diff --git a/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
index b7d6defda..e30003c66 100644
--- a/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@@ -105,7 +105,7 @@ public class DBSQLInjection extends GoatHillsFinancial
+ "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause");
// Stage 1
- hints.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+ hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ ' OR userid=112 OR password=' ].");
// Stage 2
diff --git a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
index 6aea5a01c..8d24d7bca 100644
--- a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
+++ b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
@@ -143,7 +143,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
hints.add("You can force errors during the authentication process.");
hints.add("You can change length, existance, or values of authentication parameters.");
hints
- .add("Try removing a parameter ENTIRELY with WebScarab.");
+ .add("Try removing a parameter ENTIRELY with OWASP ZAP.");
return hints;
}
diff --git a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
index 7debe20be..3be19a55c 100644
--- a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
+++ b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
@@ -92,7 +92,7 @@ public class HttpBasics extends LessonAdapter {
List hints = new ArrayList();
hints.add("Type in your name and press 'go'");
hints.add("Turn on Show Parameters or other features");
- hints.add("Try to intercept the request with WebScarab");
+ hints.add("Try to intercept the request with OWASP ZAP");
hints.add("Press the Show Lesson Plan button to view a lesson summary");
hints.add("Press the Show Solution button to view a lesson solution");
diff --git a/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
index c1ffdf1d6..92ca8afb6 100644
--- a/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@@ -107,7 +107,7 @@ public class SQLInjection extends GoatHillsFinancial
+ "Try appending a SQL statement that always resolves to true");
// Stage 1
- hints.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+ hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ smith' OR '1' = '1 ].");
// Stage 2
diff --git a/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java b/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java
index 3beb44744..056c93d1e 100644
--- a/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java
@@ -124,7 +124,7 @@ public class WsSqlInjection extends LessonAdapter
+ " </ns1:getCreditCard>
"
+ " </SOAP-ENV:Body>
"
+ " </SOAP-ENV:Envelope>
" + "");
- hints.add("Use the \"Webservices\" Functions in WebScarab.");
+ hints.add("Use the \"Webservices\" Functions in OWASP ZAP.");
/*
* "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
" + " <SOAP-ENV:Envelope
* xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"
" + "
diff --git a/src/main/resources/WebGoatLabels_english.properties b/src/main/resources/WebGoatLabels_english.properties
index e10085eab..e8acee19b 100644
--- a/src/main/resources/WebGoatLabels_english.properties
+++ b/src/main/resources/WebGoatLabels_english.properties
@@ -55,7 +55,7 @@ Refresh=Refresh
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
-WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab.
+WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx
After logging in as aspect a cookie is added. 65432udfqtb
Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
@@ -199,7 +199,7 @@ ThisAmountCharged=This amount will be charged to your credit card immediately.
HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server.
HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field.
-HiddenFieldTamperingHint3=Use WebScarab to change the price of the TV from "
+HiddenFieldTamperingHint3=Use WebScarab to change the price of the TV from "
HiddenFieldTamperingHint32= to
# Modify data with SQL Injection
@@ -219,8 +219,8 @@ SqlAddDataHint5=SOLUTION:
bar'; INSERT INTO salaries VALUES ('cwillis', 9999
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request.
-BypassHtmlFieldRestrictionsHint2=You can use WebScarab to intercept requests and make changes.
-BypassHtmlFieldRestrictionsHint3=Rather than using WebScarab, you could instead use the Web Developer and/or Hackbar Firefox extensions to complete this lesson.
+BypassHtmlFieldRestrictionsHint2=You can use WebScarab to intercept requests and make changes.
+BypassHtmlFieldRestrictionsHint3=Rather than using WebScarab, you could instead use the Web Developer and/or Hackbar Firefox extensions to complete this lesson.
diff --git a/src/main/resources/WebGoatLabels_german.properties b/src/main/resources/WebGoatLabels_german.properties
index a9ac28b90..77ca441ce 100644
--- a/src/main/resources/WebGoatLabels_german.properties
+++ b/src/main/resources/WebGoatLabels_german.properties
@@ -55,7 +55,7 @@ Refresh=Neu Laden
WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
-WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab.
+WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab.
WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx
After logging in as aspect a cookie is added. 65432udfqtb
Is there anything similar about the cookies and the login names?
#RemoteAdminFlaw.java
@@ -199,7 +199,7 @@ ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet
HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu übertragen.
HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu verändern.
-HiddenFieldTamperingHint3=Benutzen Sie WebScarab um den Preis des Fernsehers auf einen anderen Wert einzustellen.
+HiddenFieldTamperingHint3=Benutzen Sie WebScarab um den Preis des Fernsehers auf einen anderen Wert einzustellen.
HiddenFieldTamperingHint32= bis
diff --git a/src/main/resources/WebGoatLabels_russian.properties b/src/main/resources/WebGoatLabels_russian.properties
index 0b01b1e51..6982609d8 100644
--- a/src/main/resources/WebGoatLabels_russian.properties
+++ b/src/main/resources/WebGoatLabels_russian.properties
@@ -55,7 +55,7 @@ Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C
WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435
WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie?
-WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F WebScarab.
+WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F WebScarab.
WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'
\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'
\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438?
#RemoteAdminFlaw.java
@@ -199,7 +199,7 @@ ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\
HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.
HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439.
-HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 WebScarab \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
+HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 WebScarab \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
HiddenFieldTamperingHint32= \u043D\u0430
# Modify data with SQL Injection
@@ -219,5 +219,5 @@ SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:
bar'; INSERT INT
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441.
-BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
-BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - Web Developer \u0438/\u0438\u043B\u0438 Hackbar.
\ No newline at end of file
+BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
+BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - Web Developer \u0438/\u0438\u043B\u0438 Hackbar.
\ No newline at end of file