DEV Community

Cover image for ZAP Add-Ons: The First Step
Nathan
Nathan

Posted on • Edited on

9 6

ZAP Add-Ons: The First Step

So How all begun?

I was asked to write a add-ons of the open-source's company Cherrybomb to ZAP proxy.
ZAP proxy is a web application security testing tool that helps identify vulnerabilities in web applications. It is a penetration testing tool that can be used to identify security issues in web applications.
To be honest,I am a Burp user and don't have a deep understanding about ZAP, secondly this is my first time that I contribute for a cyber security open source project written in JAVA.
But keep calm and let's building a blue print of this project.

Where to Start ?

First of all, I want to introduce briefly our open source tool.
CherryBomb is an API security CLI tool,that finds broken logic in your API and maps it.
Very Simple to use it, your put your HTTP logs, then CherryBomb will map, attack your API and finally give you the potential risky endpoints.
Overview of it:
Image description

Basically my goal is to collect the logs from ZAP then send them to a server trough an API KEY, then receive results and display it them into the ZAP dashboard.

First Step..

In order to begin we need to build a development environment.
Is it felt too overwhelming?
Sincerely it is not, thank to Simon the creator of ZAP for the good documentation, every step is detailed.
The link to the documentation: https://www.zaproxy.org/docs/developer/quick-start-build/.
After accomplished successfully the first step,prepare the ground before writing our first lines of codes.
Check this link https://www.zaproxy.org/docs/developer/creating-new-addon-in-zap-extensions it will help you a lot. After completed all these step, we should have all repositories and project looking like these. (I am using eclipse).

Image description

Now every things is ready we can begin to contribute..

Cherrybomb's github:https://github.com/blst-security/cherrybomb
ZAProxy's github:https://github.com/zaproxy
ZAP official website:https://www.zaproxy.org/

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay