How to Create a ZAP Addon/Extension
663 views
Skip to first unread message
ryerson...@gmail.com
Feb 4, 2016, 4:46:38 PM2/4/16
to OWASP ZAP User Group
kingthorin+owaspzap was nice enough to share some resources
Few resources:
- psiinon did a series of "Hacking ZAP" blog posts, you can just google search them.
- There is an example addon in the zap-extensions repo (Alpha branch). [https://github.com/zaproxy/zap-extensions/tree/alpha/src/org/zaproxy/zap/extension/simpleExample]
- There's a ZAP 2.1.0 era doc here that might help: https://www.owasp.org/images/3/37/GuidelineZAPExtensionsAddOns1.0.pdf
- https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md
- https://github.com/zaproxy/zaproxy/wiki/Contributing-Changes
So far i installed eclipse and imported the project. To compile and run zap, do i just 'Run As' application org.zaproxy.zap?
If the above is correct, i followed the guide by creating a new folder for the simple extension and refreshed eclipse, please see link
The folder path is correct according to the guide but is it correct in how eclipse is understanding it?
I ask because when i now do 'Run As' application org.zaproxy.zap? i do not have the extension at all, (as shown in the above linked guide by kingthorin)
FYI: Some links in the guide are dead links and should be updated to the git wiki :)
Thank you! Cheers, Goran.
kingthorin+owaspzap
Feb 4, 2016, 5:51:27 PM2/4/16
to OWASP ZAP User Group
Ok.
First to compile and run ZAP make sure you have the ZAP project selected, hit the run button when it asks about the "main" function then yes you want org.zaproxy.zap.zap (or something like that....I forget the exact string, but it's the most "ZAP'ish" one).
Second to compile and use your extension you'll need to build and deploy it via ant tasks. Find the build/build.xml in the branch you're working on, edit it adding a deploy-<add-on> task similar to the others that are there. (You should be able to copy the 3 lines and make a minor edit for your entry). Then right click on that task in the tree and "Run-as" Ant Task. Once that completes, then launch ZAP (as above), once ZAP is running hit ctrl+L to load an add-on and navigate to the build output directory ...such as c:\<wherever>\workspace-zap\zap-extensions_alpha\build\zap-exts....select your <newaddon>.zap to load your addon. Note you'll need to delete it from C:\Users\<your_user>\OWASP ZAP_D\plugin before launching ZAP again to load a new version (assuming a repeated write code, build, deploy workflow). (You can't load an addon that's already loaded...) or you'll have to enable unloading so that you can uninstall your addon, before loading a new version.
First to compile and run ZAP make sure you have the ZAP project selected, hit the run button when it asks about the "main" function then yes you want org.zaproxy.zap.zap (or something like that....I forget the exact string, but it's the most "ZAP'ish" one).
Second to compile and use your extension you'll need to build and deploy it via ant tasks. Find the build/build.xml in the branch you're working on, edit it adding a deploy-<add-on> task similar to the others that are there. (You should be able to copy the 3 lines and make a minor edit for your entry). Then right click on that task in the tree and "Run-as" Ant Task. Once that completes, then launch ZAP (as above), once ZAP is running hit ctrl+L to load an add-on and navigate to the build output directory ...such as c:\<wherever>\workspace-zap\zap-extensions_alpha\build\zap-exts....select your <newaddon>.zap to load your addon. Note you'll need to delete it from C:\Users\<your_user>\OWASP ZAP_D\plugin before launching ZAP again to load a new version (assuming a repeated write code, build, deploy workflow). (You can't load an addon that's already loaded...) or you'll have to enable unloading so that you can uninstall your addon, before loading a new version.
kingthorin+owaspzap
Feb 4, 2016, 5:57:03 PM2/4/16
to OWASP ZAP User Group
As for the guide it was written by a 3rd party and is somewhat out of date, I don't know if it'll be revived and reused (maintained)....I just thought it might help you along the way.
