Add hints

2023-06-15 18:41:45 +02:00 · 2023-06-15 18:41:45 +02:00 · 75398feca0
commit 75398feca0
parent 76a2365abf
3 changed files with 19 additions and 4 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
+++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
@ -15,7 +15,8 @@
 * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 *
- * Getting Source ==============
+ * Getting Source
+ * ==============
 *
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
 */
--- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java
@ -15,18 +15,19 @@
 * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 *
- * Getting Source ==============
+ * Getting Source
+ * ==============
 *
 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
 */

 package org.owasp.webgoat.lessons.spoofcookie;

-import jakarta.servlet.http.Cookie;
-import jakarta.servlet.http.HttpServletResponse;
 import java.util.Map;
+
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.container.assignments.AssignmentHints;
 import org.owasp.webgoat.container.assignments.AttackResult;
 import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec;
 import org.springframework.web.bind.UnsatisfiedServletRequestParameterException;
@ -38,12 +39,21 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+
 /***
 *
 * @author Angel Olle Blazquez
 *
 */

+@AssignmentHints({
+    "spoofcookie.hint1",
+    "spoofcookie.hint2",
+    "spoofcookie.hint3"
+})
+
@RestController
 public class SpoofCookieAssignment extends AssignmentEndpoint {

--- a/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties
+++ b/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties
@ -5,3 +5,7 @@ spoofcookie.login=Logged in using credentials. Cookie created, see below.
 spoofcookie.cookie-login=Logged in using cookie.
 spoofcookie.wrong-cookie=Wrong cookie sent.
 spoofcookie.cheating=Don't cheat!
+
+spoofcookie.hint1=Investigate thoroughly how the cookie in this lesson is structured and try to draw conclusions about its encoding and content.
+spoofcookie.hint2=We need to deduce how the cookie value is formed. Can we deduce it? Is it possible to create a non-legitimate cookie?
+spoofcookie.hint3=Build a non-legitimate cookie and load it into the browser.