Security/Mentorships/MWoS/2014/OWASP ZAP Scripted Add-ons

< Security‎ | Mentorships‎ | MWoS‎ | 2014
WinterOfSecurity logo light horizontal.png




Hailing from New Delhi,India; this team of four girls believes in the 3Ps of success. Patience,Passion and Perseverance.


  • Sarah Khan
  • Sultana Mumtaz
  • Farheen Nilofer
  • Sarah Masud
  • Professor: Dr. Tanvir Ahmad
  • Mozilla Advisor: Simon Bennetts



ZAP supports all JSR223 scripting languages, but only for a limited number of purposes. This development would allow 'full add ons ' to be written in any JSR223 languages.


Success Criteria



  • Team presentation
  • Project introduction: OWASP ZAP: Scripted Add-ons
  • Set deadline: 18/1/2015
  • Schedule meetings:26/08/2014
  • Plan for the next week:


  • current work

Brushing up java skills Trying to work and understand script add on already present in ZAP

  • blocking points
  • discussion points
  • upcoming work

Compile and run a simple add on which would form the base of ZAP add on extension. Study the area of source code implementing script add on. Run Bodge It and test various kinds of vulnerabilities through ZAP.


  • We successfully wrote a javascript for adding a menu item through the scripting console of java with the help of our mentor.
  • Now, our main aim is to make permanent the changes which we bring through writing scripts on script console. For that we would try to gain access to an object of ExtensionHook and try to make changes though that object


  • We are trying to write javascript to add a menu item to the console which we would then try to pass through

AddOnLoader and ExtensionHook so that the menu item added need not be again and again entered through scripting .

  • We are working on summarizing the needed classes.