Replaced WebScarab references with OWASP ZAP in java code only
This commit is contained in:
		| @ -105,7 +105,7 @@ public class DBSQLInjection extends GoatHillsFinancial | ||||
| 						+ "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause"); | ||||
|  | ||||
| 		// Stage 1 | ||||
| 		hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); | ||||
| 		hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack."); | ||||
| 		hints.add("Try entering a password of [ ' OR userid=112 OR password=' ]."); | ||||
|  | ||||
| 		// Stage 2 | ||||
|  | ||||
| @ -143,7 +143,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie | ||||
| 		hints.add("You can force errors during the authentication process."); | ||||
| 		hints.add("You can change length, existance, or values of authentication parameters."); | ||||
| 		hints | ||||
| 				.add("Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>."); | ||||
| 				.add("Try removing a parameter ENTIRELY with <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">OWASP ZAP</A>."); | ||||
|  | ||||
| 		return hints; | ||||
| 	} | ||||
|  | ||||
| @ -92,7 +92,7 @@ public class HttpBasics extends LessonAdapter { | ||||
|         List<String> hints = new ArrayList<String>(); | ||||
|         hints.add("Type in your name and press 'go'"); | ||||
|         hints.add("Turn on Show Parameters or other features"); | ||||
|         hints.add("Try to intercept the request with WebScarab"); | ||||
|         hints.add("Try to intercept the request with OWASP ZAP"); | ||||
|         hints.add("Press the Show Lesson Plan button to view a lesson summary"); | ||||
|         hints.add("Press the Show Solution button to view a lesson solution"); | ||||
|  | ||||
|  | ||||
| @ -107,7 +107,7 @@ public class SQLInjection extends GoatHillsFinancial | ||||
| 				+ "Try appending a SQL statement that always resolves to true"); | ||||
|  | ||||
| 		// Stage 1 | ||||
| 		hints.add("You may need to use WebScarab to remove a field length limit to fit your attack."); | ||||
| 		hints.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack."); | ||||
| 		hints.add("Try entering a password of [ smith' OR '1' = '1 ]."); | ||||
|  | ||||
| 		// Stage 2 | ||||
|  | ||||
| @ -124,7 +124,7 @@ public class WsSqlInjection extends LessonAdapter | ||||
| 						+ "      </ns1:getCreditCard> <br>" | ||||
| 						+ "    </SOAP-ENV:Body> <br>" | ||||
| 						+ "  </SOAP-ENV:Envelope> <br>" + ""); | ||||
| 		hints.add("Use the \"Webservices\" Functions in WebScarab."); | ||||
| 		hints.add("Use the \"Webservices\" Functions in OWASP ZAP."); | ||||
| 		/* | ||||
| 		 * "<?xml version=\"1.0\" encoding=\"UTF-8\"?> <br>" + " <SOAP-ENV:Envelope | ||||
| 		 * xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>" + " | ||||
|  | ||||
| @ -55,7 +55,7 @@ Refresh=Refresh | ||||
|  | ||||
| WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. | ||||
| WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? | ||||
| WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names? | ||||
|  | ||||
| #RemoteAdminFlaw.java | ||||
| @ -199,7 +199,7 @@ ThisAmountCharged=This amount will be charged to your credit card immediately. | ||||
|  | ||||
| HiddenFieldTamperingHint1=This application is using hidden fields to transmit price information to the server. | ||||
| HiddenFieldTamperingHint2=Use a program to intercept and change the value in the hidden field. | ||||
| HiddenFieldTamperingHint3=Use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to change the price of the TV from " | ||||
| HiddenFieldTamperingHint3=Use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to change the price of the TV from " | ||||
| HiddenFieldTamperingHint32= to  | ||||
|  | ||||
| # Modify data with SQL Injection | ||||
| @ -219,8 +219,8 @@ SqlAddDataHint5=SOLUTION:<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 9999 | ||||
