From efe5ca4b4dbaee19d398dfb9ff74c0c9af758ec8 Mon Sep 17 00:00:00 2001 From: Jason White Date: Tue, 9 May 2017 15:07:20 +0100 Subject: [PATCH] http-proxies update for AppSecEU challenge --- .../src/main/resources/html/HttpProxies.html | 2 +- .../images/chrome-manual-proxy-win.png | Bin 0 -> 21890 bytes .../HttpBasics_ProxyIntro1-temp-appseceu.adoc | 8 ++++++++ .../lessonPlans/en/HttpBasics_ProxyIntro1.adoc | 8 -------- .../lessonPlans/en/HttpBasics_ProxyIntro2.adoc | 13 +++++++++++-- ...tercept.adoc => HttpBasics_ProxyIntro4.adoc} | 0 6 files changed, 20 insertions(+), 11 deletions(-) create mode 100644 webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png create mode 100644 webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-temp-appseceu.adoc rename webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/{HttpBasics_ProxyIntercept.adoc => HttpBasics_ProxyIntro4.adoc} (100%) diff --git a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html b/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html index efdfb9e61..595c7f960 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html +++ b/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html @@ -32,7 +32,7 @@
-
+
|XYS-EOoFP;}P7(#r@N1 z8-l$~U*`F{OWZ2oXi!sC*Iv~^gefBFq6rjc`{(LS=ITf)qt*AY)fJho#pb$tQ!3`a z4oAaqi`G(Q^clhSsM3Ed-@hu6oQOB5nK44tLno<7g~SRCVH%<>Pc8h#BSc;!s21Yj zgj{{P<@WhAp6V23CUKp0-nio=mwl%H{xr?MKmU5nz4{G#t-+M=B?b%*bP0h0+@v3Z zzKy{*{xd)${)9#huta@WeD^Na(%jv3np}Tc2K0=#{&L&tGyAUw7#udF1r;JT-&bJa zPiTXbLZY$bzevc1z=0R^CtP?4XnARWNGX5FE4T@T9aclwkBgAgC2^&!``C-+Juheu{P8ZS1ta zHDsQQnI^a$`!VDMsSSJiXqg|l2tF0(iBwC8Wd@=S>nqYPBUAgAUguDH9^>f`m%M6Q zwI~^Y_4hWnt@5v(yzAGtt*^`Xo8>2m4|;bPYcCxY-dbB*p)G_1K`naa(wbk-AH+!V zn>a5smw}I#vjz~@CovQ<>Seci8TV)}x_h1fVeeU?V;C{F8uJ{q`!y~Kj5@t9pyBGN z2RhOP6@R^UuwF2FSIyzq_9(a%v+wdKgauzBPRWNQQ2UiKQ3Qn-MydbE?t4EvaIuAO z%zW2v*?KXD#`ikca&hF>8pyf!LhpN>zHT`5@_adV-yX64ydk)qt^fGlqQ6y>44m-| zEqaShCxtuo{F$$)v~c#g@!86hNp1Qt4Y%#5$M?c21fuRu?If%WNT}J_Zv63M&1jf0 z-gY6$ZWbAt0SNWYzpoAVt(@@Z3JHg@ z#lo&Vj?Zt*JE?E3%eO^R%Dun~a$nMByd>*y&R4!czo)*^`@SyOT>x190y+Kek@>ui zc7G-s^d6zQ8}UKtcrd>Ws8(*DT`ooV7Sv+dM&|LxcVQvmLa9c}n>u=;uQ$CTt*mJO ziUm`U()}`g*_w4-wYP@e)#lDDlRACn+*)n^WvmntLx!I0)2S_5?4CzcHPwT<{Iy^U ztX;$S#=lX?%drOi&gZpTyq5;2b(_OWU$E0FH(Y-~2)$?4m#s+Uhcgtw`s*3J_rr?$ zrR1c3;vL^1|{ymKG^!gtk2ep$PWvvK{v<#`DAOOIYRvkRw89^5{Nb*j5>FEs7< z4?h}RAAB0Gs;L-OJkaD5Fm)eTugkK+{WqGkg)6!oZg7PwJ+Ae` z)s|h+p`qKC*OaokIs>9|E;n<>Rvpwo@*8KW``dr_cAIgWs}yt(odX?pqRO?SX?wg) z$Df_IRxVF|YXrwi`)~%UABQZ7bqI^T$mvQ2FRav0zzK$>~?4*^RZ~o$K6H zKAgtsZ?