-
-
Notifications
You must be signed in to change notification settings - Fork 705
AddOnStructure
Add-ons allow you to dynamically add functionality to ZAP.
They can contain:
- Extensions, ie code that includes a class which extends Extension.java
- Active scan rules, which extend AbstractPlugin.java
- Passive scan rules, which extend PluginPassiveScanner.java
- Home files, files to be deployed to ZAP home directory;
- JavaHelp
- Dependencies
Add-ons have a standard naming convention:
- id-status-version.zap
Where
- id is the ID of the add-on, usually the last element of the add-on package name
- status is one of "alpha", "beta", "release"
- version is the version of the add-on, an integer which increments on each release or a semantic version
Add-ons are jar (zip) files and must contain a file called ZapAddOn.xml at the top level.
This file defines the contents of the add-on and is used by ZAP to dynamically load and unload it.
The (typical) add-on directory layout is:
.
├── CHANGELOG.md
├── <addOnId>.gradle.kts
└── src
├── main
│ ├── java
│ ├── javahelp
│ ├── resources
│ └── zapHomeFiles
└── test
├── java
└── resources
-
CHANGELOG.md- the changelog of the add-on; -
<addOnId>.gradle.kts- Gradle build file of the add-on, with the project and add-on configuration (e.g. manifest, dependencies); -
main/java- main (Java) source code of the add-on; -
main/javahelp- add-on help, in JavaHelp format, default language (English) and translations; -
main/resources- main resources (e.g. images/icons, Messages.properties); -
main/zapHomeFiles- files to be deployed to ZAP home directory; -
test/java- test (Java) source code; -
test/resources- test resources.
While the example shows just the directories for Java source code it's possible to use other JVM languages (e.g. Groovy, Kotlin).
These files will be installed in the right places in the same directory structure under the user's ZAP home directory.
See the fuzzdb add-on for a good example.
The following steps are required to add a new add-on to the project:
- Add the ID of the add-on to
addOnslist insettings.gradle.kts; - Create the add-on directory under
addOnsdirectory and add its build file.
You can then just use the Gradle task copyZapAddOn build and copy the add-on to the 'zaproxy' project.
You can also just use the assemble task and then manually import the add-on into ZAP using the "File/Load Add-on file..." menu option, for example if you want to test the add-on with a version of ZAP that you have not built yourself. The add-on will be under the build/zapAddOn/bin/ directory.