final tests and fixed the issue of getting the name of the loggedinuser
This commit is contained in:
Rene Zubcevic
Nanne Baars
parent
00873cfe3f
commit
6dc679e7b8
@ -34,6 +34,14 @@ public class CSRFTest extends IntegrationTest {
|
|||||||
"<input type=\"submit\" value=\"assignment 7\"/>\n" +
|
"<input type=\"submit\" value=\"assignment 7\"/>\n" +
|
||||||
"</form></body></html>";
|
"</form></body></html>";
|
||||||
|
|
||||||
|
private static final String trickHTML8 = "<!DOCTYPE html><html><body><form action=\"WEBGOATURL\" method=\"POST\">\n" +
|
||||||
|
"<input type=\"hidden\" name=\"username\" value=\"csrf-USERNAME\"/>\n" +
|
||||||
|
"<input type=\"hidden\" name=\"password\" value=\"password\"/>\n" +
|
||||||
|
"<input type=\"hidden\" name=\"matchingPassword\" value=\"password\"/>\n" +
|
||||||
|
"<input type=\"hidden\" name=\"agree\" value=\"agree\"/>\n" +
|
||||||
|
"<input type=\"submit\" value=\"assignment 8\"/>\n" +
|
||||||
|
"</form></body></html>";
|
||||||
|
|
||||||
private String webwolfFileDir;
|
private String webwolfFileDir;
|
||||||
|
|
||||||
|
|
||||||
@ -55,7 +63,12 @@ public class CSRFTest extends IntegrationTest {
|
|||||||
uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
|
uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
|
||||||
checkAssignment7(callTrickHtml("csrf7.html"));
|
checkAssignment7(callTrickHtml("csrf7.html"));
|
||||||
|
|
||||||
//checkResults("/csrf");
|
//Assignment 8
|
||||||
|
uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", getWebgoatUser()));
|
||||||
|
checkAssignment8(callTrickHtml("csrf8.html"));
|
||||||
|
|
||||||
|
login();//because old cookie got replaced and invalidated
|
||||||
|
checkResults("csrf");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,4 +169,68 @@ public class CSRFTest extends IntegrationTest {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void checkAssignment8(String goatURL) {
|
||||||
|
|
||||||
|
//first make sure there is an attack csrf- user
|
||||||
|
registerCSRFUser();
|
||||||
|
|
||||||
|
Map<String, Object> params = new HashMap<>();
|
||||||
|
params.clear();
|
||||||
|
params.put("username", "csrf-"+getWebgoatUser());
|
||||||
|
params.put("password","password");
|
||||||
|
|
||||||
|
//login and get the new cookie
|
||||||
|
String newCookie = RestAssured.given()
|
||||||
|
.when()
|
||||||
|
.relaxedHTTPSValidation()
|
||||||
|
.cookie("JSESSIONID", getWebGoatCookie())
|
||||||
|
.header("Referer", webWolfUrl("/files/fake.html"))
|
||||||
|
.params(params)
|
||||||
|
.log().all()
|
||||||
|
.post(goatURL)
|
||||||
|
.then().log().all()
|
||||||
|
.extract().cookie("JSESSIONID");
|
||||||
|
|
||||||
|
//select the lesson
|
||||||
|
RestAssured.given()
|
||||||
|
.when()
|
||||||
|
.relaxedHTTPSValidation()
|
||||||
|
.cookie("JSESSIONID", newCookie)
|
||||||
|
.get(url("CSRF.lesson.lesson"))
|
||||||
|
.then()
|
||||||
|
.statusCode(200);
|
||||||
|
|
||||||
|
//click on the assignment
|
||||||
|
boolean result = RestAssured.given()
|
||||||
|
.when()
|
||||||
|
.relaxedHTTPSValidation()
|
||||||
|
.cookie("JSESSIONID", newCookie)
|
||||||
|
.log().all()
|
||||||
|
.post(url("/csrf/login"))
|
||||||
|
.then()
|
||||||
|
.log().all()
|
||||||
|
.statusCode(200)
|
||||||
|
.extract().path("lessonCompleted");
|
||||||
|
|
||||||
|
//vaidate the result
|
||||||
|
assertEquals(true, result);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Try to register the new user. Ignore the result.
|
||||||
|
*/
|
||||||
|
public void registerCSRFUser() {
|
||||||
|
|
||||||
|
RestAssured.given()
|
||||||
|
.when()
|
||||||
|
.relaxedHTTPSValidation()
|
||||||
|
.formParam("username", "csrf-"+getWebgoatUser())
|
||||||
|
.formParam("password", "password")
|
||||||
|
.formParam("matchingPassword", "password")
|
||||||
|
.formParam("agree", "agree")
|
||||||
|
.post(url("register.mvc"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,9 +22,10 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.csrf;
|
package org.owasp.webgoat.csrf;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
|
||||||
import org.owasp.webgoat.assignments.AttackResult;
|
import org.owasp.webgoat.assignments.AttackResult;
|
||||||
import org.owasp.webgoat.users.UserTracker;
|
import org.owasp.webgoat.users.UserTracker;
|
||||||
import org.owasp.webgoat.users.UserTrackerRepository;
|
import org.owasp.webgoat.users.UserTrackerRepository;
|
||||||
@ -46,8 +47,8 @@ public class CSRFLogin extends AssignmentEndpoint {
|
|||||||
|
|
||||||
@PostMapping(path = "/csrf/login", produces = {"application/json"})
|
@PostMapping(path = "/csrf/login", produces = {"application/json"})
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult completed() {
|
public AttackResult completed(HttpServletRequest request) {
|
||||||
String userName = getWebSession().getUserName();
|
String userName = request.getUserPrincipal().getName();
|
||||||
if (userName.startsWith("csrf")) {
|
if (userName.startsWith("csrf")) {
|
||||||
markAssignmentSolvedWithRealUser(userName.substring("csrf-".length()));
|
markAssignmentSolvedWithRealUser(userName.substring("csrf-".length()));
|
||||||
return trackProgress(success().feedback("csrf-login-success").build());
|
return trackProgress(success().feedback("csrf-login-success").build());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user