%2%BTCls%gpb&m4BNFoiCxB!?LEn zBh;`HOetp^3~F)gCuJN9AK&J^>Prk>R<_$%+AL-I)84DLgmv4# zu3ILKM$|-WU!a2rF5a1b8f)4#t^aeMZuQFCEqR<$J*9r%>2W#X>osF*)Y(Y+HQ%14 z-UfBbE$Psz>{{H~(G_g4Jx!t&BGK>}sN|{oC4o&kJ`Vf!m=ko!8rco-Om?QwDO`?(nR;uiKUUP)~kY6e30{%{r@J_FZjJ!+?bnn7ikfr zp5?3|5cV_Y|Bh)MrTN9OxY^Qm*8jyN#e4LI0YyYp;~-?1ANLyHc{7DwWf;ubDTi%?g0njw_}<1`c@IPObzLbKTJO2qr(0HT z`yBaa63!|ic!>s9d2)SDI4Zu)ot~&ZT+PKdPM!(lk^;c5U4L^g<5FufV0a9cbq=7= zL7nkOop&_CXQPdIs;B~|$z{*T$ehdVoh@#7)dX8HnZ@yvBFpcMEn_|1jf^WNq}lP; zFNc}ff;LmR5*Yi9)}F;uCRc+mbn0Wu3l~56x9EQ}IJZOLUq7}R`Y>KV@BPIfy7zWd z%XGud&~$AXbF=Y)iYl%5=fnAJ4-PzQQ1oN^vis#WyUd&an#{iU^S&vwqz-7?wMUu1 ze+?IWt?cL%d>>%ETw;AMj`)Qg;q-0~HTK%WiZCC<3<0a*dsi^}E#)lx86xi)vg2Y# z`USsodtU&>o9~uFV0XX4bqDfcZT7YAm;$|g^X%9GaZ%kSCmJ~A5ZGIDOBtPufS6~X6xRqPY3;7ZvJtWrNef{Ml~vc{Ku zA~iq1hhSPJ`3`hqQC|%d4E57NEUdd2ZmKA9g-am1Z?46_=xt_mUcOT54FK1vlkZ)T z-`hjy-1NmYrSGBh*p*4pp(^I8*r4Oe+vAsq$2Q6fA7wz`6~{L2zGcD93!eK{alHSj zWy{so7b$_q)~$^jy?~wcTcg3-tcu4SPrkoj8odhNc}dJ(n*8W@2(YB9LYm>XioV1K zpOyR$#FKXV$s3ZGq+4t()V?(~@?11IVLD9z>;}b8keyE76>= z-|JmG2*Yl>RB&*ER*(yjuI>X?*k%Rid+|!N9W4JM_S$yQJ(7_fQ^M<&cM!GvYmqj-dgjZq+)F|8v@tH@(P(5LmT+FP*6v&f94aeiokY*d~x z^`dRW8^#E=`S4`s*9mRoGM&1x2Za60Vm;HY(U8G>o4>M|#|EDtTC|zk#`aPh7WsM^ zR=IwsVq1PrM4)EF*`QH@@0$o9$cWkH>*A9`?JQiTO7dFc{%$iCMHH=D(bkvV;aOzw zBay4SxoAB3heStOkF_tcZb~Qm%Ei6YKiu_wop~TOr#u>jz@b{QYFnMgd5|vO?WnW3 zn{^_o1bo+)xh`t-H}gwLQ~aK7Ugl}v1|9fApQYclj;FSYH29KQpvG}|U2^r#Tl(yn`<5o;D*Ae#a-gMV>jUr*ocV{&FZ~E3w?=%=P?tMO zb=Z%ukwOn*E0bGc9B>4_a@N_kimjgfED2z*vU!1Y&u#shn5N-3Y_#{XqM`F$=<1R6 zl3CY`nv$jQx#T)B8$#PuyGT!#;B~A|MUN0>5DD+W~mD zQ{ek_eJgSf+?qtUZBv;5;wnVOu+F%Edz(~7)A19c@$yc|7J+Eab$9fRe!s2P^EZgm z4*trBK=xezN(uBW&!@tj^{u0CdbBdk5)^aBW>Y|Lm5=sccToRV!2hB9b4-cgMu&YYo5n81Q_mo&mAvlo#!xX`$%XOp5R+( zo=S7zBW;|@JrGXr&(oHc4M>uNRNxKe^4Gn z2|(t9P`#q%b>TIy#WJmG->mpL#;Lcv(g5O=24;L!lQ>?uea zA5tEfe?Jy5c(M|@AuNu;dw<^5>uTU9vo+M?!O1{4PWlBs9aU74G|*bm|8U3a|B245P4k;%sJidNIlTg!a6;MrN?Z zh&FJss1nC`oiQ-fRO7-cnhN(NEEmH(?@FVeO0?d~jl8N@aQCX#_@dk`qnsc7AuLD5hM1(&%{mxzdzGk76_%&;T)~?~iEoCLwc}IwBcvALV;5>arZ*YhypB z<9{1PoQ)ohpN;(}e2nzy*icj*#LT|)bkJttvu`#088~?~pQ+3#D~>8C9e96mDv?ix zGh?3>%5*EEjKSRuhLBl(#}5`Lqb(j0sosw=^33HjyvHjpGu++a2i9#SR&Wt@us6bW zaM&O0(R%COPRZi3czycuM73v4H=L6aa?^I8rNh^T_k8jQ{)KT3X;qUmekYTc44GJ= zT@GXQ7vav;WY^f_`J0im6C^~43z+~t`m0%vPX+g2j&MYUJjNFl6-}%zHY&fMc%bBf z1gLJw!X#z=6wND17`Ejr0{?v9JM*hWL-NR`xt_?ZB!=Es z_fvV|#E={}+4UN)ho?A6(8ewz1tJPfHv>iKLd>i3k`Wp+0|+=&{Do#IYiJdq!^l50 zp(0{nG5GG^7N9y7(BNzs{}jUMAU=x5fFX%PZ7Q*WZrC7z<;;r2lK>#4heiqrqd)Db z(?Bn&0o}8s-yDvfCK3~~>`DvJ+D$5T+*aheR-#4ijy5?@CAqnS1_iV~ zrE>MVWklI`)Av<>XjPBs;s#hIw+I*9t37m?B#rY`%4i<5p*#Mi=^yE8MYmr@OIaj4G^si0(;@)uZzaOoHeBd5|9>2#S(m? zd$v@_nS)k#lOd z(VaAwL4yDt1Vr|n4<|bMeIy>Zw%0_G#@J2uCIH%ilnL{ZFO+c+pz2L2&to;PKaw$Dtgra*7yK< zpegh0beOkX@oGO~BdqdwJ2VPsy?HjQIl7`zE6YxkZ#^J3;n}OO155bHl7QfjI~q`l zY|9?r;h5M};Z=#Dj^9ylaB=7OMa@++^D?