dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update documentation

Browse Source
This commit is contained in:
Nanne Baars 2021-12-13 12:58:59 +01:00 committed by Nanne Baars
parent 80e01d680b
commit 69a93f30d2
3 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FieldRestrictions.adoc
View File

@ -1,6 +1,6 @@
== Field Restrictions
In most browsers, client has complete or almost complete control over HTML part
In most browsers, the client has complete or almost complete control over the HTML part
of the webpage. They can alter values or restrictions to fit their preference.
=== Task
Send a request that bypasses restrictions of all four of these fields
Send a request that bypasses restrictions of all four of these fields.

4
webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_FrontendValidation.adoc
View File

@ -1,7 +1,7 @@
== Validation
Often, there is some mechanism in place to prevent users from sending altered
field values to server, such as validation before sending. Most of popular browsers
There is often some mechanism in place to prevent users from sending altered
field values to the server, such as validation before sending. Most popular browsers
such as Chrome don't allow editing scripts during runtime. We will have to circumvent
the validation some other way.

7
webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en/BypassRestrictions_Intro.adoc
View File

@ -1,11 +1,10 @@
== Concept
Users have a great degree of control over the front-end of the web application.
They can alter HTML code, sometimes also scripts. This is why
apps that require certain format of input should also validate on server-side.
Users have a great degree of control over the web application's front-end.
They can alter HTML code, sometimes also scripts. Applications that require a certain input format should also validate on the server-side.
== Goals
* The user should have a basic knowledge of HTML
* The user should be able to tamper a request before sending (with proxy or other tool)
* The user should be able to tamper with a request before sending (with proxy or other tools)
* The user will be able to tamper with field restrictions and bypass client-side validation