Unable to Start active scan (ascan) on given context with Zap Proxy

Question

Was trying to automate zap proxy scan on website. Below is my flow

1. Start Zap proxy
2. Create new session (/JSON/core/action/newSession/?apikey=12345&name=NewSession&overwrite=true)
3. Create new Context (/JSON/context/action/newContext/?apikey=12345&contextName=NewContext)
4. Add include and exclude regex URL patterns to context ( /JSON/context/action/setContextRegexs/?apikey=12345&contextName=NewContext&incRegexs=[https://myowsapjuiceshop.herokuapp.com/*]&excRegexs=[^(?:(?!http.*://myowsapjuiceshop.herokuapp.com).*).$])
5. Add technologies to context (/JSON/context/action/includeContextTechnologies/?apikey=12345&contextName=NewContext&technologyNames=Db.MySQL%2CLanguage.Java%2COS.Linux%2CWS.Tomcat)
6. Run UI tests with proxy set
7. Run active scan (/JSON/ascan/action/scan/?apikey=12345&url=&recurse=&inScopeOnly=&scanPolicyName=&method=&postData=&contextId=2 ) // 2 is correct contextID
8. Wait for active scan to complete (/JSON/ascan/view/status/?apikey=12345&scanId=5 ) // 5 is scan ID that I should be getting from step 7 ( run active scan response)
9. Get Alerts json (/JSON/alert/view/alerts/?apikey=12345&baseurl=&start=&count=&riskId=)

Everything is fine till step 7 and Im stuck at step 7. Based on the documentation "Runs the active scanner against the given URL and/or Context....". I was of the understanding that I can run active scan against a context and URL is optional when ContextId is mentioned.

But, When I hit the api to run active scan with correct apikey and contextId /JSON/ascan/action/scan/?apikey=12345&url=&recurse=&inScopeOnly=&scanPolicyName=&method=&postData=&contextId=2

Response is {"code":"missing_parameter","message":"Missing Parameter"}

Im getting below error in zap logs

1581054 [ZAP-ProxyThread-65] WARN org.zaproxy.zap.extension.api.API  - Bad request to API endpoint [/JSON/ascan/action/scan/] from [127.0.0.1]:
Missing Parameter (missing_parameter) : url
    at org.zaproxy.zap.extension.ascan.ActiveScanAPI.scanURL(ActiveScanAPI.java:874)
    at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiAction(ActiveScanAPI.java:369)
    at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:506)
    at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:499)
    at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)
    at java.lang.Thread.run(Thread.java:748)

I want to run active ascan on all the URLs recorded which match include and exclude regex I have set on context. Any help would be greatly appreciated.

Answer 1

Have you defined any URLs in your context? If so, are any of those URLs in the Sites tree?