}>K6>x|`)stbYxdnIlyx7;g!6FQW~T_4X0HAi(XBzw+-t(LzGE_(ZM(7l8>{5GcQr|x zk-z?`u!^XemrXXf-%BquKqec9qN~5{fYS7 ziXZ4LCyUd(_APOjtX)T#of%`xb;_39Dw((ERiz^CaVR!eHMnUc^Q`Szyux8&B{pLu zA4B!1xGcB1ccNSZnworI>tZQ%B5&Y{IVA~M1b(RY)jtXHZg6@LpVlh!uZZavN2e-B zQErSpe}Y0PZf3;dNioj2;Y7n03ruZHK^KT+Yky>4mSF-l6>h9zb43q&g$c)DE#guU z+xcDv{Irze<=rs{!Nav|=d<3Nl;0Egy;t%`JFZRf?ty2Hg0lGg*UUF6mEBXpxw71Lmj(cZxV8g6nzW%xk69k zjjmXBJo<``jZ7Zlsr(GS``)qvgd@@jq3cFg_3*pNC16^BK*zIvnc*ezSWpi92xHE~ z%^FhCs(WVE0~Z?My0~jA)Q6Bz2^_lz{77NS2&G>#Zz}Ili+-4`N7}w?Q%!B1=Wxg! z)W>n8W(7QrFxy5}!DavP1&sAL$FdpO^HLf-lD3I}-&E&^j*##ZJE1+9JFPw3!5Yud zavm)Gp!L~ek3$Npwk;4k3>8qU8mZv3LwJDWJ>4_udE*pQWsgNWpJLv?CO}&J>Rg%qj ziW)05Ei>5+rKLftJcf!JWXkh<5g<>UI7LF^w`T zfPxdF-^go`ZpBU&>t|uqwmVVIUY&?@2oo3)g}?L zA$wW*3U*vaeRo<#^`-6Z>A^PT*Y`!roXN9$TbA#@Lbgl75Hw2hsDUG=MmN>oSjh3u z2=r0AVfk1vHFG~5Fqc_%`Dw<{Fso`@{%J3aBfI%x+Um3n?=);=PFm+h|BeZO1y=o`L^^Hj7jR+nttujM|z zY18oaOUJLfEnP@C#*)H>3r*Q6RgCQCyx>Y(-*67krH+DY8)cW)g@SMxMoZ}&ilFX> z&UOUHFVz!Cw}FHD#1o!B#2Lv`Zr>!b!yCB6X_A2BOK&5SRR3$22@XJ5I^-EL+x1~W zJm`B#Xcbu!39&AZKR(bbhz$SUe87b@*6qTsVLhezld_InK`=-}Pn*&7k_AT(55ek@ z0eMeSgAt%`vIUUPn+SJ*9GW*YWBj{_X?Oj1Ufeax*M){NAmxBZkB%9& zxBHa6@!9D=P(7cA%rs_UXQFe3I)CcaY2bfrhuziS`%A^GO6NBV?3P+tQ5JZ<1}=3Q znRr#x99645V*V~5;Qo7tfH5a!O8-|XqMiw`gbklxctBUZ+dw=o5}qvm$cJD7985h^ z@C$Y`3^f7O`PQ$;ssJoxS`|6!T~02V#MXIVPZ^D>@P^RJHrk)9r<7m3vY~FA+kH*r z#OL4*;?$$FJm)lb2m(y-tgnug*ROYC3q|$JB!m>&(ZomQCtoq+XYO|n-29lEQ>z1x z^tP})_n3h`r>fdL_%A5tFUBfIMu0zAe2jR2w3nkF&PAA}rJ2QeOYYUCHpQ{&EQ7y%NLSQW+Ks^2W+4P3# z$0?(s^z~d#RZONDWzpKtBgv`M@LGqep_lXDW~I@>5p8stQ0J|;YW;l_b#i=a8DLmY zWn5d(g9f>M%b3mUVB!T~pCC0FJ{jN&HfDr_&-LHVJh)6;e2wW_Hqm#urEF;nYK=@u z{l0(BH-7=C)d1Ev<8!QJH1r*u-GM(9{-TuwGEB4eyYCo}3Lbl^6%;In^8J^=EK!t6T;bs91 znu!qlrz0QEP_@Ls62)b*ogr}J(IBJY3?2UYGte2{A)RV)RI0YxT{2%hP7vyeqB1F@ zySd44@qtGVX2I06vzuueGcXwd`!mzebth-zD9>0^?l!G-i7w@=Ibuf%WZYlTgh_wb z91PQs6C8Gj3@?!h#{ONAqLGG&qa^w!XVxnp)DWoQaqRsmHvgJ+D{VK%r{I>JbwzrA zQaRy1l2WAA^SNNwqu3@Pk|h-3``P30-LQ1iu|!RLtu7fhbCRf=M&ph|j$|T3g%*sc zWEN2ENRY@8MiPe}ma~o^og)~S=_NVt!WbkDYo8Q$Uh-m)zxzir$?Si3Nmso{X9hie zFe{&1%r+Nk7E2IqT;>LoGk&jyBB<%8Jyq0k>56!Qj<6NG-Z3^OMtE1f7(gJH9%%i% z!Prykjp5U>h5c;_lP0lO!#ml0Cn4Gw^XdO`0UQ&_cv(Z_zDjfhoys{UkWVS*7o8Or zpwB1R*7hTkM8^!07kY`=cAs<27t+bd0)C2QuL3VP)A}E`KiO)U3%+p)GWhUGX+Sb{ zB{0w~Lo$&PB+``W`ByPZ)zAwJ26bqZbd@{gE#(VIa}`Xcv2>AS^%{!%KOX0_eXXR$ z^iu+eshY0;qvW@>Jtk6%)@@2dRWJVn_;v?