|  | ||||
| # Bypass Html Field Restrictions | ||||
| BypassHtmlFieldRestrictionsHint1=You must re-enable the disabled form field or manually add its parameter name to your request. | ||||
| BypassHtmlFieldRestrictionsHint2=You can use <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> to intercept requests and make changes. | ||||
| BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson. | ||||
| BypassHtmlFieldRestrictionsHint2=You can use <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> to intercept requests and make changes. | ||||
| BypassHtmlFieldRestrictionsHint3=Rather than using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>, you could instead use the <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> and/or <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a> Firefox extensions to complete this lesson. | ||||
|  | ||||
|  | ||||
|  | ||||
|  | ||||
| @ -55,7 +55,7 @@ Refresh=Neu Laden | ||||
|  | ||||
| WeakAuthenticationCookieHints1=The server authenticates the user using a cookie, if you send the right cookie. | ||||
| WeakAuthenticationCookieHints2=Is the AuthCookie value guessable knowing the username and password? | ||||
| WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints3=Add 'AuthCookie=********;' to the Cookie: header using <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints4=After logging in as webgoat a cookie is added. 65432ubphcfx<br/>After logging in as aspect a cookie is added. 65432udfqtb<br/>Is there anything similar about the cookies and the login names? | ||||
|  | ||||
| #RemoteAdminFlaw.java | ||||
| @ -199,7 +199,7 @@ ThisAmountCharged=Ihre Kreditkarte wird sofort mit dem Betrag belastet | ||||
|  | ||||
| HiddenFieldTamperingHint1=Die Applikation nutzt ein verstecktes Feld um Preisinformationen an den Server zu <20>bertragen. | ||||
| HiddenFieldTamperingHint2=Benutzen Sie ein Programm um den Wert des versteckten Feldes abzufangen und zu ver<65>ndern. | ||||
| HiddenFieldTamperingHint3=Benutzen Sie <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.   | ||||
| HiddenFieldTamperingHint3=Benutzen Sie <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> um den Preis des Fernsehers auf einen anderen Wert einzustellen.   | ||||
| HiddenFieldTamperingHint32= bis  | ||||
|   | ||||
|   | ||||
|  | ||||
| @ -55,7 +55,7 @@ Refresh=\u041E\u0431\u043D\u043E\u0432\u0438\u0442\u044C | ||||
|  | ||||
| WeakAuthenticationCookieHints1=\u0421\u0435\u0440\u0432\u0435\u0440 \u0430\u0443\u0442\u0435\u043D\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F \u0441 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u043D\u0438\u0435\u043C cookie \u0435\u0441\u043B\u0438 \u0432 \u043D\u0438\u0445 \u043D\u0430\u0445\u043E\u0434\u044F\u0442\u0441\u044F \u0432\u0435\u0440\u043D\u044B\u0435 \u0434\u0430\u043D\u043D\u044B\u0435 | ||||
| WeakAuthenticationCookieHints2=\u041C\u043E\u0436\u043D\u043E \u043B\u0438 \u0443\u0433\u0430\u0434\u0430\u0442\u044C \u043B\u043E\u0433\u0438\u043D \u0438 \u043F\u0430\u0440\u043E\u043B\u044C \u0438\u0437 AuthCookie? | ||||
| WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints3=\u0414\u043E\u0431\u0430\u0432\u044C\u0442\u0435 'AuthCookie=********;' \u0432 \u0437\u0430\u0433\u043E\u043B\u043E\u0432\u043E\u043A 'Cookie:' \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u044F <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A>. | ||||
| WeakAuthenticationCookieHints4=\u041F\u043E\u0441\u043B\u0435 \u0442\u043E\u0433\u043E \u043A\u0430\u043A \u0432\u044B \u0432\u043E\u0448\u043B\u0438 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C webgoat \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432ubphcfx'<br/>\u041F\u043E\u0441\u043B\u0435 \u0432\u0445\u043E\u0434\u0430 \u043F\u043E\u0434 \u0438\u043C\u0435\u043D\u0435\u043C aspect \u0443 \u0432\u0430\u0441 \u043F\u043E\u044F\u0432\u0438\u043B\u0438\u0441\u044C \u043D\u043E\u0432\u044B\u0435 cookie \u0441\u043E \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435\u043C '65432udfqtb'<br/>\u0415\u0441\u0442\u044C \u043B\u0438 \u0447\u0442\u043E-\u0442\u043E \u043E\u0431\u0449\u0435\u0435 \u043C\u0435\u0436\u0434\u0443 cookies \u0438 \u0432\u0432\u043E\u0434\u0438\u043C\u044B\u043C\u0438 \u043B\u043E\u0433\u0438\u043D\u0430\u043C\u0438? | ||||
|  | ||||
| #RemoteAdminFlaw.java | ||||
| @ -199,7 +199,7 @@ ThisAmountCharged=\u0414\u0430\u043D\u043D\u0430\u044F \u0441\u0443\u043C\u043C\ | ||||
|  | ||||
| HiddenFieldTamperingHint1=\u0414\u0430\u043D\u043D\u043E\u0435 \u043F\u0440\u0438\u043B\u043E\u0436\u0435\u043D\u0438\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0435\u0442 \u0441\u043A\u0440\u044B\u0442\u044B\u0435 \u043F\u043E\u043B\u044F \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0438\u043D\u0444\u043E\u0440\u043C\u0430\u0446\u0438\u0438 \u043E \u0446\u0435\u043D\u0435 \u043D\u0430 \u0441\u0442\u043E\u0440\u043E\u043D\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. | ||||
| HiddenFieldTamperingHint2=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 \u043F\u0440\u043E\u0433\u0440\u0430\u043C\u043C\u044B \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0437\u0430\u043F\u0440\u043E\u0441\u043E\u0432 \u0434\u043B\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0437\u043D\u0430\u0447\u0435\u043D\u0438\u0435 \u0441\u043A\u0440\u044B\u0442\u044B\u0445 \u043F\u043E\u043B\u0435\u0439. | ||||
| HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 " | ||||
| HiddenFieldTamperingHint3=\u0418\u0441\u043F\u043E\u043B\u044C\u0437\u0443\u0439\u0442\u0435 <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u0434\u044F \u0442\u043E\u0433\u043E \u0447\u0442\u043E\u0431 \u0438\u0437\u043C\u0435\u043D\u0438\u0442\u044C \u0446\u0435\u043D\u0443 TV \u0441 " | ||||
| HiddenFieldTamperingHint32= \u043D\u0430  | ||||
|  | ||||
| # Modify data with SQL Injection | ||||
| @ -219,5 +219,5 @@ SqlAddDataHint5=\u0420\u0415\u0428\u0415\u041D\u0418\u0415:<br/>bar'; INSERT INT | ||||
|  | ||||
| # Bypass Html Field Restrictions | ||||
| BypassHtmlFieldRestrictionsHint1=\u0412\u044B \u0434\u043E\u043B\u0436\u043D\u044B \u0440\u0430\u0437\u0431\u043B\u043E\u043A\u0438\u0440\u043E\u0432\u0430\u0442\u044C \u043E\u0442\u043A\u043B\u044E\u0447\u0435\u043D\u043D\u044B\u0435 \u043F\u043E\u043B\u044F \u0444\u043E\u0440\u043C\u044B \u0438\u043B\u0438 \u0432\u0440\u0443\u0447\u043D\u0443\u044E \u0434\u043E\u0431\u0430\u0432\u0438\u0442\u044C \u0441\u043E\u043E\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044E\u0449\u0438\u0435 \u043F\u0430\u0440\u0430\u043C\u0435\u0442\u0440\u044B \u0432 \u0437\u0430\u043F\u0440\u043E\u0441. | ||||
| BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445. | ||||
| BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project\">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>. | ||||
| BypassHtmlFieldRestrictionsHint2=\u0412\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0434\u043B\u044F \u043F\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0438 \u0438\u0437\u043C\u0435\u043D\u0435\u043D\u0438\u044F \u0434\u0430\u043D\u043D\u044B\u0445. | ||||
| BypassHtmlFieldRestrictionsHint3=\u041F\u0435\u0440\u0435\u0434 \u0442\u0435\u043C \u043A\u0430\u043A \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">WebScarab</A> \u0432\u044B \u043C\u043E\u0436\u0435\u0442\u0435 \u0432\u043E\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C\u0441\u044F \u0441\u043B\u0435\u0434\u0443\u044E\u0449\u0438\u043C\u0438 \u043F\u043B\u0430\u0433\u0438\u043D\u0430\u043C\u0438 \u0434\u043B\u044F Firefox - <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> \u0438/\u0438\u043B\u0438 <A href=\"http://devels-playground.blogspot.com/\">Hackbar</a>. | ||||
		Reference in New Issue
	
	Block a user