dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Added HTTP lesson together with its lesson plan and goals.

Browse Source 
- Files added:
   HttpSplitting.html
   HttpSplitting.java
   redirect.jsp
- Files Changed:
   webgoat-class.properties
   webgoat-lmc.properties

git-svn-id: http://webgoat.googlecode.com/svn/trunk@23 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy 2006-10-08 23:46:34 +00:00
parent d12bab05a4
commit 6cc8bed0c7
5 changed files with 160 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java Normal file
View File

@ -0,0 +1,116 @@
package org.owasp.webgoat.lessons;
import java.util.*;
import java.net.URLDecoder;
import java.io.UnsupportedEncodingException;
import org.apache.ecs.*;
import org.apache.ecs.html.*;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
/**
* Copyright (c) 2002 Free Software Foundation developed under the
* custody of the Open Web Application Security Project
* (http://www.owasp.org) This software package is published by OWASP
* under the GPL. You should read and accept the LICENSE before you
* use, modify and/or redistribute this software.
*
* @author sherif@macadamian.com
* @created September 30, 2006
*/
public class HttpSplitting extends LessonAdapter {
private final static String URL = "url";
/**
* Description of the Method
*
* @param s Description of the Parameter
*/
public void handleRequest( WebSession s )
{
// call createContent first so messages will go somewhere
Form form = new Form( "/WebGoat/lessons/General/redirect.jsp?" +
"Screen=" + String.valueOf(getScreenId()) +
"&menu=" + getDefaultCategory().getRanking().toString()
, Form.POST ).setName( "form" ).setEncType( "" );
form.addElement( createContent( s ) );
setContent(form);
}
protected Element createContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
StringBuffer url = null;
try
{
ec.addElement( new StringElement( "Search by country : " ) );
url = new StringBuffer( s.getParser().getStringParameter( URL, "" ) );
Input input = new Input( Input.TEXT, URL, url.toString() );
ec.addElement( input );
Element b = ECSFactory.makeButton( "Go!" );
ec.addElement( b );
}
catch (Exception e)
{
s.setMessage( "Error generating " + this.getClass().getName() );
e.printStackTrace();
}
String fromRedirect = s.getParser().getStringParameter ( "fromRedirect" , "");
if ( url.length() != 0 && fromRedirect.length() != 0 )
{
String[] arrTokens = url.toString().split(System.getProperty("line.separator"));
if (Arrays.binarySearch(arrTokens, "Content-Length: 0") >= 0 &&
Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0 )
{
makeSuccess( s );
}
}
return ( ec );
}
public Category getCategory()
{
return LessonAdapter.GENERAL;
}
protected List getHints()
{
List hints = new ArrayList();
hints.add( "Enter a language for the system to search by." );
hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
hints.add( "A 200 OK message looks like this: HTTP/1.1 200 OK" );
return hints;
}
private final static Integer DEFAULT_RANKING = new Integer(10);
protected Integer getDefaultRanking()
{
return DEFAULT_RANKING;
}
/**
* Gets the title attribute of the HelloScreen object
*
* @return The title value
*/
public String getTitle()
{
return ( "HTTP Splitting" );
}
}

3
webgoat/main/project/WebContent/WEB-INF/webgoat-class.properties
View File

@ -1,6 +1,7 @@
category.General.ranking=11
lesson.HttpBasics.ranking=10
lesson.ThreadSafetyProblem.ranking=20
lesson.HttpSplitting.ranking=20
lesson.ThreadSafetyProblem.ranking=30
category.Broken\ Authentication\ and\ Session\ Management.ranking=21
lesson.BasicAuthentication.ranking=10

3
webgoat/main/project/WebContent/WEB-INF/webgoat-lmc.properties
View File

@ -1,6 +1,7 @@
category.General.ranking=11
lesson.HttpBasics.ranking=10
lesson.ThreadSafetyProblem.ranking=20
lesson.HttpSplitting.ranking=20
lesson.ThreadSafetyProblem.ranking=30
category.Broken\ Authentication\ and\ Session\ Management.ranking=21
lesson.BasicAuthentication.ranking=10

24
webgoat/main/project/WebContent/lesson_plans/HttpSplitting.html Normal file
View File

@ -0,0 +1,24 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> Http Splitting </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
This lesson teaches how to perform HTPP Splitting attacks.
<br>
<div align="Left">
<p>
<b>How the attacks works:</b>
</p>
The attacker passes malacious code to the web server together with normal input.
A victim application will not be checking for CR (carriage return, also given by %0d or \r)
and LF (line feed, also given by %0a or \n)characters. These characters not only give attackers control
of the remaining headers and body of the response the application intends to send,
but also allows them to create additional responses entirely under their control
</div>
<p><b>General Goal(s):</b> </p>
<!-- Start Instructions -->
* Enter a language for the system to search by.<br>
* You notice that the application is redirecting your request to another resource on the server.<br>
* You should be able to use the CR (%0d) and LF (%0a) to exploit the attack.<br>
* Your excercise should be to force the server to send a 200 OK.
<!-- Stop Instructions -->

16
webgoat/main/project/WebContent/lessons/General/redirect.jsp Normal file
View File

@ -0,0 +1,16 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTTP Splitting</title>
</head>
<body>
<% response.sendRedirect("/WebGoat/attack?" +
"Screen=" + request.getParameter("Screen") +
"&menu=" + request.getParameter("menu") +
"&fromRedirect=yes&url=" + request.getParameter("url"));
%>
</body>
</html>