}vc++Y4`#`5aDHGvlQ3d4O4(87?u*?y zsXczh=vkQfY?P->!s9O1#1P5zb0&BNk)|danZd9Xr28ZaiQ>Z73Ada|go$}FLj%1z znoyCc(Aa|%q49{-5f{&kK=S%+jIU%tXAjtM#TaqM4$jL#X(BW|aNhHw*AEuw%!6t2cD64OVx zJ0=oqZooS1dh>o&;WlAe4?9knR~Cqt5<14g0FD~9U^-2Nl}xH=2-ibn+~6;3q-G;d z`s8erdel7+BY@yD+s~Wnu01sJuub6J3`Dh%5@iOFe?h*9V8v9szq$;(QMJngUa1lX zJr#|+QHQvi0l7FHVA}C>1Y7zji>yn+)GSLd6IC%UK9VQoN&5QxWY5Z!dm<)WI5?D7 z6K5x4(N{G%n@4OxB&n2#e}`jf?M77v>KN;@R**Jh!uRtV(!!W=aOF2G@R%kH<*(cf z^2{-OCPiEZ8;|=9_vuU9U6Z-ZR*>gV_1zZS!HL|aDqly3`yz*JQ}M}`fsYj&A;ixW}9$U2Vy@ZLHBhx z-~vRl2f9t~?1`4tB)w4yeD}W2obZSB(E*D&&cM+0XooLm82v}$2exCSTSFHZ!L>GeKEH(G5czhNAKCE#au2)P0!B(7sr zp4@^W(uaxw2UHR075~wZgYY&%4v3u2uCgD>COt@g{aTV52ofIvQ$QF^7>l9?rJ&?| zg`H5S6=Sc70fDCi4-llM7MZ_-TBwBt-Xs;7Va9<#T846hiE)Mg?rYl=>i^zz0MfAG zh4oIfk8LyO`?s{m9x#ggl) z6i5@hLY!==H_{pTuF&C(Z{kF{slP!!+LB~H1DYcZ$PEuEY$?8}!Nb+z#8mCqGY-IF z=m&=)sr-KeC+6>l77<;KAFrE+tVWUW1O&Rx`$zNx{mP8KNJHh&l~Os>ux!b>gAoS7 zCu)Uvc4J1ZudsVNn-dO@Ehm3ZWKk$w-F4J0AzG!mp1+M$ICy5OtXtN*`XATc|H?W^ zS4Nq4_41m-Su~Xw>;h5$v_R{5p1Br?iT!$B%BB6}N=e^$9&H3>wl@DNq%yA#!j9*; zfOY+bPxy!R_wSgm3378|&dt_ao<}N8ExSA2KA$uJ%3AGp`fd)UF8ljtCA&*HZ57Px zt{XjO`PQc;rXF_~^S2bI60@1uyz*@~4z$HFOZ(*%q!T(pB6t2lH^0gWt*tF!nRg|a zJqM<=@0PO{PuhknxDGY%`J^;{eMdK6Td$Oezxr-;VM;wBCKGz3;x#|(P0GxG)>a6R+ z+01m&jd@6;$tPYQ(?%4CgGksN4Nr3Gq%eUq}HLJ_ZObPnFTROm2Y676sGnT9AbqB-}1%5=evgw8HvOgUC!5{U74?L!a*Aq$)!#)%UN&Kf||UNc=Eww}Bk%(E1%dy4A30LQ!S zFv5;;+H+ul#dE^noM}I#KGjQh5E&u7yFJ{qHo(nV%6=mVy?dNU6b%sr|Yc4-KB*vKi)eb#wZ5N==^ zTDE0e^W5hPOvkHCi~BE(wQfJ8*&dkAA1l5bgu3qK3n-M!?5;K)d9iKkHsOvkS|8m* zBV_nh*Aatt6$esQRZd-KlA*UK;@1geaWg|5hyLKB6`_FuGjHr{?G?#poF1;tamItNjVaNjs($D;WE!q-7rQV?G zLFCy03WVdoRQa7)=a|r=*!1E#B$PGUB|#b*A0jO?5ZZ9n!D=W$c<2et&r>{S7kdT5 zoK#LfFj8cx^Jz2-gnCDrAdPkY^DP;uATB!4HFbbu^7?4Q4V?Ya!@5nhxX!n-^-88( z)!>a>K@pr*t*ofX8=esq$hx|sORq&>Xw0#$rV4>P3hkWCmpqmxI8p)wz62+pr5U!W zY*Q;OOJ#&p`PF$?n5~D}grTJgo{?Wfr!VtiToBN>$qUs%aNsawgiJvma1!J14|li+ zXpY4Ljmf7EyQ?9!`W5iG>^qZ96dLVJph2N4Ap|rFcu^9RXA!~&;f_XFc)PB%fcgDk3hp)27WcweP zltRD?@S>t zg_c4F6(a&tll3*YuL==AzAbh@5TT-l`_re2%3UfHN2h|^bEv@M=cj{6%6TJy*;F(N zBL3=FCxSn_AUqHPkCe;FMG9OOT||s`>X;1FZ%ma_FX7B0WKUrU=&nU1{OEoXj;%KL z^Mh|b9P20_C+!HHZ4^9t76<;Cd*IHGy&k8JW7!!T$&PAR_0tkl!Z*U*kFT-jv&F;E ziCHmhQozS5O9ZX5ImFu!V#7lsG_Rbg@+%v6ub^q&CkT{bDZ~yurd0wQ;XLdip3rib z;ee0CL60Dhw|-SLM+e#9783HkJ$&6Gb>X~3I*8)Y%nM^aMq)BXI#$`|X7W@`p*5@g&o8Ns1Y z;eEoU=c9t}bVGLadV?r+t`?yFG0O^&!%t?e3s(fbb~ffg=e-M0gf|G)hpSvqO?1_w zjgz7Ko+&*yl2G`LZcKpz6h%O-2JKw-r0J45TG^H~@nzMm$Ru%v5o>yaeC z%>jot{N30;R6RcYJjc%$US~<94P`+h7#a#yhpPu6C-u%>I8`hu^HL2%zLn?`c3%wv zGt1|(&E%8!FeV@b6df)h&oyB(iEnyEH6wHSO>|k%L4sR`he-fMD zGCGm4gTx+3CgETs$Aon=LNt!8(&6i64n|mc0t;~&n6$#nQ@P?kIc%5`R5$R%ff5Wb%$4gf>QzzEuB@L5ibK>yga_Z!=j zntgm=jGKwzyq;)-n%vV=g()iB&CczgXz$bgM$?)eUqhkbyJ0qtgvfWTkgk-jtlRNT z?3Kq~rI>wxvi4(S$uD)rDMmUyZV=_iTRy(x6v*K-PZ|_xek@dBF}Mh0zETR9m=G%3 zTts1OzECMiaI3yV^2@yRi5g$Y;O{t7T@5XhsD+x7?K+lS>0Z$pD6&eoIDWFX$m7@VfgFZB4?