From 4202c12c18738a7d15bee2254b36a047a90d9123 Mon Sep 17 00:00:00 2001 From: Bruce Mayhew Date: Mon, 15 Sep 2014 21:41:25 -0400 Subject: [PATCH] Replaced WebScarab references with OWASP ZAP in java code only --- .../webgoat/lessons/DBSQLInjection/DBSQLInjection.java | 2 +- .../org/owasp/webgoat/lessons/FailOpenAuthentication.java | 2 +- src/main/java/org/owasp/webgoat/lessons/HttpBasics.java | 2 +- .../owasp/webgoat/lessons/SQLInjection/SQLInjection.java | 2 +- .../java/org/owasp/webgoat/lessons/WsSqlInjection.java | 2 +- src/main/resources/WebGoatLabels_english.properties | 8 ++++---- src/main/resources/WebGoatLabels_german.properties | 4 ++-- src/main/resources/WebGoatLabels_russian.properties | 8 ++++---- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java index b7d6defda..e30003c66 100644 --- a/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java +++ b/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -105,7 +105,7 @@ public class DBSQLInjection extends GoatHillsFinancial + "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause"); // Stage 1 - hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); + hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack."); hints.add("Try entering a password of [ ' OR userid=112 OR password=' ]."); // Stage 2 diff --git a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java index 6aea5a01c..8d24d7bca 100644 --- a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java +++ b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java @@ -143,7 +143,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie hints.add("You can force errors during the authentication process."); hints.add("You can change length, existance, or values of authentication parameters."); hints - .add("Try removing a parameter ENTIRELY with WebScarab."); + .add("Try removing a parameter ENTIRELY with OWASP ZAP."); return hints; } diff --git a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java index 7debe20be..3be19a55c 100644 --- a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java +++ b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java @@ -92,7 +92,7 @@ public class HttpBasics extends LessonAdapter { List hints = new ArrayList(); hints.add("Type in your name and press 'go'"); hints.add("Turn on Show Parameters or other features"); - hints.add("Try to intercept the request with WebScarab"); + hints.add("Try to intercept the request with OWASP ZAP"); hints.add("Press the Show Lesson Plan button to view a lesson summary"); hints.add("Press the Show Solution button to view a lesson solution"); diff --git a/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index c1ffdf1d6..92ca8afb6 100644 --- a/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -107,7 +107,7 @@ public class SQLInjection extends GoatHillsFinancial + "Try appending a SQL statement that always resolves to true"); // Stage 1 - hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); + hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack."); hints.add("Try entering a password of [ smith' OR '1' = '1 ]."); // Stage 2 diff --git a/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java b/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java index 3beb44744..056c93d1e 100644 --- a/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java +++ b/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java @@ -124,7 +124,7 @@ public class WsSqlInjection extends LessonAdapter + "      </ns1:getCreditCard>
" + "    </SOAP-ENV:Body>
" + "  </SOAP-ENV:Envelope>
" + ""); - hints.add("Use the \"Webservices\" Functions in WebScarab."); + hints.add("Use the \"Webservices\" Functions in OWASP ZAP."); /* * "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
" + " <SOAP-ENV:Envelope * xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"
" + " diff --git a/src/main/resources/WebGoatLabels_english.properties b/src/main/resources/WebGoatLabels_english.properties index e10085eab..e8acee19b 100644 --- a/src/main/resources/WebGoatLabels_english.properties +++ b/src/main/resources/WebGoatLabels_english.properties @@ -55,7 +55,7 @@ Refresh=Refresh WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? -WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab. +WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab. WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx
After logging in as aspect a cookie is added. 65432udfqtb
Is there anything similar about the cookies and the login names? #RemoteAdminFlaw.java @@ -199,7 +199,7 @@ ThisAmountCharged=This amount will be charged to your credit card immediately. HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server. HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field. -HiddenFieldTamperingHint3=Use WebScarab to change the price of the TV from " +HiddenFieldTamperingHint3=Use WebScarab to change the price of the TV from " HiddenFieldTamperingHint32= to # Modify data with SQL Injection @@ -219,8 +219,8 @@ SqlAddDataHint5=SOLUTION:
bar'; INSERT INTO salaries VALUES ('cwillis', 9999 # Bypass Html Field Restrictions BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request. -BypassHtmlFieldRestrictionsHint2=You can use WebScarab to intercept requests and make changes. -BypassHtmlFieldRestrictionsHint3=Rather than using WebScarab, you could instead use the Web Developer and/or Hackbar Firefox extensions to complete this lesson. +BypassHtmlFieldRestrictionsHint2=You can use WebScarab to intercept requests and make changes. +BypassHtmlFieldRestrictionsHint3=Rather than using WebScarab, you could instead use the Web Developer and/or Hackbar Firefox extensions to complete this lesson. diff --git a/src/main/resources/WebGoatLabels_german.properties b/src/main/resources/WebGoatLabels_german.properties index a9ac28b90..77ca441ce 100644 --- a/src/main/resources/WebGoatLabels_german.properties +++ b/src/main/resources/WebGoatLabels_german.properties @@ -55,7 +55,7 @@ Refresh=Neu Laden WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? -WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab. +WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using WebScarab. WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx
After logging in as aspect a cookie is added. 65432udfqtb
Is there anything similar about the cookies and the login names? #RemoteAdminFlaw.java @@ -199,7 +199,7 @@ ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu übertragen. HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu verändern. -HiddenFieldTamperingHint3=Benutzen Sie WebScarab um den Preis des Fernsehers auf einen anderen Wert einzustellen. +HiddenFieldTamperingHint3=Benutzen Sie WebScarab um den Preis des Fernsehers auf einen anderen Wert einzustellen. HiddenFieldTamperingHint32= bis diff --git a/src/main/resources/WebGoatLabels_russian.properties b/src/main/resources/WebGoatLabels_russian.properties index 0b01b1e51..6982609d8 100644 --- a/src/main/resources/WebGoatLabels_russian.properties +++ b/src/main/resources/WebGoatLabels_russian.properties @@ -55,7 +55,7 @@ Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435 WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie? -WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F WebScarab. +WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F WebScarab. WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'
\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'
\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438? #RemoteAdminFlaw.java @@ -199,7 +199,7 @@ ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\ HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439. -HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 WebScarab \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 " +HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 WebScarab \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 " HiddenFieldTamperingHint32= \u043D\u0430 # Modify data with SQL Injection @@ -219,5 +219,5 @@ SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:
bar'; INSERT INT # Bypass Html Field Restrictions BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441. -BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445. -BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - Web Developer \u0438/\u0438\u043B\u0438 Hackbar. \ No newline at end of file +BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445. +BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C WebScarab \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - Web Developer \u0438/\u0438\u043B\u0438 Hackbar. \ No newline at end of file