dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add hints

Browse Source
This commit is contained in:
Àngel Ollé Blázquez 2023-06-15 18:41:45 +02:00
parent 76a2365abf
commit 75398feca0
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java
View File

@ -15,7 +15,8 @@
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* *
* Getting Source ============== * Getting Source
* ==============
* *
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */

16
src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java
View File

@ -15,18 +15,19 @@
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* *
* Getting Source ============== * Getting Source
* ==============
* *
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.spoofcookie; package org.owasp.webgoat.lessons.spoofcookie;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Map; import java.util.Map;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint; import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult; import org.owasp.webgoat.container.assignments.AttackResult;
import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec; import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec;
import org.springframework.web.bind.UnsatisfiedServletRequestParameterException; import org.springframework.web.bind.UnsatisfiedServletRequestParameterException;
@ -38,12 +39,21 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
/*** /***
* *
* @author Angel Olle Blazquez * @author Angel Olle Blazquez
* *
*/ */
@AssignmentHints({
"spoofcookie.hint1",
"spoofcookie.hint2",
"spoofcookie.hint3"
})
@RestController @RestController
public class SpoofCookieAssignment extends AssignmentEndpoint { public class SpoofCookieAssignment extends AssignmentEndpoint {

4
src/main/resources/lessons/spoofcookie/i18n/WebGoatLabels.properties
View File

@ -5,3 +5,7 @@ spoofcookie.login=Logged in using credentials. Cookie created, see below.
spoofcookie.cookie-login=Logged in using cookie. spoofcookie.cookie-login=Logged in using cookie.
spoofcookie.wrong-cookie=Wrong cookie sent. spoofcookie.wrong-cookie=Wrong cookie sent.
spoofcookie.cheating=Don't cheat! spoofcookie.cheating=Don't cheat!
spoofcookie.hint1=Investigate thoroughly how the cookie in this lesson is structured and try to draw conclusions about its encoding and content.
spoofcookie.hint2=We need to deduce how the cookie value is formed. Can we deduce it? Is it possible to create a non-legitimate cookie?
spoofcookie.hint3=Build a non-legitimate cookie and load it into the browser.