dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session Fixation

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@306 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel 2008-04-09 11:51:04 +00:00
parent ee6d8ad2d5
commit c4092d2669
1 changed files with 561 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

825
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
View File

@ -1,31 +1,76 @@
package org.owasp.webgoat.lessons;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.B;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Form;
import org.apache.ecs.html.H2;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.apache.ecs.xhtml.style;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.WebSession;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Reto Lippuner, Marcel Wirth
* @created April 8, 2008
*/
public class SessionFixation extends SequentialLessonAdapter
{
private String LoggedInUser = "";
private final String mailTo = "jane.plane@owasp.org";
private final String mailFrom = "admin@webgoatfinancial.com";
private final String mailTitel = "Check your account";
private final String MAILCONTENTNAME = "mailname";
private final String MAILCONTENTNAME = "mailContent";
private final static String USER = "user";
private final static String PASSWORD = "pass";
private final static String LOGGEDIN = "loggedin";
private final static String LOGGEDINUSER = "loggedInUser";
private final static Random random = new Random(System.currentTimeMillis());
private String sid = "";
/**
* Creates Staged WebContent
@ -34,6 +79,76 @@ public class SessionFixation extends SequentialLessonAdapter
*/
protected Element createContent(WebSession s)
{
String sid = s.getParser().getStringParameter("SID","");
if (!sid.equals(""))
{
this.sid = sid;
}
if(!s.getParser().getStringParameter("Restart", "").equals(""))
{
s.add(LOGGEDIN, "false");
s.add("SID","");
this.sid = "";
}
if (getLessonTracker(s).getStage() == 3)
{
s.add("SID", sid);
if (!sid.equals(""))
{
s.add("SID", sid);
}
else
{
String randomSid = randomSIDGenerator();
s.add("SID", randomSid);
this.sid = randomSid;
System.out.println("RANDOMSID " + randomSid);
}
String name = s.getParser().getStringParameter(USER, "");
String password = s.getParser().getStringParameter(PASSWORD, "");
if(correctLogin(name, password, s))
{
getLessonTracker(s).setStage(4);
s.setMessage("You completed stage 3!");
}
}
if(getLessonTracker(s).getStage() == 4)
{
if (sid.equals(""))
{
String randomSid = randomSIDGenerator();
this.sid = randomSid;
}
}
if (getLessonTracker(s).getStage() == 2)
{
if (!sid.equals(""))
{
System.out.println("MySid: " + sid);
s.add("SID", sid);
getLessonTracker(s).setStage(3);
s.setMessage("You completed stage 2!");
}
else
{
createStage2Content(s);
}
}
String mailContent = s.getParser().getRawParameter(MAILCONTENTNAME, "");
if (!mailContent.equals(""))
{
s.add(MAILCONTENTNAME, mailContent);
}
if (mailContent.contains(getLink()+"&SID=") && getLessonTracker(s).getStage() == 1)
{
getLessonTracker(s).setStage(2);
s.setMessage("You completed stage 1!");
}
return super.createStagedContent(s);
}
@ -44,30 +159,79 @@ public class SessionFixation extends SequentialLessonAdapter
*/
protected ElementContainer doStage1(WebSession s)
{
ElementContainer ec = new ElementContainer();
String mailContent = s.getParser().getStringParameter(MAILCONTENTNAME, "");
if (mailContent.contains("SSID"))
{
// ec.addElement(mailContent);
return ec;
}
ec.addElement(createStage1Content(s));
return ec;
}
@Override
public String getHint(WebSession s, int hintNumber)
{
// TODO Auto-generated method stub
return super.getHint(s, hintNumber);
}
@Override
protected Element doStage2(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(createStage2Content(s));
