-
Notifications
You must be signed in to change notification settings - Fork 1
AddOnStructure
Add-ons allow you to dynamically add functionality to ZAP.
They can contain:
- Extensions, ie code that includes a class which extends Extension.java
- Active scan rules, which extend AbstractPlugin.java
- Passive scan rules, which extend PluginPassiveScanner.java
- Home files, files to be deployed to ZAP home directory;
- JavaHelp
- Dependencies
Add-ons have a standard naming convention:
- id-status-version.zap
Where
- id is the ID of the add-on, usually the last element of the add-on package name
- status is one of "alpha", "beta", "release"
- version is the version of the add-on, an integer which increments on each release or a semantic version
Add-ons are jar (zip) files and must contain a file called ZapAddOn.xml at the top level.
This file defines the contents of the add-on and is used by ZAP to dynamically load and unload it.
The (typical) add-on directory layout is:
.
├── CHANGELOG.md
├── <addOnId>.gradle.kts
└── src
├── main
│ ├── java
│ ├── javahelp
│ ├── resources
│ └── zapHomeFiles
└── test
├── java
└── resources
-
CHANGELOG.md
- the changelog of the add-on; -
<addOnId>.gradle.kts
- Gradle build file of the add-on, with the project and add-on configuration (e.g. manifest, dependencies); -
main/java
- main (Java) source code of the add-on; -
main/javahelp
- add-on help, in JavaHelp format, default language (English) and translations; -
main/resources
- main resources (e.g. images/icons, Messages.properties); -
main/zapHomeFiles
- files to be deployed to ZAP home directory; -
test/java
- test (Java) source code; -
test/resources
- test resources.
While the example shows just the directories for Java source code it's possible to use other JVM languages (e.g. Groovy, Kotlin).
These files will be installed in the right places in the same directory structure under the user's ZAP home directory.
See the fuzzdb add-on for a good example.
The following steps are required to add a new add-on to the project:
- Add the ID of the add-on to
addOns
list insettings.gradle.kts
; - Create the add-on directory under
addOns
directory and add its build file.
You can then just use the Gradle task copyZapAddOn
build and copy the add-on to the 'zaproxy' project.
You can also just use the assemble
task and then manually import the add-on into ZAP using the "File/Load Add-on file..." menu option, for example if you want to test the add-on with a version of ZAP that you have not built yourself. The add-on will be under the build/zapAddOn/bin/
directory.
- Introduction
-
2.0 Add-ons
- Add-ons: Release
- Add-ons: Beta
-
Add-ons: Alpha
- Active Scan Rules - alpha
- Access Control Testing
- All In One Notes
- Authentication Statistics
- Browser View
- Bug Tracker
- Code Dx
- Community Scripts
- Custom Payloads
- Custom Report
- DOM XSS Active Scan Rule
- Export Report
- Form Handler
- Groovy Scripting
- HTTPS Info Add-on
- Open API Specification Support
- Passive Scan Rules - alpha
- Replacer
- Revisit
- Server-Sent Events
- Sequence Scanner
- Simple Example
- SOAP Scanner
- SNI Terminator
- Technology Detection
- TLS Debug
- Add-on Development
- Add-on Structure
- Add-on Debugging
- Examples
- Upgrade
- Code Structure
- 1.4 Add-ons
(This is work in progress;)