Added more hints to password reset 5 lesson. Recommended Burp as a proxy
This commit is contained in:
Benedikt - Desktop
committed by
Nanne Baars
Nanne Baars
parent
8c7eaf87d6
commit
3d7974aa45
@ -13,9 +13,10 @@ password-reset-solved=Congratulations you solved the assignment, please type in
|
||||
password-reset-not-solved=Sorry but you did not redirect the reset link to WebWolf
|
||||
|
||||
password-reset-hint1=Try to send a password reset link to your own account at {user}@webgoat.org, you can read this e-mail in WebWolf.
|
||||
password-reset-hint2=Look at the link, can you think how the server creates this link?
|
||||
password-reset-hint2=Look at the link, can you think of how the server creates this link?
|
||||
password-reset-hint3=Tom clicks all the links he receives in his mailbox, you can use the landing page in WebWolf to get the reset link...
|
||||
password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:9090?
|
||||
password-reset-hint5=Intercept the request and change the host header
|
||||
password-reset-hint5=Intercept the request and change the host header.
|
||||
password-reset-hint6=For intercepting the request you have to use a proxy. Check the <a href="./start.mvc#lesson/HttpProxies.lesson" target="_blank">HTTP-Proxies Lesson</a> in the general category if you're unfamiliar with using proxies.<br/><span style="color: red;"><strong>Important:</strong> There seem to be problems when modifying the request header with <a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project" target="_blank">ZAP</a>. We recommend to use <a href="https://portswigger.net/" target="_blank">Burp</a> instead.</span>
|
||||
login_failed=Login failed
|
||||
login_failed.tom=Sorry only Tom can login at the moment
|
||||
Reference in New Issue
Block a user