Computers, Programming, Technology, Music, Literature

Downloading and Building OWASP ZAP source from Github using Eclipse IDE

with one comment

 

Download this blog as PDF – https://renouncedthoughts.files.wordpress.com/2015/07/downloading-and-building-owasp-zap-source-from-github-using-eclipse-ide1.pdf 

 

This is a quick and dirty blog for those that are new to Eclipse IDE and want to try tweaking the OWASP Zed Attack Proxy’s code. I must say that that you might stumble upon this well written guide titled “Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers” here -  http://www.taddong.com/docs/Building_ZAP_with_Eclipse_v3.0.pdf . First time I was trying to build ZAP with Eclipse this guide was my complete reference. However, OWASP ZAP’s code was recently move to GitHub in the month of May-June 2015 rendering that guide obsolete and my OWASP ZAP Eclipse workspace – connected to google code SVN – a little defunct. Raul Siles, the author of the above guide would update it for changes with respect to the GitHub move.

Recently I was trying to download OWASP ZAP’s code from GitHub and build it because the existing code from SVN (google code) went obsolete. I am not an advanced Eclipse user or Java developer and I was a little lost trying to clone the new OWASP ZAP GitHub repo to my Eclipse. As I was trying, I took screenshots and ended up posted in this blog. Remember, this blog is not a step by step instruction, but it is a quick and dirty steps (5 major steps) to get OWASP ZAP’s code running in your Eclipse IDE.

Glimpse through the articles titled

  1. Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers
  2. Building ZAP (https://github.com/zaproxy/zaproxy/wiki/Building),
  3. Downloading and Building OWASP ZAP source from Github using Eclipse IDE (this article)

and I am sure you’d get ZAP running on your Eclipse IDE.

1

Download Eclipse

…  from https://eclipse.org/downloads/. If you are confused which edition to download, pick the Eclipse IDE for Java Developers

image

 

When you open Eclipse for the first time choose the default workspace and proceed. If you’d like create a workspace such as workspaceowaspzap like I did. Refer to Raul Siles guide for workspace screenshots.

Make sure you have EGit plugin installed. If you are a prime time command liner with Git you may not need this plugin.

If you have downloaded Eclipse from Eclipse for Java Developers, then please ensure in the Eclipse Installation Details you have the below three components highlighted

  1. Eclipse Git Team Provider
  2. Java Implementation of Git
  3. Mylyn Versions Connector: Git

At the time of this writing Eclipse IDE for Java Developers comes with all required plugins to work with Git ( and hence GitHub)

image

2

Add a Git Perspective

… to view Git Repositories and stuff..bla bla

Hit the Open Perspective button at the right top corner 

image

Choose Git at the Open Perspective Dialog

image

Hit OK to view the Git Repositories view.

image

Tip: From time to time you could hit the Java perspective to view the Java related tools and views, you could hit the Git perspective to view your Git Repositories.

image

 

If you look at the workspace that we choose when opening Eclipse, in Windows Explorer now it just has one folder named .metadata. Time to download the code from https://github.com/zaproxy 

 

image

3

Downloading the OWASP ZAP’s code

Choose File –> Import

image

Select Team –> Team Project Set. Hit Next.

image

In the Team Project Set Dialog, Input the Url –
https://raw.githubusercontent.com/zaproxy/zap-admin/master/ZAP-projectSet.psf 
and hit Finish.

image

Tip: Always refer to the recent project set Url available at https://github.com/zaproxy/zaproxy/wiki/Building

image

 

4

Wait for the ZAP projects to be downloaded and built

Watch the progress as the Git Repositories view would show projects as and when they are downloaded

image

Once all the ZAP projects are downloaded, your workspace the Git Repositories view should look like below. The approximate size of the workspace with all the ZAP coded summed up to 2.27 GB for me (on July 4 2015).

image

5

Run ZAP’s source and start playing (and contributing)

Switch to the Java perspective

image

In the Package Explorer, right click zaproxy and choose Run As –> Java Application

image

Eclipse would search for the Main types. In the Select Java Application dialog choose ZAP and hit OK

image

Witness the Console Logs

image

Start ZAPping

image

 

Tip: You can also start ZAP by hitting the play button in Eclipse

image

If you encounter any problems, try fixing it yourself first – spend a day or two Winking smile, as a last resort – post at the ZAP Developer group here – https://groups.google.com/forum/#!forum/zaproxy-develop

Advertisements

Written by gmaran23

July 5, 2015 at 1:25 pm

One Response

Subscribe to comments with RSS.

  1. Thanks for this nice article. I am able to run the ZAP.java. Also, Can you point some example which actually use the zap source code methods to runs the scan and outputs the result

    vamsi

    October 20, 2016 at 3:04 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: