/tags/hacking/ Recent content in Hacking on ZAP Hugo en-us Tue, 23 Jan 2024 00:00:00 +0000 /blog/2024-01-23-zap-contributor-license-agreement/ Tue, 23 Jan 2024 00:00:00 +0000 /blog/2024-01-23-zap-contributor-license-agreement/ We are introducing a Contributor License Agreement to cover all ZAP contributions. /blog/2023-08-25-community-tips-and-tricks/ Fri, 25 Aug 2023 00:00:00 +0000 /blog/2023-08-25-community-tips-and-tricks/ News about a community area to contribute ZAP usage tips and tricks. /blog/2022-09-13-zap-extender-scripts/ Tue, 13 Sep 2022 00:00:00 +0000 /blog/2022-09-13-zap-extender-scripts/ An overview of ZAP Extender scripts with examples. Use ZAP as a web server, subscribe to internal ZAP events, and more! /blog/2014-04-30-hacking-zap-4-active-scan-rules/ Wed, 30 Apr 2014 00:00:00 +0000 /blog/2014-04-30-hacking-zap-4-active-scan-rules/ <p>Welcome to a <a href="https://github.com/zaproxy/zaproxy/wiki/Development#hacking-zap">series of blog posts</a> aimed at helping you “hack the ZAP source code”.<br> The previous post in this series is: <a href="/blog/2014-04-03-hacking-zap-3-passive-scan-rules/">Hacking ZAP #3 - Passive scan rules</a></p> <p>Active scan rules are another relatively simple way to enhance ZAP. Active scan rules attack the server, and therefore are only run when explicitly invoked by the user. You should only use active scan rules against applications that you have permission to attack.<br> You can also write active scan rules dynamically using scripts, as we will see later in this series, but even then it&rsquo;s very useful to understand some of the concepts underlying classes available to you.</p> /blog/2014-04-03-hacking-zap-3-passive-scan-rules/ Thu, 03 Apr 2014 00:00:00 +0000 /blog/2014-04-03-hacking-zap-3-passive-scan-rules/ <p>Welcome to a <a href="https://github.com/zaproxy/zaproxy/wiki/Development#hacking-zap">series of blog posts</a> aimed at helping you “hack the ZAP source code”.<br> The previous post in this series is: <a href="/blog/2014-03-20-hacking-zap-2-getting-started/">Hacking ZAP #2 - Getting Started</a></p> <p>One of the easiest ways to enhance ZAP is to write new passive scan rules.<br> Passive scan rules are used to warn the user of potential vulnerabilities that can be detected passively - they are not allowed to make any new requests or manipulate the requests or responses in any way.<br> They typically run against all of the requests and responses that flow through ZAP.<br> Passive rules run in separate background thread so that they have as little effect on performance as possible.</p> /blog/2014-03-20-hacking-zap-2-getting-started/ Thu, 20 Mar 2014 00:00:00 +0000 /blog/2014-03-20-hacking-zap-2-getting-started/ <p>Welcome to a <a href="https://github.com/zaproxy/zaproxy/wiki/Development#hacking-zap">series of blog posts</a> aimed at helping you “hack the ZAP source code”.<br> The previous post in this series is: <a href="/blog/2014-03-10-hacking-zap-1-why-should-you/">Hacking ZAP #1 - Why should you?</a></p> <p>In order to change the ZAP source code you will need to set up a development environment.</p> <h2 id="requirements">Requirements <a class="header-link" href="#requirements"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>The following software is used/required to obtain and build ZAP (core) and the add-ons:</p> /blog/2014-03-10-hacking-zap-1-why-should-you/ Mon, 10 Mar 2014 00:00:00 +0000 /blog/2014-03-10-hacking-zap-1-why-should-you/ <p>Welcome to a <a href="https://github.com/zaproxy/zaproxy/wiki/Development#hacking-zap">series of blog posts</a> aimed at helping you “hack the ZAP source code”.</p> <p>ZAP is an open source tool for finding vulnerabilities in web applications. It is the <a href="https://www.openhub.net/orgs/OWASP">most active OWASP project</a> and is very community focused - it probably has more <a href="https://www.openhub.net/p/zaproxy/contributors/summary">contributors</a> than any other web application security tool. It is being <a href="https://www.openhub.net/p/zaproxy/commits/summary">continually enhanced</a> and, unusually for a security tool, has been translated into over <a href="https://crowdin.com/project/zaproxy">25 languages</a> thanks to over 70 translators.<br> This series is designed to help newcomers dive head-first into the ZAP source code. However for this first blog post I thought I’d take a step back and give some reasons why you might want to change the ZAP source code in the first place.</p>