-
Notifications
You must be signed in to change notification settings - Fork 2
DevExtending
There are various ways you can extend ZAP, as documented below.
Note that this is just an overview, there are some basic working examples in the ZAP Extensions project which will be added to in the future.
If you have any questions then please ask them on the zaproxy-develop Google Group.
You can get ZAP to automatically tag requests and responses via:
Tools / Options... / Passive Scan / "Add / Edit scan definition"
You can invoke other applications from ZAP passing across the context information.
For more details see the Options Application screen in the User Guide.
You can add your own fuzzing files by via:
Tools / Options... / Fuzzer / Add custom Fuzz file
You can add your own forced browse files by via:
Tools / Options... / Forced Browse / Add custom Forced Browse file
The REST based API allows 'external' applications to access ZAP data and to invoke ZAP functionality.
Full API documentation is now available at https://www.zaproxy.org/docs/api/
Active Scan rules find potential vulnerabilities by attacking the target application.
New Active Scan rules should be added to ascanrulesAlpha add-on.
Active scan rules are loaded from the respective add-ons found in the plugin directory.
Passive Scan rules find potential vulnerabilities just by examining the requests and responses in a background thread. They should not make any changes.
New Passive Scan rules should be added to pscanrulesAlpha add-on package.
Passive scan rules are loaded from the respective add-ons found in the plugin directory.
Full extensions can add functionality to ZAP, including new tabs, pop windows, menu items etc.
For more details see ZAP Extensions