diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
index 32b905952..9ff9a5cde 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
@@ -34,8 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 public abstract class AssignmentEndpoint {
 
-    @Autowired
-    private UserTrackerRepository userTrackerRepository;
     @Autowired
     private WebSession webSession;
     @Autowired
diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java
index 75e8e188b..17415a720 100644
--- a/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java
@@ -53,12 +53,6 @@ public class LabelServiceTest {
 
     @Autowired
     public MockMvc mockMvc;
-    @MockBean
-    private Course course;
-    @MockBean
-    private UserService userService;
-    @MockBean
-    private LessonTrackerInterceptor interceptor;
 
     @Test
     @WithMockUser(username = "guest", password = "guest")
diff --git a/webgoat-lessons/command-injection/pom.xml b/webgoat-lessons/command-injection/pom.xml
deleted file mode 100644
index 23c24a5dd..000000000
--- a/webgoat-lessons/command-injection/pom.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <artifactId>http-proxies</artifactId>
-    <packaging>jar</packaging>
-    <parent>
-        <groupId>org.owasp.webgoat.lesson</groupId>
-        <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0-SNAPSHOT</version>
-    </parent>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-test</artifactId>
-            <version>4.1.3.RELEASE</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <type>jar</type>
-            <scope>test</scope>
-        </dependency>
-
-    </dependencies>
-
-</project>
diff --git a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java b/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java
deleted file mode 100644
index ee8f9ef64..000000000
--- a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package org.owasp.webgoat.plugin;
-
-import org.owasp.webgoat.assignments.AssignmentEndpoint;
-import org.owasp.webgoat.assignments.AssignmentPath;
-import org.owasp.webgoat.assignments.AttackResult;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-
-/**
- * *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project
- * utility. For details, please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
- * Foundation; either version 2 of the License, or (at your option) any later
- * version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
- * for free software projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
- * @created October 28, 2003
- */
-@AssignmentPath("/HttpProxies/intercept-request")
-public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
-
-	@RequestMapping(method = RequestMethod.GET)
-	public @ResponseBody
-	AttackResult completed(HttpServletRequest request) throws IOException {
-		if (request.getHeader("x-request-intercepted").toLowerCase().equals("true") && request.getParameter("changeMe").equals("Requests are tampered easily")) {
-            return trackProgress(success().feedback("http-proxies.intercept.success").build());
-		} else {
-            return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
-        }
-	}
-}
\ No newline at end of file
diff --git a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpProxies.java b/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpProxies.java
deleted file mode 100644
index 16c6c3812..000000000
--- a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/HttpProxies.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.owasp.webgoat.plugin;
-
-import com.beust.jcommander.internal.Lists;
-import org.owasp.webgoat.lessons.Category;
-import org.owasp.webgoat.lessons.Lesson;
-
-import java.util.List;
-
-/**
- * ************************************************************************************************
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * <p>
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * <p>
- * Getting Source ==============
- * <p>
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * <p>
- *
- * @author WebGoat
- * @version $Id: $Id
- * @since October 12, 2016
- */
-public class HttpProxies extends Lesson {
-    @Override
-    public Category getDefaultCategory() {
-        return Category.GENERAL;
-    }
-
-    @Override
-    public String getTitle() {
-        return "http-proxies.title";
-    }
-
-    @Override
-    public String getId() {
-        return "HttpProxies";
-    }
-}
diff --git a/webgoat-lessons/command-injection/src/main/resources/html/CommandInjection.html b/webgoat-lessons/command-injection/src/main/resources/html/CommandInjection.html
deleted file mode 100644
index da04726db..000000000
--- a/webgoat-lessons/command-injection/src/main/resources/html/CommandInjection.html
+++ /dev/null
@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-
-<html xmlns:th="http://www.thymeleaf.org">
-
-    <div class="lesson-page-wrapper">
