Insecure Deserialization exercise

2018-05-16 17:35:03 +02:00
parent a73bf58d36
commit 84860e65f6
11 changed files with 252 additions and 0 deletions
--- a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Intro.adoc
+++ b/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Intro.adoc
@ -0,0 +1,7 @@
+
+== Concept
+Encryption is a very inportant tool for secure communication. In this lesson, we will find out, why it should always be employed when sending sensitive data.
+
+== Goals
+* The user should have a basic understanding of packet sniffer usage
+* The user will be able to intercept and read an unencrypted requests
--- a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Task.adoc
+++ b/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Task.adoc
@ -0,0 +1,9 @@
+=== Let's try
+Click the "log in" button to send a request containing login credentials of another user.
+
+```
+rO0ABXQAVklmIHlvdSBkZXNlcmlhbGl6ZSBtZSBkb3duLCBJIHNoYWxsIGJlY29tZSBtb3JlIHBvd2VyZnVsIHRoYW4geW91IGNhbiBwb3NzaWJseSBpbWFnaW5l
+```
+
+Then, write these credentials into the appropriate fields and submit to confirm.
+Try using a packet sniffer to intercept the request.