DEV Community

Cover image for ZAP Add-Ons: The First Step
Nathan
Nathan

Posted on • Edited on

ZAP Add-Ons: The First Step

So How all begun?

I was asked to write a add-ons of the open-source's company Cherrybomb to ZAP proxy.
ZAP proxy is a web application security testing tool that helps identify vulnerabilities in web applications. It is a penetration testing tool that can be used to identify security issues in web applications.
To be honest,I am a Burp user and don't have a deep understanding about ZAP, secondly this is my first time that I contribute for a cyber security open source project written in JAVA.
But keep calm and let's building a blue print of this project.

Where to Start ?

First of all, I want to introduce briefly our open source tool.
CherryBomb is an API security CLI tool,that finds broken logic in your API and maps it.
Very Simple to use it, your put your HTTP logs, then CherryBomb will map, attack your API and finally give you the potential risky endpoints.
Overview of it:
Image description

Basically my goal is to collect the logs from ZAP then send them to a server trough an API KEY, then receive results and display it them into the ZAP dashboard.

First Step..

In order to begin we need to build a development environment.
Is it felt too overwhelming?
Sincerely it is not, thank to Simon the creator of ZAP for the good documentation, every step is detailed.
The link to the documentation: https://www.zaproxy.org/docs/developer/quick-start-build/.
After accomplished successfully the first step,prepare the ground before writing our first lines of codes.
Check this link https://www.zaproxy.org/docs/developer/creating-new-addon-in-zap-extensions it will help you a lot. After completed all these step, we should have all repositories and project looking like these. (I am using eclipse).

Image description

Now every things is ready we can begin to contribute..

Cherrybomb's github:https://github.com/blst-security/cherrybomb
ZAProxy's github:https://github.com/zaproxy
ZAP official website:https://www.zaproxy.org/

Top comments (0)