return ec;
}
private Element createStage2Content(WebSession s)
{
ElementContainer ec = new ElementContainer();
String mailContent = (String) s.get(MAILCONTENTNAME);
ec.addElement(mailContent);
return ec;
}
@Override
protected Element doStage3(WebSession s) throws Exception
{
return createStage3Content(s);
}
@Override
protected Element doStage4(WebSession s) throws Exception
{
return createStage4Content(s);
}
private Element createStage3Content(WebSession s)
{
return createMainLoginContent(s);
}
private Element createStage4Content(WebSession s)
{
ElementContainer ec = new ElementContainer();
ec.addElement("Hello Hacker");
return ec;
//return createMainLoginContent(s);
}
private Element createStage1Content(WebSession s)
{
String link = getLink();
String mailText = "Dear MS. Plane <br><br>" + "During the last week we had a few problems with our servers. "
String mailText = "<b>Dear MS. Plane</b> <br><br>"
+ "During the last week we had a few problems with our database. "
+ "A lot of people complained that there account details are wrong. "
+ "That is why we kindly ask you to use following link to verify your "
+ "data:<br><br><center><a href=" + link + "&XXXX=YYYYYYYY> WebGoat Financial</a></center><br><br>"
+ "data:<br><br><center><a href="
+ link
+ "> Goat Hills Financial</a></center><br><br>"
+ "We are sorry for the caused inconvenience and thank you for your colaboration.<br><br>"
+ "Your WebGoat Financial Team";
+ "<b>Your Goat Hills Financial Team</b><center> <br><br><img src='images/WebGoatFinancial/banklogo.jpg'></center>";
ElementContainer ec = new ElementContainer();
Table table = new Table();
@ -128,8 +292,8 @@ public class SessionFixation extends SequentialLessonAdapter
td6.addElement(titleField);
TextArea mailContent = new TextArea();
mailContent.addAttribute("cols", 50);
mailContent.addAttribute("rows", 10);
mailContent.addAttribute("cols", 60);
mailContent.addAttribute("rows", 9);
mailContent.addElement(mailText);
mailContent.setName(MAILCONTENTNAME);
td7.addElement(mailContent);
@ -145,262 +309,332 @@ public class SessionFixation extends SequentialLessonAdapter
* @param s
* @return Element
*/
protected Element createMainContent(WebSession s)
protected Element createMainLoginContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
try
{
style sty = new style();
// try
// {
//
//
// style sty = new style();
//
// sty.addElement("#lesson_wrapper {height: 435px;width: 500px;}#lesson_header
// {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width:
// 490px;padding-right: 10px;padding-top: 60px;background-repeat:
// no-repeat;}.lesson_workspace {background-image:
// url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height:
// 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;} .lesson_text
// {height: 240px;width: 460px;padding-top: 5px;} #lesson_buttons_bottom {height:
// 20px;width: 460px;} #lesson_b_b_left {width: 300px;float: left;} #lesson_b_b_right input
// {width: 100px;float: right;} .lesson_title_box {height: 20px;width: 420px;padding-left:
// 30px;} .lesson_workspace { } .lesson_txt_10 {font-family: Arial, Helvetica,
// sans-serif;font-size: 10px;} .lesson_text_db {color: #0066FF} #lesson_login
// {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height:
// 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left:
// 80px;margin-top: 50px;text-align: center;} #lesson_login_txt {font-family: Arial,
// Helvetica, sans-serif;font-size: 12px;text-align: center;} #lesson_search
// {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height:
// 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left:
// 80px;margin-top: 50px;text-align: center;}");
// ec.addElement(sty);
//