~e-1AReK%N%s-B z#P|l>l^RA7@}MnB589%AG#P!M#CCuY@G!#o7IFCjg?%6%p%GZq_%R+jAcPo&G7EfI ziwy{3#i))f@pdPNsfX}INqgm1V7x18n)58dDw+8}Kul?&h#YGi-J`+`D}MHqkUSN4 z*$+^N6f$6z$XnU9;u2MqzZllVK_Zh^JFL5B9Y0lGV_HfUou z-kMRg{X3lq>-2ypqve;I8QVHfp-KB7k&Rs+xKf25w+foKxdGPriTxY0YDnS1SFUJf z5cHzU0k1KfL_28uOS2)D7AUc?IEw(loiO4bFM@z#q(aN==ct)akVIcvO<5}cIb|1o zK`2paPmI&12|>FlE|hcV!3p#HscxD6h@{|ki^EP4o86dXRw2{_NT zMfSp{X|)F|`amCuP6I!pCklGw)Jz;P^L=8o8MS6j*}KYXd9CqW5VN^c^$UH|+SML+ zF+A=^?IWf6LE@eoTcN`!e~;UjwpRWNdIxFNHTC3y>rCKWQ$<=nEs9~k@V*YdM{ z%T-NJj7axMT?toS_-xNV4`y<`_9%we?%~~8$=!UH&ljZY^76d$cAo0Gzhe%tJ2Cnv zXc5IwzUs3w@3=;G_Vvc1E3JLj9AjObli$Tl369rXlir(voS2S2yQ7wEr0e6kIkz0} zU-RQ+{7n!eV^mfHgNMMB5Ui5^cY*8nn8vsw3!y?kS}(A0`GHh9U^?|B-;%?^}_&=|C(78rp90Ka~pa*GK?WJA%(%K+%F@>XX<<+>@SAru{^au)9z8+_F^- zCu8l}1n}sg<7{&$iCQk@J;_oX%cGs2V@psk+@$)A22)QO8Vh`yb_(5Sjdh?BRS9`0(8)r1ZfWhzdb86X!LEnlMtbnnD-wZ;Hu>HB zG^6)h3V%?1Bvv%uiSJ}2jb>o!c4ua6fD&HGOP|gDG-m$l@4Dr_+WWsOP=~g)R+LTI z$YbBRLvwlCv1+D@1*f9U-dq-F^Xu7bq#7DX!Zg)SI>W)89ew7(p%%%~ThDp?JI@=K zf3kJl^PqIxm7PBl1hjKrMKEp6Plx1D1c_*P1AiF87V|3`m|Isa2MM5zUwq5P4yx8f zlpd!?6K34P&aNWVVl{kIHzh9!&aNX|b8PDo4DJh(SYGOSR{EVJ=g@{7-t59Z z1iRH6itf<}rT3iRMXJOPR^S$gBP{YyLS{R&%fKABCMNeB4AYT6y$$XwBcr*z|DCGW zz?fxG=7{`ISa_+Vz*RU2&S^xxPba?v4gaFE9phBMYlU8*Onr(Y^{4*}_m;0x5b~?m z8ogf++9$K?Xy|$Lm@HNx#A+z4KA6$l7E<@xBwpa_4xO?U%}Y^*)Kbk$an616%oC` zf-i;xTwI)hR@5Mm%C+&|!5jCKo`oi8Ug}7`1A1f@kveM@>qWQKx(nm^mc4axi+>`r zpG&$NXz^rF4rFT0J=A7K3jdIWRaG&+^y$Aq$qBwXd!Ku)D?6d_^C#hL3<$n43tYuU zQ^~n7=M^R6<`aH+I$(f5IEvPb)le*spE;+A-YljAwi^a$AUznLES`jC>N9GnTjfRtG?g#^PcSiEW=9)2a ztAwVGtgnPQgOqs(eXF9cvMn85G69U|tyJ*_)NyO=(MI#iEh!@k>3xG&W8|4lwEohBgp&6xe!>!aQuWT?KWaHhrtanAoGLc(DUUJ?2P}$^XU+BD zLqRfVn77&Q&`EK+K~6AsrFs@)Wt6cy?%bb3(QBA@#4_}&yv;;AV$O`C&rdGHVzucw zI)*Q5o(F3eJ`=q9X(h{oLp=X{K{ zqmr;9;+hx!dnZA>z_3qK8o;nO$6GKdE778sMZ-P zA)+20;2NwUp#=V(`@O~4;F^bg^PPGd4oYn~DKg|4w@tFXuHP?(z`sl8WJzEEbAO(8 zo0KfoHimZU^qj}lgZMITq(n)JpxzvrXCZt#wQ_{lZjijmX5D9rrh1aa!B~Z4J7V!_ z8`ZnQx5~S$m-LpUllYm|!Dg+%O&yQ50vR+4bu_X#qY-B18MO*Ea1ij1>|?hZQgopo z?RfW@TE@d>#gn)%7=9If4bwYZd=baH^&ynbfrFJQY}AVo*KNvzFJ6WUHXfGJKzM;O zG3PcBZEPB~x8X>Q74Mx&`A*O+)}jY9%qqEg58bHs*B1O487HuKu9({|FUdOj>n!bK z6=wQ~Sxc-+1zX!Z7?@^`TsfcC&*IQSnbcShp+^;O+Nqx0P7O z@Y>FDjL?51(Mj_=``TI;hg`~92q4-ZEY2Cu9Pk`S1e3=IxySfB_-?-k z6vJN)4r+IPFPt8T>D!yh`s^vreTaR~M3R{#iDm%~j^G+rs?nd;n1!hbd>%^M!S zOOJ+Ce~_%-KSqcu5I&Y#L9AJ=g9+y}1gnuy79)O{K#M>%C0BI&`ifOn!y(Cx^%$S1 zWLi_8lhXE}LGl!sq|9hGU&zrhG!