor.execute(DriverCommandExecutor.java:83)
	at org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:552)
	at org.openqa.selenium.remote.RemoteWebDriver.startSession(RemoteWebDriver.java:213)
	at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:131)
	at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:147)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:866)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:786)
	at org.zaproxy.zap.extension.selenium.internal.BuiltInSingleWebDriverProvider.getWebDriver(BuiltInSingleWebDriverProvider.java:62)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriverImpl(ExtensionSelenium.java:685)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getWebDriver(ExtensionSelenium.java:553)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowser(ExtensionSelenium.java:646)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:610)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:596)
	at org.zaproxy.zap.extension.selenium.ExtensionSelenium.getProxiedBrowserByName(ExtensionSelenium.java:586)
	at org.zaproxy.zap.extension.quickstart.launch.ExtensionQuickStartLaunch$2.run(ExtensionQuickStartLaunch.java:240)
	at java.base/java.lang.Thread.run(Thread.java:834)

Apr 09 '20 08:04 kurobeats

This is also similar to the situation with docker and webswing. Maybe we should disable browser launch for the cases where we find it wont work? Or at least show prominent warnings?

Jun 10 '20 10:06 psiinon

I wonder following the release of https://github.com/tchx84/flatseal that we might be able to achieve this. I find there's no doco out there that states plainly, "to execute X you must set Y in the yml" but with Flatseal I can try and see what works. Will circle back on this if I find a solution.

Aug 08 '21 00:08 kurobeats

Hi @kurobeats did you ever manage to find a solution to this? I'm trying to use the ZAP flatpak with the Firefox flatpak atm. Currently poking around in the ZAP flatpak container to see if I can somehow do some symlink hacking to the container's PATH but not really getting anywhere.

Mar 27 '23 22:03 jpotts10

Still the same issue, can't run the browsers with manual explore

system fedora 40
browser tested
- chrome flatpak, chrome native, firefox native

Jun 23 '24 20:06 sigmaSd

It looks like flatpak-spawn might do what we need?

Aug 15 '25 08:08 psiinon