Documentation
Your best resources are existing plugins (see plugins/ directory in your ZAP installation). The core developers have also build a set of four simple examples. When in doubt about the api, you can always look at the source code.
Maven support
Strangely, the api or any components of ZAP is not yet publish on Maven. A manual installation of the zap.jar can mitigate this problem.
mvn install:install-file -Dfile=%ZAP_DIR%/zap.jar -DgroupId=org.zaproxy -DartifactId=zaproxy -Dversion=2.2.2 -Dpackaging=jar
You can now add the ZAP dependency. Additional dependency might be needed depending on what your plugin need to access.
[...] org.zaproxy zaproxy 2.2.2 net.htmlparser.jericho jericho-html 3.1 provided
Debuging your plugin
Java supports remote debuging of application with the specification of few arguments to the java command.
From zap.sh or zap.bat
[...] java -Xmx512m -XX:PermSize=256M -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -jar zap.jar org.zaproxy.zap.ZAP %* [...]
This method avoid the needed to integrate the complete ZAP application to your development stack in order to debug your small addition.
Logging
Log4J is use by ZAP itself. Your plugin should use the same API to have a proper log aggregation.
If you execute the start script (zap.bat/zap.sh) from the command line, the log will be display to stdout. It is also possible to tail the main log in "$HOME/OWASP ZAP/zap.log".
Troubleshooting plugin installation/removal
Once installed, the plugin is copied in "$HOME/OWASP ZAP/plugin". If ZAP is unable to remove a plugin, you can manually remove the associate file.
Useful references
ZAP extensions : Google projects focusing on documenting the extensions available and providing developer documentation.
ZAP developer mailing-list : Probably the best place to ask questions related to ZAP plugin development.
Plugin examples : Simple examples for the four types of plugins.
No comments:
Post a Comment