Added Hints for second Assignment in Chrome DevTools

webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/plugin/NetworkLesson.java

@@ -1,6 +1,7 @@
 package org.owasp.webgoat.plugin;
 
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -11,6 +12,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import java.io.IOException;
 
 @AssignmentPath("/ChromeDevTools/network")
+@AssignmentHints({"networkHint1", "networkHint2"})
 public class NetworkLesson extends AssignmentEndpoint {
 
   @RequestMapping(method = RequestMethod.POST)

webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html

@@ -35,16 +35,9 @@
 </div>
 
 <div class="lesson-page-wrapper">
-    <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
-    <!-- include content here. Content will be presented via asciidocs files,
-    which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
     <div class="adoc-content" th:replace="doc:ChromeDevTools_Assignment_Network.adoc"></div>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
-        <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
-        <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
-        <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
               action="/WebGoat/ChromeDevTools/dummy"
@@ -85,36 +78,4 @@
         <div class="attack-output"></div>
     </div>
 </div>
-
-<!--
-<div class="lesson-page-wrapper">
-    <div class="attack-container">
-        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <form class="attack-form" accept-charset="UNKNOWN"
-              method="POST" name="form"
-              action="/WebGoat/HttpBasics/attack1"
-              enctype="application/json;charset=UTF-8">
-            <script>
-                console.log("in listener");
-                document.getElementById("butn").addEventListener("click", function() {
-                    document.getElementById("inp").value = Math.random() * 100;
-                });
-            </script>
-            <table>
-                <tr>
-                    <td>Click this Button to make a request</td>
-                    <td><Button id="butn"></Button></td>
-                    <td><input id="inp" name="networkNumber" value="" type="hidden"/><input
-                            name="SUBMIT" value="Go!" type="SUBMIT" /></td>
-                </tr>
-                <tr>
-                    <td>The Network Number is:</td>
-                    <td><input name="number" value="" type="text" /></td>
-                    <td><button type="submit" formaction="/WebGoat/ChromeDevTools/network">Check</button></td>
-                </tr>
-            </table>
-        </form>
-    </div>
-</div>
--->
 </html>

webgoat-lessons/chrome-dev-tools/src/main/resources/i18n/WebGoatLabels.properties

@@ -6,3 +6,6 @@ xss-dom-message-failure=Incorrect.
 network.request=You made a HTTP Request.
 network.success=Correct, Well Done.
 network.failed=That is not correct, try again.
+
+networkHint1=Clear all Requests from the network button, then make the request. The you should be able to figure out, which request holds the data.
+networkHint2=The name of the request is "dummy"