Added second assignment for chrome developer tools.
This commit is contained in:
Tobias_Melzer
committed by
Nanne Baars
Nanne Baars
parent
6cf3740c04
commit
09baecb3e9
@ -0,0 +1,22 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@AssignmentPath("/ChromeDevTools/dummy")
|
||||
public class NetworkDummy extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String network_num) throws IOException {
|
||||
return trackProgress(failed().feedback("network.request").build());
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,26 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@AssignmentPath("/ChromeDevTools/network")
|
||||
public class NetworkLesson extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String network_num, @RequestParam String number) throws IOException {
|
||||
if(network_num.equals(number)) {
|
||||
return trackProgress(success().feedback("network.success").build());
|
||||
} else {
|
||||
return trackProgress(failed().feedback("network.failed").build());
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -34,4 +34,87 @@
|
||||
<div class="adoc-content" th:replace="doc:ChromeDevTools_sources.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||
<!-- include content here. Content will be presented via asciidocs files,
|
||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||
<div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment_Network.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/ChromeDevTools/dummy"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
<script>
|
||||
// sample custom javascript in the recommended way ...
|
||||
// a namespace has been assigned for it, but you can roll your own if you prefer
|
||||
document.getElementById("btn").addEventListener("click", function() {
|
||||
document.getElementById("networkNum").value = Math.random() * 100;
|
||||
document.getElementById("networkNumCopy").value = document.getElementById("networkNum").value;
|
||||
});
|
||||
</script>
|
||||
<input type="hidden" name="network_num" id="networkNum" value="foo" />
|
||||
<table>
|
||||
<tr>
|
||||
<td>Click this button to make a request:</td>
|
||||
<td><input id="btn" name="SUBMIT" value="Go!" type="SUBMIT" /></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/ChromeDevTools/network"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
<table>
|
||||
<tr>
|
||||
<td>What is the number you found: </td>
|
||||
<td><input name="number" type="text"/></td>
|
||||
<td><input type="submit" name="Submit" value="check"/></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="network_num" id="networkNumCopy" value="foo" />
|
||||
</form>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!--
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/HttpBasics/attack1"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
<script>
|
||||
console.log("in listener");
|
||||
document.getElementById("butn").addEventListener("click", function() {
|
||||
document.getElementById("inp").value = Math.random() * 100;
|
||||
});
|
||||
</script>
|
||||
<table>
|
||||
<tr>
|
||||
<td>Click this Button to make a request</td>
|
||||
<td><Button id="butn"></Button></td>
|
||||
<td><input id="inp" name="networkNumber" value="" type="hidden"/><input
|
||||
name="SUBMIT" value="Go!" type="SUBMIT" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>The Network Number is:</td>
|
||||
<td><input name="number" value="" type="text" /></td>
|
||||
<td><button type="submit" formaction="/WebGoat/ChromeDevTools/network">Check</button></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
-->
|
||||
</html>
|
||||
@ -1,4 +1,8 @@
|
||||
chrome-dev-tools.title=Google Chrome Developer Tools
|
||||
|
||||
xss-dom-message-success=Correct!
|
||||
xss-dom-message-failure=Incorrect.
|
||||
xss-dom-message-failure=Incorrect.
|
||||
|
||||
network.request=You made a HTTP Request.
|
||||
network.success=Correct, Well Done.
|
||||
network.failed=That is not correct, try again.
|
||||
@ -1,6 +1,8 @@
|
||||
== Try It! Using the Console
|
||||
|
||||
Let's try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome*. +
|
||||
You should get a response in the console.
|
||||
Paste the phoneHome number in below.
|
||||
You should get a response in the console. Your result should look something like:
|
||||
`phone home said
|
||||
{"lessonCompleted:true, ... ,"output":"phone home response is..."`
|
||||
Paste the random number, after that, in the text field below.
|
||||
(Make sure you got the most recent number, since it's randomly generated each time you call the function)
|
||||
@ -0,0 +1,6 @@
|
||||
== Try It! Working with the Newtork Tab
|
||||
|
||||
In this Assignment you need to find a specific HTTP request and read a randomized number from it.
|
||||
To start click the first button, to generate an HTTP Request. Try to find this specific HTTP request.
|
||||
The request should contain a field: `magic_num:`
|
||||
Copy the number which is displayed afterwards, into the input field below and click on the check button.
|
||||
Reference in New Issue
Block a user