// Div wrapperDiv = new Div();
// wrapperDiv.setID("lesson_wrapper");
//
// Div headerDiv = new Div();
// headerDiv.setID("lesson_header");
//
// Div workspaceDiv = new Div();
// workspaceDiv.setClass("lesson_workspace");
//
// wrapperDiv.addElement(headerDiv);
// wrapperDiv.addElement(workspaceDiv);
//
// ec.addElement(wrapperDiv);
//
// workspaceDiv.addElement(createWorkspaceContent(s));
//
// } catch (Exception e)
// {
// s.setMessage("Error generating " + this.getClass().getName());
// e.printStackTrace();
// }
sty
.addElement("#lesson_wrapper {height: 435px;width: "
+ "500px;}#lesson_header {background-image: "
+ "url(lessons/DBSQLInjection/images/lesson1_header.jpg);width:"
+ " 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}.lesson_workspace "
+ "{background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: "
+ "325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;} "
+ ".lesson_text {height: 240px;width: 460px;padding-top: 5px;} "
+ "#lesson_buttons_bottom {height: 20px;width: 460px;} "
+ "#lesson_b_b_left {width: 300px;float: left;} "
+ "#lesson_b_b_right input {width: 100px;float: right;} "
+ ".lesson_title_box {height: 20px;width: 420px;padding-left: 30px;} "
+ ".lesson_workspace { } "
+ ".lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;} "
+ ".lesson_text_db {color: #0066FF} "
+ "#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: "
+ "124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top:"
+ " 50px;text-align: center;} #lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: "
+ "12px;text-align: center;} #lesson_search {background-image: "
+ "url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: "
+ "no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}");
ec.addElement(sty);
Div wrapperDiv = new Div();
wrapperDiv.setID("lesson_wrapper");
Div headerDiv = new Div();
headerDiv.setID("lesson_header");
Div workspaceDiv = new Div();
workspaceDiv.setClass("lesson_workspace");
wrapperDiv.addElement(headerDiv);
wrapperDiv.addElement(workspaceDiv);
ec.addElement(wrapperDiv);
workspaceDiv.addElement(createWorkspaceContent(s));
} catch (Exception e)
{
s.setMessage("Error generating " + this.getClass().getName());
e.printStackTrace();
}
return (ec);
}
// /**
// * Creation of the content of the workspace
// * @param s
// * @return Element
// */
// private Element createWorkspaceContent(WebSession s)
// {
//
//
// ElementContainer ec = new ElementContainer();
//
// return ec;
// }
/**
* Creation of the content of the workspace
*
* @param s
* @return Element
*/
private Element createWorkspaceContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
String name = s.getParser().getStringParameter(USER, "");
String password = s.getParser().getStringParameter(PASSWORD, "");
try
{
// Logout Button is pressed
if (s.getParser().getRawParameter("logout", "").equals("true"))
{
s.add(LOGGEDIN, "false");
s.add("SID","");
this.sid = "";
// /**
// * Create content for logging in
// * @param ec
// */
// private void createLogInContent(ElementContainer ec, String errorMessage) {
// Div loginDiv = new Div();
// loginDiv.setID("lesson_login");
//
// Table table = new Table();
// //table.setStyle(tableStyle);
// table.addAttribute("align='center'", 0);
// TR tr1 = new TR();
// TD td1 = new TD();
// TD td2 = new TD();
// td1.addElement(new StringElement("Enter your name: "));
// td2.addElement(new Input(Input.TEXT, USER));
// tr1.addElement(td1);
// tr1.addElement(td2);
//
// TR tr2 = new TR();
// TD td3 = new TD();
// TD td4 = new TD();
// td3.addElement(new StringElement("Enter your password: "));
// td4.addElement(new Input(Input.PASSWORD, PASSWORD));
// tr2.addElement(td3);
// tr2.addElement(td4);
//
//
// TR tr3 = new TR();
