Added second assignment for chrome developer tools.

webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/plugin/NetworkDummy.java

@@ -0,0 +1,22 @@
+package org.owasp.webgoat.plugin;
+
+import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentPath;
+import org.owasp.webgoat.assignments.AttackResult;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.io.IOException;
+
+@AssignmentPath("/ChromeDevTools/dummy")
+public class NetworkDummy extends AssignmentEndpoint {
+
+  @RequestMapping(method = RequestMethod.POST)
+  public
+  @ResponseBody
+  AttackResult completed(@RequestParam String network_num) throws IOException {
+    return trackProgress(failed().feedback("network.request").build());
+  }
+}

webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/plugin/NetworkLesson.java

@@ -0,0 +1,26 @@
+package org.owasp.webgoat.plugin;
+
+import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentPath;
+import org.owasp.webgoat.assignments.AttackResult;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.io.IOException;
+
+@AssignmentPath("/ChromeDevTools/network")
+public class NetworkLesson extends AssignmentEndpoint {
+
+  @RequestMapping(method = RequestMethod.POST)
+  public
+  @ResponseBody
+  AttackResult completed(@RequestParam String network_num, @RequestParam String number) throws IOException {
+    if(network_num.equals(number)) {
+      return trackProgress(success().feedback("network.success").build());
+    } else {
+      return trackProgress(failed().feedback("network.failed").build());
+    }
+  }
+}

webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html

@@ -34,4 +34,87 @@
     <div class="adoc-content" th:replace="doc:ChromeDevTools_sources.adoc"></div>
 </div>
 
+<div class="lesson-page-wrapper">
+    <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
+    <!-- include content here. Content will be presented via asciidocs files,
+    which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
+    <div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment_Network.adoc"></div>
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
+        <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
+        <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
+        <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/ChromeDevTools/dummy"
+              enctype="application/json;charset=UTF-8">
+            <script>
+                // sample custom javascript in the recommended way ...
+                // a namespace has been assigned for it, but you can roll your own if you prefer
+                document.getElementById("btn").addEventListener("click", function() {
+                    document.getElementById("networkNum").value = Math.random() * 100;
+                    document.getElementById("networkNumCopy").value = document.getElementById("networkNum").value;
+                });
+            </script>
+            <input type="hidden" name="network_num" id="networkNum" value="foo" />
+            <table>
+                <tr>
+                    <td>Click this button to make a request:</td>
+                    <td><input id="btn" name="SUBMIT" value="Go!" type="SUBMIT" /></td>
+                    <td></td>
+                </tr>
+            </table>
+        </form>
+
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/ChromeDevTools/network"
+              enctype="application/json;charset=UTF-8">
+            <table>
+                <tr>
+                    <td>What is the number you found:   </td>
+                    <td><input name="number" type="text"/></td>
+                    <td><input type="submit" name="Submit" value="check"/></td>
+                    <td></td>
+                </tr>
+            </table>
+            <input type="hidden" name="network_num" id="networkNumCopy" value="foo" />
+        </form>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+    </div>
+</div>
+
+<!--
+<div class="lesson-page-wrapper">
+    <div class="attack-container">
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <form class="attack-form" accept-charset="UNKNOWN"
+              method="POST" name="form"
+              action="/WebGoat/HttpBasics/attack1"
+              enctype="application/json;charset=UTF-8">
+            <script>
+                console.log("in listener");
+                document.getElementById("butn").addEventListener("click", function() {
+                    document.getElementById("inp").value = Math.random() * 100;
+                });
+            </script>
+            <table>
+                <tr>
+                    <td>Click this Button to make a request</td>
+                    <td><Button id="butn"></Button></td>
+                    <td><input id="inp" name="networkNumber" value="" type="hidden"/><input
+                            name="SUBMIT" value="Go!" type="SUBMIT" /></td>
+                </tr>
+                <tr>
+                    <td>The Network Number is:</td>
+                    <td><input name="number" value="" type="text" /></td>
+                    <td><button type="submit" formaction="/WebGoat/ChromeDevTools/network">Check</button></td>
+                </tr>
+            </table>
+        </form>
+    </div>
+</div>
+-->
 </html>

webgoat-lessons/chrome-dev-tools/src/main/resources/i18n/WebGoatLabels.properties

@@ -2,3 +2,7 @@ chrome-dev-tools.title=Google Chrome Developer Tools
 
 xss-dom-message-success=Correct!
 xss-dom-message-failure=Incorrect.
+
+network.request=You made a HTTP Request.
+network.success=Correct, Well Done.
+network.failed=That is not correct, try again.

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment.adoc

@@ -1,6 +1,8 @@
 == Try It! Using the Console
 
 Let's try it. Use the console in the dev tools and call the javascript function *webgoat.customjs.phoneHome*. +
-You should get a response in the console.
+You should get a response in the console. Your result should look something like:
-Paste the phoneHome number in below.
+`phone home said
+{"lessonCompleted:true, ... ,"output":"phone home response is..."`
+Paste the random number, after that, in the text field below.
 (Make sure you got the most recent number, since it's randomly generated each time you call the function)

webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment_Network.adoc

@@ -0,0 +1,6 @@
+== Try It! Working with the Newtork Tab
+
+In this Assignment you need to find a specific HTTP request and read a randomized number from it.
+To start click the first button, to generate an HTTP Request. Try to find this specific HTTP request.
+The request should contain a field: `magic_num:`
+Copy the number which is displayed afterwards, into the input field below and click on the check button.