[试图在网站上自动进行zap代理扫描。下面是我的流程
/JSON/core/action/newSession/?apikey=12345&name=NewSession&overwrite=true
)/JSON/context/action/newContext/?apikey=12345&contextName=NewContext
)/JSON/context/action/setContextRegexs/?apikey=12345&contextName=NewContext&incRegexs=[https://myowsapjuiceshop.herokuapp.com/*]&excRegexs=[^(?:(?!http.*://myowsapjuiceshop.herokuapp.com).*).$]
)添加包含和排除正则表达式URL模式/JSON/context/action/includeContextTechnologies/?apikey=12345&contextName=NewContext&technologyNames=Db.MySQL%2CLanguage.Java%2COS.Linux%2CWS.Tomcat
)/JSON/ascan/action/scan/?apikey=12345&url=&recurse=&inScopeOnly=&scanPolicyName=&method=&postData=&contextId=2
)// 2是正确的contextID/JSON/ascan/view/status/?apikey=12345&scanId=5
)// 5是我应该从步骤7获取的扫描ID(运行主动扫描响应)/JSON/alert/view/alerts/?apikey=12345&baseurl=&start=&count=&riskId=
)在第7步之前一切都很好,在第7步之前我仍然受阻。基于文档“针对给定的URL和/或上下文运行活动的扫描器...。”。我的理解是,我可以针对上下文运行主动扫描,并且在提到ContextId时,URL是可选的。
但是,当我按下api以使用正确的apikey和contextId /JSON/ascan/action/scan/?apikey=12345&url=&recurse=&inScopeOnly=&scanPolicyName=&method=&postData=&contextId=2
运行主动扫描时>
响应为{"code":"missing_parameter","message":"Missing Parameter"}
我在zap日志中低于错误
1581054 [ZAP-ProxyThread-65] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/ascan/action/scan/] from [127.0.0.1]: Missing Parameter (missing_parameter) : url at org.zaproxy.zap.extension.ascan.ActiveScanAPI.scanURL(ActiveScanAPI.java:874) at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiAction(ActiveScanAPI.java:369) at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:506) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:499) at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335) at java.lang.Thread.run(Thread.java:748)
我想对所有记录的与我在上下文中设置的正则表达式匹配的URL进行主动扫描。任何帮助将不胜感激。
[试图在网站上自动进行zap代理扫描。以下是我的流程Start Zap代理创建新会话(/ JSON / core / action / newSession /?apikey = 12345&name = NewSession&overwrite = true)创建新会话...
您是否已在上下文中定义任何URL?如果是这样,“网站”树中是否有那些URL?