// TD td5 = new TD();
// td5.setColSpan(2);
// td5.setAlign("center");
//
// td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
// tr3.addElement(td5);
//
// table.addElement(tr1);
// table.addElement(tr2);
// table.addElement(tr3);
// loginDiv.addElement(table);
// ec.addElement(loginDiv);
//
// H2 errorTag = new H2(errorMessage);
// errorTag.addAttribute("align", "center");
// errorTag.addAttribute("class", "info");
// ec.addElement(errorTag);
//
//
// }
}
if (correctLogin(name, password, s))
{
s.add(LOGGEDINUSER, name);
s.add(LOGGEDIN, "true");
createSuccessfulLoginContent(s, ec);
}
else if (sid.equals(s.get("SID")) && s.get(LOGGEDIN).equals("true"))
{
createSuccessfulLoginContent(s, ec);
}
else
{
createLogInContent(ec, "");
}
} catch (Exception e)
{
createLogInContent(ec, "");
}
// /**
// * Create content after a successful login
// * @param s
// * @param ec
// */
// private void createSuccessfulLoginContent(WebSession s,
// ElementContainer ec) {
//
// String userDataStyle = "margin-top:50px;";
//
// Div userDataDiv = new Div();
// userDataDiv.setStyle(userDataStyle);
// userDataDiv.addAttribute("align", "center");
// Table table = new Table();
// table.addAttribute("cellspacing", 10);
// table.addAttribute("cellpadding", 5);
//
// table.addAttribute("align", "center");
// TR tr1 =new TR();
// TR tr2 = new TR();
// TR tr3 = new TR();
// TR tr4 = new TR();
// tr1.addElement(new TD("<b>Firstname:</b>"));
// tr1.addElement(new TD(LoggedInUser));
//
// try
// {
// ResultSet results = getUser(LoggedInUser, s);
// results.first();
//
// tr2.addElement(new TD("<b>Lastname:</b>"));
// tr2.addElement(new TD(results.getString("last_name")));
//
// tr3.addElement(new TD("<b>Credit Card Type:</b>"));
// tr3.addElement(new TD(results.getString("cc_type")));
//
// tr4.addElement(new TD("<b>Credit Card Number:</b>"));
// tr4.addElement(new TD(results.getString("cc_number")));
//
//
// }
//
// catch (Exception e)
// {
// e.printStackTrace();
// }
// table.addElement(tr1);
// table.addElement(tr2);
// table.addElement(tr3);
// table.addElement(tr4);
//
// userDataDiv.addElement(table);
// ec.addElement(userDataDiv);
// ec.addElement(createLogoutLink());
// }
return ec;
}
// /**
// * Create a link for logging out
// * @return Element
// */
// private Element createLogoutLink()
// {
// A logoutLink = new A();
// logoutLink.addAttribute("href", getLink() + "&logout=true");
// logoutLink.addElement("Logout");
//
// String logoutStyle = "margin-right:50px; mrgin-top:30px";
// Div logoutDiv = new Div();
// logoutDiv.addAttribute("align", "right");
// logoutDiv.addElement(logoutLink);
// logoutDiv.setStyle(logoutStyle);
//
// return logoutDiv;
// }
/**
* See if the user has logged in correctly
*
* @param s
* @return true if loggedIn
*/
private boolean loggedIn(WebSession s)
{
try
{
return s.get(LOGGEDIN).equals("true");
} catch (Exception e)
{
return false;
}
}
// /**
// * Get a user by its name
// * @param user
// * @param s
// * @return ResultSet containing the user
// */
// private ResultSet getUser(String user, WebSession s)
// {
// try {
// Connection connection = DatabaseUtilities.getConnection(s);
// String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
// PreparedStatement prepStatement =connection.prepareStatement(query,
// ResultSet.TYPE_SCROLL_INSENSITIVE,
// ResultSet.CONCUR_READ_ONLY);
// prepStatement.setString(1, user);
//
//
// ResultSet results = prepStatement.executeQuery();
//
// return results;
//
// } catch (Exception e) {
// e.printStackTrace();
// }
// return null;
//
// }
/**
* See if the password and corresponding user is valid
*
* @param userName
* @param password
* @param s
* @return true if the password was correct
*/
