Unable to trigger Active Scan using Context Id

25 views
Skip to first unread message

Sweta N

unread,
Sep 22, 2021, 9:28:48 AM9/22/21
to OWASP ZAP User Group
The target application that i am tetsing via ZAP consist of 2 different domains as below:

But I receive below error, which mentions url_not_found. Which means url is required. I have 2 questions:
1. As per the documentation, url is not a mandatory field and hence it should trigger an ascan with contextID. If I supply the URL, only one domain would be tested.
2. How do I achieve the use case, of triggering an active scan for the 2 domains which is part f my application in one go?

Regards,
Sweta M



ZAP Context.jpg

kingthorin+owaspzap

unread,
Sep 22, 2021, 1:30:04 PM9/22/21
to OWASP ZAP User Group
1) For regex wildcard you need period asterisk not just asterisk on it's own.
2) You will need to have accessed some URL which is in context/scope in order for ZAP to scan or spider something.
3) Scanning without spidering or otherwise populating the Site's Tree (whether you're using the GUI or not), is kind of pointless.

Sweta N

unread,
Sep 22, 2021, 8:56:43 PM9/22/21
to zaprox...@googlegroups.com
I have proxied zap via selenium, hence both the URLs are being intercepted by zap when test suite executes.

Then I want to import context and set scope so that when I trigger spider and ascan, I am able to scan against the context to include both domains in one go.

Regards,
Sweta 

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/2bb638dd-f673-4b3b-b6b6-662efb9f18cdn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages