Replaced WebScarab references with OWASP ZAP in java code only

2014-09-15 21:41:25 -04:00 · 2014-09-15 21:41:25 -04:00 · 4202c12c18
commit 4202c12c18
parent 9bb1cb8d9c
8 changed files with 15 additions and 15 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@ -105,7 +105,7 @@ public class DBSQLInjection extends GoatHillsFinancial
 						+ "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause");

 		// Stage 1
-		hints.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+		hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
 		hints.add("Try entering a password of [ ' OR userid=112 OR password=' ].");

 		// Stage 2
--- a/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
+++ b/src/main/java/org/owasp/webgoat/lessons/FailOpenAuthentication.java
@ -143,7 +143,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
 		hints.add("You can force errors during the authentication process.");
 		hints.add("You can change length, existance, or values of authentication parameters.");
 		hints
-				.add("Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.");
+				.add("Try removing a parameter ENTIRELY with <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">OWASP ZAP</A>.");

 		return hints;
 	}
--- a/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
+++ b/src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
@ -92,7 +92,7 @@ public class HttpBasics extends LessonAdapter {
        List<String> hints = new ArrayList<String>();
        hints.add("Type in your name and press 'go'");
        hints.add("Turn on Show Parameters or other features");
-        hints.add("Try to intercept the request with WebScarab");
+        hints.add("Try to intercept the request with OWASP ZAP");
        hints.add("Press the Show Lesson Plan button to view a lesson summary");
        hints.add("Press the Show Solution button to view a lesson solution");

--- a/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@ -107,7 +107,7 @@ public class SQLInjection extends GoatHillsFinancial
 				+ "Try appending a SQL statement that always resolves to true");

 		// Stage 1
-		hints.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
+		hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
 		hints.add("Try entering a password of [ smith' OR '1' = '1 ].");

 		// Stage 2
--- a/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java
+++ b/src/main/java/org/owasp/webgoat/lessons/WsSqlInjection.java
@ -124,7 +124,7 @@ public class WsSqlInjection extends LessonAdapter
 						+ "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getCreditCard&gt; <br>"
 						+ "&nbsp;&nbsp;&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>"
 						+ "&nbsp;&nbsp;&lt;/SOAP-ENV:Envelope&gt; <br>" + "");
-		hints.add("Use the \"Webservices\" Functions in WebScarab.");
+		hints.add("Use the \"Webservices\" Functions in OWASP ZAP.");
 		/*
 		 * "&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>" + " &lt;SOAP-ENV:Envelope
 		 * xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>" + "
--- a/src/main/resources/WebGoatLabels_english.properties
+++ b/src/main/resources/WebGoatLabels_english.properties
@ -55,7 +55,7 @@ Refresh=Refresh

 WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
 WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
-WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>.
+WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
 WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?

 #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=This amount will be charged to your credit card immediately.

 HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server.
 HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field.
-HiddenFieldTamperingHint3=Use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to change the price of the TV from "
+HiddenFieldTamperingHint3=Use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to change the price of the TV from "
 HiddenFieldTamperingHint32= to 

 # Modify data with SQL Injection
@ -219,8 +219,8 @@ SqlAddDataHint5=SOLUTION:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 9999

 # Bypass Html Field Restrictions
 BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request.
-BypassHtmlFieldRestrictionsHint2=You can use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to intercept requests and make changes.
-BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson.
+BypassHtmlFieldRestrictionsHint2=You can use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to intercept requests and make changes.
+BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson.



--- a/src/main/resources/WebGoatLabels_german.properties
+++ b/src/main/resources/WebGoatLabels_german.properties
@ -55,7 +55,7 @@ Refresh=Neu Laden

 WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie.
 WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password?
-WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>.
+WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
 WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names?

 #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet

 HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu übertragen.
 HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu verändern.
-HiddenFieldTamperingHint3=Benutzen Sie <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.  
+HiddenFieldTamperingHint3=Benutzen Sie <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.  
 HiddenFieldTamperingHint32= bis 
 
 
--- a/src/main/resources/WebGoatLabels_russian.properties
+++ b/src/main/resources/WebGoatLabels_russian.properties
@ -55,7 +55,7 @@ Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C

 WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435
 WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie?
-WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>.
+WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>.
 WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'<br/>\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'<br/>\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438?

 #RemoteAdminFlaw.java
@ -199,7 +199,7 @@ ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\

 HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.
 HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439.
-HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
+HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 "
 HiddenFieldTamperingHint32= \u043D\u0430 

 # Modify data with SQL Injection
@ -219,5 +219,5 @@ SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:<br/>bar'; INSERT INT

 # Bypass Html Field Restrictions
 BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441.
-BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
-BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>.
+BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445.
+BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>.