private boolean correctLogin(String userName, String password, WebSession s)
{
try
{
Connection connection = DatabaseUtilities.getConnection(s);
String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
prepStatement.setString(1, userName);
prepStatement.setString(2, password);
// /**
// * See if the password and corresponding user is valid
// * @param userName
// * @param password
// * @param s
// * @return true if the password was correct
// */
// private boolean correctLogin(String userName, String password, WebSession s)
// {
// try {
// Connection connection = DatabaseUtilities.getConnection(s);
// String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
// PreparedStatement prepStatement =connection.prepareStatement(query,
// ResultSet.TYPE_SCROLL_INSENSITIVE,
// ResultSet.CONCUR_READ_ONLY);
// prepStatement.setString(1, userName);
// prepStatement.setString(2, password);
//
// ResultSet results = prepStatement.executeQuery();
//
// if ((results != null) && (results.first() == true))
// {
//
// return true;
//
// }
//
// } catch (Exception e) {
// e.printStackTrace();
// }
//
// return false;
//
// }
ResultSet results = prepStatement.executeQuery();
if ((results != null) && (results.first() == true)) {
return true;
}
} catch (Exception e)
{
e.printStackTrace();
}
return false;
}
/**
* Create content for logging in
*
* @param ec
*/
private void createLogInContent(ElementContainer ec, String errorMessage)
{
Div loginDiv = new Div();
loginDiv.setID("lesson_login");
Table table = new Table();
// table.setStyle(tableStyle);
table.addAttribute("align='center'", 0);
TR tr1 = new TR();
TD td1 = new TD();
TD td2 = new TD();
td1.addElement(new StringElement("Enter your name: "));
td2.addElement(new Input(Input.TEXT, USER));
tr1.addElement(td1);
tr1.addElement(td2);
TR tr2 = new TR();
TD td3 = new TD();
TD td4 = new TD();
td3.addElement(new StringElement("Enter your password: "));
td4.addElement(new Input(Input.PASSWORD, PASSWORD));
tr2.addElement(td3);
tr2.addElement(td4);
TR tr3 = new TR();
TD td5 = new TD();
td5.setColSpan(2);
td5.setAlign("center");
td5.addElement(new Input(Input.SUBMIT, "Submit", "Login"));
tr3.addElement(td5);
table.addElement(tr1);
table.addElement(tr2);
table.addElement(tr3);
loginDiv.addElement(table);
ec.addElement(loginDiv);
H2 errorTag = new H2(errorMessage);
errorTag.addAttribute("align", "center");
errorTag.addAttribute("class", "info");
ec.addElement(errorTag);
}
/**
* Create content after a successful login
*
* @param s
* @param ec
*/
private void createSuccessfulLoginContent(WebSession s, ElementContainer ec)
{
String userDataStyle = "margin-top:50px;";
Div userDataDiv = new Div();
userDataDiv.setStyle(userDataStyle);
userDataDiv.addAttribute("align", "center");
Table table = new Table();
table.addAttribute("cellspacing", 10);
table.addAttribute("cellpadding", 5);
table.addAttribute("align", "center");
TR tr1 = new TR();
TR tr2 = new TR();
TR tr3 = new TR();
TR tr4 = new TR();
tr1.addElement(new TD("<b>Firstname:</b>"));
tr1.addElement(new TD(getLoggedInUser(s)));
try
{
ResultSet results = getUser(getLoggedInUser(s), s);
results.first();
tr2.addElement(new TD("<b>Lastname:</b>"));
tr2.addElement(new TD(results.getString("last_name")));
tr3.addElement(new TD("<b>Credit Card Type:</b>"));
tr3.addElement(new TD(results.getString("cc_type")));
tr4.addElement(new TD("<b>Credit Card Number:</b>"));
tr4.addElement(new TD(results.getString("cc_number")));
}
catch (Exception e)
{
e.printStackTrace();
}
table.addElement(tr1);
table.addElement(tr2);
table.addElement(tr3);
table.addElement(tr4);
userDataDiv.addElement(table);
ec.addElement(userDataDiv);
ec.addElement(createLogoutLink());
}
/**
* Create a link for logging out
