DEV Community

Cover image for ZAP Add-Ons: The First Step
Nathan
Nathan

Posted on • Edited on

9 6

ZAP Add-Ons: The First Step

So How all begun?

I was asked to write a add-ons of the open-source's company Cherrybomb to ZAP proxy.
ZAP proxy is a web application security testing tool that helps identify vulnerabilities in web applications. It is a penetration testing tool that can be used to identify security issues in web applications.
To be honest,I am a Burp user and don't have a deep understanding about ZAP, secondly this is my first time that I contribute for a cyber security open source project written in JAVA.
But keep calm and let's building a blue print of this project.

Where to Start ?

First of all, I want to introduce briefly our open source tool.
CherryBomb is an API security CLI tool,that finds broken logic in your API and maps it.
Very Simple to use it, your put your HTTP logs, then CherryBomb will map, attack your API and finally give you the potential risky endpoints.
Overview of it:
Image description

Basically my goal is to collect the logs from ZAP then send them to a server trough an API KEY, then receive results and display it them into the ZAP dashboard.

First Step..

In order to begin we need to build a development environment.
Is it felt too overwhelming?
Sincerely it is not, thank to Simon the creator of ZAP for the good documentation, every step is detailed.
The link to the documentation: https://www.zaproxy.org/docs/developer/quick-start-build/.
After accomplished successfully the first step,prepare the ground before writing our first lines of codes.
Check this link https://www.zaproxy.org/docs/developer/creating-new-addon-in-zap-extensions it will help you a lot. After completed all these step, we should have all repositories and project looking like these. (I am using eclipse).

Image description

Now every things is ready we can begin to contribute..

Cherrybomb's github:https://github.com/blst-security/cherrybomb
ZAProxy's github:https://github.com/zaproxy
ZAP official website:https://www.zaproxy.org/

Image of AssemblyAI

Automatic Speech Recognition with AssemblyAI

Experience near-human accuracy, low-latency performance, and advanced Speech AI capabilities with AssemblyAI's Speech-to-Text API. Sign up today and get $50 in API credit. No credit card required.

Try the API

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay