- Added new challenges

- Added new webapplication called WebWolf to make attacks more realistic - Added WebWolf lesson to explain the concepts behind this new application
2017-08-13 11:22:52 +02:00
parent 56f19caed6
commit 46c536554c
104 changed files with 4199 additions and 70 deletions
--- a/webwolf/README.md
+++ b/webwolf/README.md
@ -0,0 +1,46 @@
+# WebWolf
+
+## Introduction
+
+During workshops one of the feedback items was that in some lesson it was not clear what you controlled 
+as an attacker and what was part of the lesson. To make this separation more distinct we created 
+WebWolf which is completely controlled by you as the attacker and runs as a separate application. 
+
+Instead of using your own machine which would involve WebGoat being connected to your local network
+or internet (remember WebGoat is a vulnerable webapplication) we created WebWolf which is the the 
+environment for you as an attacker.
+
+At the moment WebWolf offers support for:
+
+- Receiving e-mails
+- Serving files
+- Logging of incoming requests (cookies etc)
+
+## Running
+
+### Docker
+
+If you use the Docker image of WebGoat this application will automatically be available. Use the following 
+URL: http://localhost:8081/WebWolf
+
+### Standalone
+
+```Shell
+cd WebGoat
+git checkout develop
+mvn clean install
+```
+
+Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
+
+```Shell
+mvn -pl webwolf spring-boot:run
+```
+... you should be running WebWolf on localhost:8081/WebWolf momentarily
+
+
+
+### Mapping
+
+The web application runs on '/' and the controllers and Thymeleaf templates are hardcoded to '/WebWolf' we need
+to have '/' available which acts as a landing page for incoming requests.