-        <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-        <!-- include content here. Content will be presented via asciidocs files,
-        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
-        <div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro0.adoc"></div>
-    </div>
-
-    <div class="lesson-page-wrapper">
-		<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-		<!-- include content here. Content will be presented via asciidocs files,
-        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
-		<div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro1.adoc"></div>
-	</div>
-
-    <div class="lesson-page-wrapper">
-        <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-        <!-- include content here. Content will be presented via asciidocs files,
-        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
-        <div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro2.adoc"></div>
-    </div>
-
-	<div class="lesson-page-wrapper">
-		<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-		<!-- include content here. Content will be presented via asciidocs files,
-        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
-		<div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntro3.adoc"></div>
-	</div>
-
-    <div class="lesson-page-wrapper">
-        <!-- stripped down without extra comments -->
-        <div class="adoc-content" th:replace="doc:HttpBasics_ProxyIntercept.adoc"></div>
-        <div class="attack-container">
-            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-            <form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
-                  method="POST"
-                  action="/WebGoat/HttpBasics/intercept-request">
-
-                <input type="text" value="doesn't matter really" name="changeMe" />
-                <input type="submit" value="Submit" />
-
-            </form>
-            <div class="attack-feedback"></div>
-            <div class="attack-output"></div>
-        </div>
-    </div>
-</html>
\ No newline at end of file
diff --git a/webgoat-lessons/command-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/command-injection/src/main/resources/i18n/WebGoatLabels.properties
deleted file mode 100644
index 2140e3ed4..000000000
--- a/webgoat-lessons/command-injection/src/main/resources/i18n/WebGoatLabels.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-http-proxies.title=HTTP Proxies
-
-http-proxies.intercept.success=Well done, you tampered the request as expected
-http-proxies.intercept.failure=Please try again. Make sure to make all the changes. And case sensitivity may matter ... or not, you never know!
\ No newline at end of file
diff --git a/webgoat-lessons/command-injection/src/main/resources/lessonPlans/en/CommandInjection1.adoc b/webgoat-lessons/command-injection/src/main/resources/lessonPlans/en/CommandInjection1.adoc
deleted file mode 100644
index ce6d3f4b2..000000000
--- a/webgoat-lessons/command-injection/src/main/resources/lessonPlans/en/CommandInjection1.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-
-== HTTP Proxy Overview
-
-Many times proxies are used as a way of accessing otherwise blocked content.  A user might connect to server A, which relays content from server B
- ... Because Server B is blocked within the user's network. That's not the use case we will be dealing with here, but the concept is the same.
-HTTP Proxies receive requests from a client and relay them. They also typically record them. They act as a man-in-the-middle (keep that in mind if you decide to
-use a proxy server to connect to some other system that is otherwise blocked). We won't get into HTTP vs HTTPS just yet, but that's an important topic in
-relationship to proxies.
-
-=== Proxy Capabilities
-
-Proxies sit between your client and the server the client is talking to. You can record and analyze the requests & responses.  You can also use the proxy to
-modify (tamper) the requests and responses.  Proxies also have automated or semi-automated functions that allow  you to gain efficiency in testing and
-analyzing the security of a website.
-
-=== Other Uses for Proxies
-
-ZAP specifically can also be used in the development process in a CI/CD, DevOps or otherwise automated build/test environment.  This lesson does
-not currently have any details on that, but it is worth mentioning. There are a number of examples on the internet of it being integrated into a
-CI/CD with Jenkins, Maven or other build processes.
\ No newline at end of file
diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
index 389d6df81..3d435e994 100644
--- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
+++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
@@ -31,9 +31,13 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
+import java.nio.charset.StandardCharsets;
 
