diff --git a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java index f9552416e..835f0bd0e 100644 --- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java @@ -15,7 +15,8 @@ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * - * Getting Source ============== + * Getting Source + * ============== * * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ diff --git a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java index a943cc7b5..9399dfb1d 100644 --- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java @@ -15,18 +15,19 @@ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * - * Getting Source ============== + * Getting Source + * ============== * * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ package org.owasp.webgoat.lessons.spoofcookie; -import jakarta.servlet.http.Cookie; -import jakarta.servlet.http.HttpServletResponse; import java.util.Map; + import org.apache.commons.lang3.StringUtils; import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; import org.owasp.webgoat.container.assignments.AttackResult; import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec; import org.springframework.web.bind.UnsatisfiedServletRequestParameterException; @@ -38,12 +39,21 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServletResponse; + /*** * * @author Angel Olle Blazquez * */ +@AssignmentHints({ + "spoofcookie.hint1", + "spoofcookie.hint2", + "spoofcookie.hint3" +}) + @RestController public class SpoofCookieAssignment extends AssignmentEndpoint { diff --git a/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties b/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties index 4f4aed4aa..59c955887 100644 --- a/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties +++ b/src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties @@ -5,3 +5,7 @@ spoofcookie.login=Logged in using credentials. Cookie created, see below. spoofcookie.cookie-login=Logged in using cookie. spoofcookie.wrong-cookie=Wrong cookie sent. spoofcookie.cheating=Don't cheat! + +spoofcookie.hint1=Investigate thoroughly how the cookie in this lesson is structured and try to draw conclusions about its encoding and content. +spoofcookie.hint2=We need to deduce how the cookie value is formed. Can we deduce it? Is it possible to create a non-legitimate cookie? +spoofcookie.hint3=Build a non-legitimate cookie and load it into the browser.