*
* @return Element
*/
private Element createLogoutLink()
{
A logoutLink = new A();
logoutLink.addAttribute("href", getLink() + "&logout=true");
logoutLink.addElement("Logout");
String logoutStyle = "margin-right:50px; mrgin-top:30px";
Div logoutDiv = new Div();
logoutDiv.addAttribute("align", "right");
logoutDiv.addElement(logoutLink);
logoutDiv.setStyle(logoutStyle);
return logoutDiv;
}
/**
* Get a user by its name
*
* @param user
* @param s
* @return ResultSet containing the user
*/
private ResultSet getUser(String user, WebSession s)
{
try
{
Connection connection = DatabaseUtilities.getConnection(s);
String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
prepStatement.setString(1, user);
ResultSet results = prepStatement.executeQuery();
return results;
} catch (Exception e)
{
e.printStackTrace();
}
return null;
}
/**
* Get the logged in user
*
* @param s
* @return the logged in user
*/
private String getLoggedInUser(WebSession s)
{
try
{
String user = (String) s.get(LOGGEDINUSER);
return user;
} catch (Exception e)
{
return "";
}
}
/**
* Get the category
@ -421,9 +655,13 @@ public class SessionFixation extends SequentialLessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add("Stage 1: Just do a regular login");
hints.add("Stage 2: How does the server know which TAN has to be used");
hints.add("Stage 2: Maybe taking a look at the source code helps");
hints.add("Stage 1: Where is the link in the mail?");
hints.add("Stage 1: Add a SID to the link");
hints.add("Stage 1: A SID could looke something like this: SID=Whatever");
hints.add("Stage 1: Alter the link in the mail to: href=" + getLink() + "&SID=Whatever");
hints.add("Stage 2: Click on the link!");
hints.add("Stage 3: Log in as Jane with user name jane and password tarzan.");
hints.add("Stage 2: Watch out for hidden fields");
hints.add("Stage 2: Manipulate the hidden field 'hidden_tan'");
@ -436,7 +674,32 @@ public class SessionFixation extends SequentialLessonAdapter
*/
public String getInstructions(WebSession s)
{
String instructions = "Stub";
int stage = getLessonTracker(s).getStage();
String instructions = "STAGE " +stage+": ";
if(stage == 1)
{
instructions += "You are Hacker Joe and " +
"you want to steal the session from Jane. " +
"That is why you have to send a phishing mail " +
"to her. The mail is already prepared. Only " +
"thing missing is a Session ID (SID) in the Link. Alter " +
"the link to include a SID.<br><br><b>You are: Hacker Joe</b>";
}
else if (stage == 2)
{
instructions += "Now you are the victim Jane who received the mail you see. " +
"If you point on the link with your mouse you will see that there is a SID included." +
"Click on it to see what happens.<br><br><b>You are: Victim Jane</b> ";
}
else if (stage == 3)
{
instructions += "As the bank kindly asked to verfy your data you have to log in to see if your details are " +
"correct ;). Your user name is Jane and your password is tarzan. <br><br><b>You are: Victim Jane</b> ";
}
else if (stage == 4)
{
instructions += "It is time to steal the session. <br><br><b>You are: Hacker Joe</b> ";
}
return (instructions);
}
@ -458,5 +721,39 @@ public class SessionFixation extends SequentialLessonAdapter
{
return ("Session Fixation");
}
@Override
public void handleRequest(WebSession s)
{
Form form = new Form();
form.addElement(createContent(s));
form.setAction(getFormAction());
form.setMethod(Form.POST);
form.setName("form");
form.setEncType("");
setContent(form);
}
@Override
public String getLink()
{
if(sid.equals(""))
{
return super.getLink();
}
return super.getLink() + "&SID=" + sid;
}
private String randomSIDGenerator()
{
String sid = "";
sid = String.valueOf(Math.abs(random.nextInt()%100000));
return sid;
}
}