dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSS Lesson Modifications (#367)

Browse Source 
* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview
This commit is contained in:
misfir3
2017-07-10 08:33:10 -04:00
committed by GitHub
parent 3ec5b8708e
commit 82ef171a50
59 changed files with 1349 additions and 628 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc
View File

@ -11,7 +11,7 @@ This will send all of your traffic to the proxy. Since we haven't set up a trust
. Click _Settings_
. Select _Manual proxy configuration_
.. input *127.0.0.1* as the Proxy
.. input *8080* as the port
.. input *8090* as the port if running WebGoat locally and you updated ZAP to 8090 (otherwise, use *8080*)
.. check the _Use this proxy server for all protocols_ checkbox
image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesson-image"]
@ -23,7 +23,7 @@ image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesso
. Click the _Change proxy settings_ button
. Select the _proxies_ tab
. Select Web Proxy (HTTP)
. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8080 is what used earlier) in the second box (to the right)
. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8090 if running WebGoat locally, otherwise 8080) in the second box (to the right)
. You may also want to clear the _Bypass proxy settings for these Hosts & Domains_ text input at the bottom, but shouldn't need to
@ -37,6 +37,8 @@ image::images/chrome-manual-proxy-win.png[Chrome Proxy, 394,346,style="lesson-im
(Win config image above)
*Remember*: If running WebGoat locally, you can use ZAP's default port of 8080 instead of 8090 (or whatever number you prefer to use)
=== Other Proxy Configuration Options
If you don't want to manage the proxy manually, there are extensions or plugins that can help you to do so without digging through as much config,