(3r=|Z*Fu%HuL29A|pqXw{9->ra4Zf+$8P!KD~ zlZBd9!DH%G$)Z(i`F7>BT4em7Br%E$}i&nCqpSCZBUWyls-_Y?2%%y+!69+SZfk`++|&PKg`+_E zXc#eJ>w_XL0tp_Qc4Rf*2ke;vIie}Fj05Oq!Wtwql}l(6g6Ja^D@bO7_|5gfB{@Jc zlUhC<3aE#KRG}Vvc#XZQ`QME*#_}`2_5S6koTSmF=VDvja7@wNPGCe9`-=csC0H@0 z;@eG!u70?6I?wp~D+&s`>LYGlB;;&Qezd@n%B^x}w~p6oUE=4K99i5jC{$)}pdwZW zJ98wgQGP{Fk*$TRgd5g3gFg+5X(x8Rym)KwDr$JZ+OxFq;Zp~GNKr{bR@h;qOh!PR zsC5<_<1A7gWxmF3GmQ4E+nU>Xvihb9pM^RAa#%=60^{Y{TmicEYq$ltXe>w_3dts+ z!a+dC6weVyl%qpa^dcI3gNaqTJFJix5IZs&LZegkQ{P}HG{1zc=iOYs45`>K+CFyX ztH%KJb7G_hqzK_V$Zi;{#pM1ziVG}f1KfHs#s3p=B^-%@Xmgq8PVLjxChCkFI3Yaj zArdnxWrz1Md3NdSQG2M$&E9H0HKGZN)c?_0G-^T0`ZE$wGNw3qa+uV)nD2E1A9qc` z1X&J@|Mj5V9T)x2@0hjpvrn!k{k3KrShn{!LFf|llMz^OTajUb=Ip z_NNX{MjV}Q!6Vm5M)kJQ25SuNDrisEe&4YCBQ%qX-*H`qsGBO{{p8WOL#>{|XN~55 zH3T`wp!t*5QFlQH`ky=Iv4l4;cf7#5qCQSY2I%U>S}Efo+O0<(g0v^G&+*WzLmZ?$ zWi|u5VXtId_TwDZi)9QGb3SAY?}wA#oMu&*^bV%49U?ECkYHe6m_Pn6K*Kb?1P6Uj z^>?xq1QtlU5y(frHRNXfe;48hN@^40@K*MsvA|ypq~`%;CuV+!iL78LlF2GOtmx&o zj#Pe)%1+2Yh?KR+{8cnRSZ1l#{D+J){;?Yaqh}_TR72}^ALjnki_7q6qcO&^K^ZEB zC$fch4gkv2Epp}HE$%KtgCFaJ>j;Wd8{47bnM($;TD?3)%vzpT&a(ZudI1b>%)p86 zLfQi{VSR@NiXT&?u|*I4J@V$&NU*)NFQH)T@AAeiHj9(di%e{7zfW^T^>J2KtX^57 zb|R_p^66nl`)~XjcF{6Qyr%K1j($t_BPbpIH(JXVl|EpcYhDOfmIbHa-WSp>XJKLb zwmu`ojI5zBmpInJCy{Rw`8*nT&z6tA4Ge=6JRh*jy|BF z7$2}pl23U>RP^=HtQ@iT2L*k;MnLzN%#<=!rh2|MxTEs*eEjU1+ScQRyb-%dPAJ5% zLfyp8(s)MLxg5`C!p%RC!?*J(z{`FW%?hK&!S?S^v)V2mjn+EIt>IB9PfXT9=k5UC##uts*VPLUX zvp15ZsJ|lEjIfpVSEYE+(|ip*rYzBkB}6v2VKPzO2*7i)RDXqkc&bUr%zQ& zMxkZQ>*1KuZvQ-;=spa~yO;}0U=1+cOjlx~FV%OKkWEC@_4QYZc!aZJ;K&lD3?Nlq zJKXM#8$5Lu@S|K(y&Y9EZsa}7Z|w}lb3M)wG^(tPbNS)fK94qB{`FlDd}3;UP5syC z=}Wk8_f5;;>)R{VCc?TW#`Trm69QNBVv^Il`Ne5vBq?il*TJ43OzlfNLseSt}d8+ zea=`;H6))g3B(S@InjK_kNWN1Z33%9{a)jUN1nqkRWk&0u~SdKure2k7mMKL-2Nir zyxb1+Wxfg35iJ3<$}9GWdkv(bZwt9f{8aOGa7b9vZ<7kki|R4YgZ^JHXB`#Q*Y$B2 zI+T!ZX{mux34x(O1|*bHQs4*D-7qpBodbd((jX-u4blRFfD+O}cS(21b7y>?cfIf5 z&sxua_spDi?zy%1K6`(@$4hvN%5=c)v1|h>ykM3sx1UEQoMcMWqOaD^x$WdpvFBbp z$)KLSe*w9NtEJmdW^*Ud5T3F5#cv@mKZRy|5#1>>iL)F8D&ZkD5 z9xDJJK0ti6+v@3GT}Zp*K3~_;36qil+q9wF-z+>wP^eRrR`HPlk^h&d8Ec$0Q5Uk0&9hm6nPF`#Tej38@yQ zymLb7&4;s#lW~rHr3vc`i(LroC7cNY+ZzULB~M#~)bvP&1o7pn>l;Q`NHO9-x<8>- zZ~nj5CDEsfX>HcGkx8K&{;GlCRK`9Aq$}DWy5y)v(hUwvehINu)LvgZTMqWV*eGzB zOs$ht6-w_nOS@Lr%DvNI5v4P(zuU=ddPBpKM!=%+8YEVl(e1y=;_l>4o+*AsoM7%A zI~Tl@wnA%=JmD{q;hf$L+-+x9M#VRW5^%B>A-*0$c~CPXJ^VPJa(O<$a8=C6HMu;w zil_1wN_f$40K7L+^vs~vK6Oqolv++!58q(~Z!VJ8YBaak-2F$Ttqn&VGRrrIil_-={aQQP7U5Uc9s0TnJB)QI zbo6sstH(C`mHqE0-aV0lTTb{pqB|vLUN~Zm3*s(u%;hABvrYS&6Ez2|ICBq=v~5+r zKMUc}=qX*clfeVc$G-CYTcMNgSfN&m-i`$*_tnFmt&*gEKDz92T0g&wcuMGvqC!2r zNA>#w5BGlD8DwWnSw5(IHd^!M)XD6iQ(@wAM&+|>2h3l)NhR}7^$Mgiv25oHw#?BpT6B9c7M3c6&OJi``-!Td{9AEVUl znN0_^aCL6Cc4C{+89}gXi$aDXqCRE~6t{NXoXhkUVI8|Pn19+vEMs)1)V zX!2)d5>B|hrb>4FiDuUmCX&KZ3ljF5^0KZ#v37Er(|QbiXRvuttSPx7A0oC+1w_)!AP`=c11C=`Ps$aROplK0a z2;Bx`hWQ>RyD^<=gd_(560O`8F=kIi3UxoBMAo0cC(E2s)QhyMh1o`wP@jpiNaUO4 z^uUA8$0_&OD?8Y}C=Vt*!!m|t210yJj!