Renamed to httpbasics
This commit is contained in:
Àngel Ollé Blázquez
@ -0,0 +1,8 @@
|
||||
|
||||
Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the
|
||||
input and display it back to the user, illustrating the basics of handling an HTTP request.
|
||||
|
||||
== Try It!
|
||||
|
||||
Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the input
|
||||
and display it back to the user, illustrating the basics of handling an HTTP request.
|
||||
@ -0,0 +1,4 @@
|
||||
== The Quiz
|
||||
|
||||
What type of HTTP command did WebGoat use for this lesson. A POST or a GET.
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
= HTTP Basics
|
||||
|
||||
== Concept
|
||||
|
||||
This lesson presents the basics for understanding the transfer of data between the browser and the web application and how to trap a request/response with a HTTP proxy.
|
||||
|
||||
== Goals
|
||||
|
||||
The user should become familiar with the features of WebGoat by manipulating the above
|
||||
buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using
|
||||
link:https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project[OWASP Zed Attack Proxy] for the first time.
|
||||
|
||||
=== How HTTP works:
|
||||
|
||||
All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section and the entity body.
|
||||
|
||||
The client initiates a transaction as follows:
|
||||
|
||||
* The client contacts the server and sends a document request. A GET request can have url parameters and those parameters will be available in the web access logs.
|
||||
|
||||
** GET /index.html?param=value HTTP/1.0
|
||||
|
||||
* Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.
|
||||
|
||||
** User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
|
||||
|
||||
* In a POST request, the user supplied data will follow the optional headers and is not part of the contained within the POST URL.
|
||||
|
||||
86
src/main/resources/lessons/httpbasics/html/HttpBasics.html
Normal file
86
src/main/resources/lessons/httpbasics/html/HttpBasics.html
Normal file
@ -0,0 +1,86 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||
which you put in src/main/resources/lessonplans/{lang}/{fileName}.adoc -->
|
||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_plan.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<!-- reuse this block for each 'page' of content -->
|
||||
<!-- sample ascii doc content for second page -->
|
||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content1.adoc"></div>
|
||||
<!-- if including attack, reuse this section, leave classes in place -->
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/HttpBasics/attack1">
|
||||
<div id="lessonContent">
|
||||
<form accept-charset="UNKNOWN" method="POST" name="form"
|
||||
action="#attack/307/100">
|
||||
Enter Your Name: <input name="person" value="" type="TEXT"/><input
|
||||
name="SUBMIT" value="Go!" type="SUBMIT"/>
|
||||
</form>
|
||||
</div>
|
||||
</form>
|
||||
<!-- do not remove the two following div's, this is where your feedback/output will land -->
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||
<!-- include content here. Content will be presented via asciidocs files,
|
||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content2.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/HttpBasics/attack2">
|
||||
<script>
|
||||
// sample custom javascript in the recommended way ...
|
||||
// a namespace has been assigned for it, but you can roll your own if you prefer
|
||||
webgoat.customjs.assignRandomVal = function () {
|
||||
var x = Math.floor((Math.random() * 100) + 1);
|
||||
document.getElementById("magic_num").value = x;
|
||||
};
|
||||
webgoat.customjs.assignRandomVal();
|
||||
</script>
|
||||
<input type="hidden" name="magic_num" id="magic_num" value="foo" />
|
||||
<table>
|
||||
<tr>
|
||||
<td>Was the HTTP command a POST or a GET:</td>
|
||||
<td><input name="answer" value="" type="TEXT" /></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>What is the magic number:</td>
|
||||
<td><input name="magic_answer" value="" type="TEXT" /><input
|
||||
name="SUBMIT" value="Go!" type="SUBMIT" /></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<!-- do not remove the two following div's, this is where your feedback/output will land -->
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</html>
|
||||
@ -0,0 +1,16 @@
|
||||
http-basics.EnterYourName=Enter your Name
|
||||
http-basics.Go!=Go!
|
||||
1.http-basics.title=HTTP Basics
|
||||
|
||||
|
||||
http-basics.hints.http_basics_lesson.1=Type in your name and press 'go'
|
||||
http-basics.hints.http_basic_quiz.1=Turn on Show Parameters or other features
|
||||
http-basics.hints.http_basic_quiz.2=Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
|
||||
|
||||
|
||||
http-basics.empty=Try again, name cannot be empty.
|
||||
http-basics.reversed=The server has reversed your name: {0}
|
||||
|
||||
http-basics.close=Try again: but this time enter a value before hitting go.
|
||||
http-basics.incorrect=You are close, try again: the HTTP Command is incorrect.
|
||||
http-basics.magic=You are close, try again: the magic number is incorrect.
|
||||
@ -0,0 +1,2 @@
|
||||
EnterYourName=Geben Sie Ihren Namen ein
|
||||
Go!=Los gehts!
|
||||
@ -0,0 +1,2 @@
|
||||
EnterYourName=Entrez votre nom
|
||||
Go!=Go!
|
||||
@ -0,0 +1,16 @@
|
||||
http-basics.EnterYourName=Voer je naam in
|
||||
http-basics.Go!=Go!
|
||||
1.http-basics.title=HTTP Basics
|
||||
|
||||
|
||||
|
||||
http-basics.hints.http_basics_lesson.1=Type je naam in en druk op 'Go'
|
||||
http-basics.hints.http_basic_quiz.1=Schakel 'Toon paramaters of andere eigenschappen' in
|
||||
http-basics.hints.http_basic_quiz.2=Probeer het verzoek te onderscheppen met <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
|
||||
|
||||
|
||||
http-basics.reversed=De server heeft je naam omgedraaid: {0}
|
||||
|
||||
http-basics.close=Je bent er bijna, probeer nog eens: {0}
|
||||
http-basics.incorrect=het HTTP commando is niet correct.
|
||||
http-basics.magic=het magische getal is niet correct.
|
||||
@ -0,0 +1,2 @@
|
||||
EnterYourName=\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u0432\u0430\u0448\u0435 \u0438\u043c\u044f
|
||||
Go!=\u0412\u043f\u0435\u0440\u0451\u0434!
|
||||
Reference in New Issue
Block a user