Here's one more thing that might help, which is fairly up-to-date:
https://github.com/zaproxy/zaproxy/wiki/Setting-up-and-developing-new-plugins (I believe this is still a work in progress, as far as additional content, but what's there is good and helpful ... sounds like you might be passed these steps but it's a good reference for anyone else that takes part in this thread or finds it later)
Here's one more thing that might help, which is fairly up-to-date:
https://github.com/zaproxy/zaproxy/wiki/Setting-up-and-developing-new-plugins (I believe this is still a work in progress, as far as additional content, but what's there is good and helpful ... sounds like you might be passed these steps but it's a good reference for anyone else that takes part in this thread or finds it later)
thc...@gmail.com
Feb 4, 2016, 7:28:42 PM2/4/16
to zaprox...@googlegroups.com
This discussion/topic is more appropriate for/in the dev mailing list ;)
zaproxy...@googlegroups.com
or
https://groups.google.com/group/zaproxy-develop
Best regards.
On 04/02/16 21:46, ryerson...@gmail.com wrote:
> kingthorin+owaspzap was nice enough to share some resources
>
> Few resources:
>
> * psiinon did a series of "Hacking ZAP" blog posts, you can just
> google search them.
> * There is an example addon in the zap-extensions repo (Alpha branch).
> [https://github.com/zaproxy/zap-extensions/tree/alpha/src/org/zaproxy/zap/extension/simpleExample]
> * There's a ZAP 2.1.0 era doc here that might help:
> https://www.owasp.org/images/3/37/GuidelineZAPExtensionsAddOns1.0.pdf
> * https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md
> * https://github.com/zaproxy/zaproxy/wiki/Contributing-Changes
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
zaproxy...@googlegroups.com
or
https://groups.google.com/group/zaproxy-develop
Best regards.
On 04/02/16 21:46, ryerson...@gmail.com wrote:
> kingthorin+owaspzap was nice enough to share some resources
>
> Few resources:
>
> google search them.
> * There is an example addon in the zap-extensions repo (Alpha branch).
> [https://github.com/zaproxy/zap-extensions/tree/alpha/src/org/zaproxy/zap/extension/simpleExample]
> * There's a ZAP 2.1.0 era doc here that might help:
> https://www.owasp.org/images/3/37/GuidelineZAPExtensionsAddOns1.0.pdf
> * https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md
> * https://github.com/zaproxy/zaproxy/wiki/Contributing-Changes
>
>
> So far i installed eclipse and imported the project. To compile and run
> zap, do i just 'Run As' application *org.zaproxy.zap*?
>
> So far i installed eclipse and imported the project. To compile and run
>
> If the above is correct, i followed the guide by creating a new folder
> for the simple extension and refreshed eclipse, please see link
>
> http://prntscr.com/9z3ftl
>
> The folder path is correct according to the guide but is it correct in
> how eclipse is understanding it?
>
> I ask because when i now do 'Run As' application *org.zaproxy.zap*? i do
> If the above is correct, i followed the guide by creating a new folder
> for the simple extension and refreshed eclipse, please see link
>
> http://prntscr.com/9z3ftl
>
> The folder path is correct according to the guide but is it correct in
> how eclipse is understanding it?
>
> not have the extension at all, (as shown in the above linked guide by
> kingthorin)
>
>
> FYI: Some links in the guide are dead links and should be updated to the
> git wiki :)
>
> Thank you! Cheers, Goran.
>
> --
> kingthorin)
>
>
> FYI: Some links in the guide are dead links and should be updated to the
> git wiki :)
>
> Thank you! Cheers, Goran.
>
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
ryerson...@gmail.com
Feb 5, 2016, 11:39:59 AM2/5/16
to OWASP ZAP User Group
Thank you both, ending the discussion here migrating to the other thread.
popo
Apr 17, 2018, 9:39:58 AM4/17/18
to OWASP ZAP User Group
Hi, where is the `<add-on>` tag here https://github.com/zaproxy/zaproxy/blob/develop/build/build.xml . is there have changes?
kingthorin+owaspzap
Apr 17, 2018, 8:07:23 PM4/17/18
to OWASP ZAP User Group
Add-ons are in the extensions repo.
Reply all
Reply to author
Forward
0 new messages