#B^B*htvmP7es$K+rfzGoZs@w3=w1;77h z>sRhL3Ne#57;`v_xO}ewUkw)<((t=I*x+l`j{9SNy~Sh&FJ^-Jt~*C;2?nRm4z}kT z8W{4iH=8!lDTCm+FHlltrhaSwaow`?n-r;V zN&G>m;|An@igLN@GJuxcCnVigfRWC|5*_uc=YScsxU0H%O463ya2r2p>jR+EM6S@Y z%vY?QUENtoIgzc}V*$42D1>gPhV)dLeFt=|5*Co6ZX~}Q#in5{?uVV0>FIPnmYZo{ z!v*))DWav%_bfhgly+U1h2ZX;lrXjmC$*9}&DCS$SqKxIk-u_K$YxdUJ+_p>wU`Ny zab5w4h{Uknacg8{UKa^kXk_ zKl4;yjI#SyAM3a+S5OMh3816ypx9_r9N@iB54i5lJ3RgMq#X41|{_g6CzU;J?l6NAmEAZ()AaQx; zUKZ?~vV7;?Kq&l%AUAR@I3}Tu4$t!T6EhgDrE?=nYt`%5s+g|T zn$Dcnp6Aw`_9>1eB7EDKbciQ`l8(ET1jfFYF2q&G1Tzb+d9jo|h42ci2hqyj^5jI(%PU@1Pp zH5Gy^tpETTAb8Y)A&_=)UogBAHJX;ehE!qvi88>Q4E5Bg%wS5_#K4@2u~MI-b07ev z#C!QosS^K@40^r*m7U z;|Ji9ev||fW9AcpX3qZOlWC2OTG*K|0F(59&A-3#@J+YXld+XPu`Z|n)DL7-UN}$d z#d!a&8BZ=<2NF99s&bs<8d)g>FYEJG8x14x3a$lzo(xY$#Sa5HAd;6po5|>u%FO0i zcqG#L*fz$EYSiM#2h792OXRFL6hEq*&xpkGYg;LOcpv~C5Vm2`elxTHsLs(ajp3viBl z0I}W>77KckrYv0G0h=jaoPJ;25}Oa*>-#xuHNW@eq3+~`uOWO|IIhlv`R)Gt97v5U zKbtq5`B{Rj@tvM%N9DEP%(jt|@JyD7lR*5@5>Fx-OLq} z!F4yH7VeHLk*HPe=-H1Q@0My+9=58uq}`djP5V zf%A)Yp&Uf_p;a&<5oJ#t7eHeT-_o{kv|%~?RkyV6z~gdYhsAkims`KFDWq<4y4H3L z{KW8NNBe3tRmBDMJyA=p`*i6`nli;DO_oV1g+g}j*ak8*M}t4q7Af0BBz4PwG1hY$ z{tNCd-PF9pqr>03G+Yyo{|_74NuOi)uZutVb}mLg!Ob{gHWuW@QEFVRxyZ*69~{!q*^atsMt{^Z!9q$v~rJ=!yDqPt&U z_+44o`EW?{(VcJyR8&W%H~G8kQH!MXdgHd{r!Z;S&X)-Pq-Zw11W^vF@O}NWPUD1W&HHe}=`g3QY^tRz-h<;f>oPrbp;>-?UB}zBHNW`u~O=8 zAQlUtufJZs7T?JWAkCa{mULDiElH}fFgb_n-K@-<9SlGtcCNeatOQ_f&y|fG^cbO0 z-AsCi-rH4~T^3(Ah8f8X9Y!bjzZ2|NTk)tcn}(IfF5pkcI!RlN>~B7-U$@ar$@^tf z9SvboTcA%4Eh`Xy)T9EsrEYdy8|F+mZqd;Tew2T9XN9NkNsp-OYJ}2pRhnmc_O<&jBs1=F-U7-*Os;2BpZ{P07 zH~qHID6P76=K8(;vbNu;ep$ej+FH|csP<*&DGLr@5s7)&N^+s@9ep7@uPRc;ZsQm|e~r5AVEseh^{Gq}vnK*a3q2Y@YDxXA7K-51!Uiq+E*ALX_Eh-` z&?aBgm>Ua)7fUazYNYX9`*0n-XNknjLP^JrX32R0S+LR;|J{PzP9JwvRG(S zN)E^#*guf%VvyE8G$8xm|HrJoCc|=#1CBO_zzXM`Y+*Lx6hpa(OT{vJii5s@|FCU- zWF3L=KD>bcP+Bmz#P~pIpi!#7CLn@#1XN0ZGvPIg#wg}WRe;9v<_9i}NG^x4&{P_b nl;r17ia^kP<7KzV&tCT}G+QOudjdPGVqvK&X(*P-n+5#~zr199 literal 0 HcmV?d00001 diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-temp-appseceu.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-temp-appseceu.adoc new file mode 100644 index 000000000..d2295c0d7 --- /dev/null +++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1-temp-appseceu.adoc @@ -0,0 +1,8 @@ +=== Configure Proxy's Port + +. Select Tools > Options from the menu +. Select Local Proxy on the left +. Choose an available port ... Since WebGoat is using port 8080, use something