 
 @RestController
@@ -47,41 +51,31 @@ public class SSRFTask2 extends AssignmentEndpoint {
     }
 
     protected AttackResult furBall(String url) {
-        try {
-            StringBuffer html = new StringBuffer();
-
-            if (url.matches("http://ifconfig.pro")) {
-                try {
-                URL u = new URL(url);
-                URLConnection urlConnection = u.openConnection();
-                BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
-                String inputLine;
-
-                while ((inputLine = in.readLine()) != null) {
-                    html.append(inputLine);
-                }
-                in.close();
-                } catch (Exception e) {
-                    //in case the external site is down, the test and lesson should still be ok
-                    html.append("<html><body>Altough the http://ifconfig.pro site is down, you still managed to solve this exercise the right way!</body></html>");
-                }
-
-                return success(this)
-                        .feedback("ssrf.success")
-                        .output(html.toString())
-                        .build();
-            } else {
-                html.append("<img class=\"image\" alt=\"image post\" src=\"images/cat.jpg\">");
-                return failed(this)
-                        .feedback("ssrf.failure")
-                        .output(html.toString())
-                        .build();
+        if (url.matches("http://ifconfig.pro")) {
+            String html;
+            try (InputStream in = new URL(url).openStream()) {
+                html = new String(in.readAllBytes(), StandardCharsets.UTF_8)
+                        .replaceAll("\n","<br>"); // Otherwise the \n gets escaped in the response
+            } catch (MalformedURLException e) {
+                return getFailedResult(e.getMessage());
+            } catch (IOException e) {
+                //in case the external site is down, the test and lesson should still be ok
+                html = "<html><body>Although the http://ifconfig.pro site is down, you still managed to solve" +
+                        " this exercise the right way!</body></html>";
             }
-        } catch (Exception e) {
-            e.printStackTrace();
-            return failed(this)
-                    .output(e.getMessage())
+            return success(this)
+                    .feedback("ssrf.success")
+                    .output(html)
                     .build();
         }
+        var html = "<img class=\"image\" alt=\"image post\" src=\"images/cat.jpg\">";
+        return getFailedResult(html);
+    }
+
+    private AttackResult getFailedResult(String errorMsg) {
+        return failed(this)
+                .feedback("ssrf.failure")
+                .output(errorMsg)
+                .build();
     }
 }
diff --git a/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html b/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
index fe2cba273..c04edf620 100755
--- a/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
+++ b/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
@@ -15,7 +15,7 @@
                   action="/WebGoat/SSRF/task1">
                 <table>
                     <tr>
-                        <td><input type="hidden" id="url" name="url" value="images/tom.png"/></td>
+                        <td><input type="hidden" id="url1" name="url" value="images/tom.png"/></td>
 
                         <td><input
                                 name="Steal the Cheese" value="Steal the Cheese" type="SUBMIT"/></td>
@@ -37,7 +37,7 @@
                   action="/WebGoat/SSRF/task2">
                 <table>
                     <tr>
-                        <td><input type="hidden" id="url" name="url" value="images/cat.png"/></td>
+                        <td><input type="hidden" id="url2" name="url" value="images/cat.png"/></td>
 
                         <td><input
                                 name="try this" value="try this" type="SUBMIT"/></td>
diff --git a/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc b/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc
index 444f6baf0..fae8fc34b 100755
--- a/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc
+++ b/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc
@@ -1,2 +1,2 @@
 === Find and modify the request to display Jerry 
-lick the button and figure out what happened.
+Click the button and figure out what happened.
diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
index 99a14aa1c..7123aff68 100644
--- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
+++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
@@ -26,7 +26,7 @@ public class SSRFTest1 extends LessonTest {
     private SSRF ssrf;
 
     @Before
-    public void setup() throws Exception {
+    public void setup() {
         when(webSession.getCurrentLesson()).thenReturn(ssrf);
         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
     }
diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
index 2625212b7..f1556605d 100644
--- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
+++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
@@ -48,7 +48,7 @@ public class SSRFTest2 extends LessonTest {
     private SSRF ssrf;
 
     @Before
-    public void setup() throws Exception {
+    public void setup() {
         when(webSession.getCurrentLesson()).thenReturn(ssrf);
         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
     }