fix: JWT kid/jku lessons (#1949)
* refactor: rewrite hints Use active voice and fix grammar issues. * fix: use Thymeleaf `th:action` * fix: JWT kid/jku lessons Split the JavaScript into two files they pointed to the same URL The JWTs are now valid, they parse successfully. The paths now include `/kid` and `/jku` to make sure the hints match accordingly in the UI. Otherwise `/delete` would pick up both hints from both assignments as the paths overlap. Closes: #1715 * fix: update to latest pre-commit version * fix: increase timeouts for server to start during integration tests
This commit is contained in:
Nanne Baars
GitHub
@ -28,7 +28,7 @@ $(document).ready(initialise);
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
Now suppose you have intercepted the following header:<br/>
|
||||
<div id="basicauthtoken" ></div><br/>
|
||||
<form class="attack-form" method="POST" name="form" action="crypto/encoding/basic-auth">
|
||||
<form class="attack-form" method="POST" name="form" th:action="@{/crypto/encoding/basic-auth}">
|
||||
Then what was the username
|
||||
<input name="answer_user" value="" type="TEXT"/>
|
||||
and what was the password:
|
||||
@ -45,7 +45,7 @@ $(document).ready(initialise);
|
||||
<!-- 3. assignment xor -->
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" method="POST" name="form" action="crypto/encoding/xor">
|
||||
<form class="attack-form" method="POST" name="form" th:action="@{/crypto/encoding/xor}">
|
||||
Suppose you found the database password encoded as {xor}Oz4rPj0+LDovPiwsKDAtOw==<br/>
|
||||
What would be the actual password
|
||||
<input name="answer_pwd1" value="" type="TEXT"/><br/>
|
||||
@ -62,7 +62,7 @@ $(document).ready(initialise);
|
||||
<!-- 4. weak hashing exercise -->
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" method="POST" name="form" action="crypto/hashing">
|
||||
<form class="attack-form" method="POST" name="form" th:action="@{/crypto/hashing}">
|
||||
Which password belongs to this hash: <div id="md5token" ></div>
|
||||
<input name="answer_pwd1" value="" type="TEXT"/><br/>
|
||||
Which password belongs to this hash: <div id="sha256token" ></div>
|
||||
@ -87,7 +87,7 @@ $(document).ready(initialise);
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
Now suppose you have the following private key:<br/>
|
||||
<pre><div id="privatekey" ></div></pre><br/>
|
||||
<form class="attack-form" method="POST" name="form" action="crypto/signing/verify">
|
||||
<form class="attack-form" method="POST" name="form" th:action="@{/crypto/signing/verify}">
|
||||
Then what was the modulus of the public key
|
||||
<input name="modulus" value="" type="TEXT"/>
|
||||
and now provide a signature for us based on that modulus
|
||||
@ -110,7 +110,7 @@ $(document).ready(initialise);
|
||||
<!-- 8. assignment -->
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" method="POST" name="form" action="crypto/secure/defaults">
|
||||
<form class="attack-form" method="POST" name="form" th:action="@{/crypto/secure/defaults}">
|
||||
What is the unencrypted message<br/>
|
||||
<input name="secretText" value="" type="TEXT"/><br/>
|
||||
and what is the name of the file that stored the password <br/>
|
||||
|
||||
Reference in New Issue
Block a user