different like 8090 +. Click OK + +image::images/zap-local-proxy.png[ZAP local proxy,800,648,style="lesson-image"] \ No newline at end of file diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc index 7cc84b033..bce555d3b 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc +++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro1.adoc @@ -17,11 +17,3 @@ When ZAP starts, you will be presented with a dialog such as the one below ... image::images/zap-start.png[ZAP Start,548,256,style="lesson-image"] -=== Configure Proxy's Port - -. Select Tools > Options from the menu -. Select Local Proxy on the left -. Choose an available port ... Since WebGoat is using port 8080, use something different like 8090 -. Click OK - -image::images/zap-local-proxy.png[ZAP local proxy,800,648,style="lesson-image"] diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc index a606ca734..4adcecc5f 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc +++ b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro2.adoc @@ -11,7 +11,7 @@ This will send all of your traffic to the proxy. Since we haven't set up a trust . Click _Settings_ . Select _Manual proxy configuration_ .. input *127.0.0.1* as the Proxy -.. input *8090* as the port +.. input *8080* as the port .. check the _Use this proxy server for all protocols_ checkbox image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesson-image"] @@ -23,11 +23,20 @@ image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesso . Click the _Change proxy settings_ button . Select the _proxies_ tab . Select Web Proxy (HTTP) -. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8090 is what used earlier) in the second box (to the right) +. Input 127.0.0.1 in the first box under _Web Proxy Server_ and your port # (8080 is what used earlier) in the second box (to the right) . You may also want to clear the _Bypass proxy settings for these Hosts & Domains_ text input at the bottom, but shouldn't need to + image::images/chrome-manual-proxy.png[Chrome Proxy Config,700,447,style="lesson-image"] +(Mac config image above) + + + +image::images/chrome-manual-proxy-win.png[Chrome Proxy, 394,346,style="lesson-image"] + +(Win config image above) + === Other Proxy Configuration Options If you don't want to manage the proxy manually, there are extensions or plugins that can help you to do so without digging through as much config, diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntercept.adoc b/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntercept.adoc rename to webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/HttpBasics_ProxyIntro4.adoc