diff --git a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java index ee8f9ef64..e39670e57 100644 --- a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java +++ b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java @@ -49,10 +49,15 @@ public class HttpBasicsInterceptRequest extends AssignmentEndpoint { @RequestMapping(method = RequestMethod.GET) public @ResponseBody AttackResult completed(HttpServletRequest request) throws IOException { - if (request.getHeader("x-request-intercepted").toLowerCase().equals("true") && request.getParameter("changeMe").equals("Requests are tampered easily")) { + String header = null; + String param = null; + if (request != null && (header = request.getHeader("x-request-intercepted")) != null + && header.toLowerCase().equals("true") + && (param = request.getParameter("changeMe")) != null + && param.equals("Requests are tampered easily")) { return trackProgress(success().feedback("http-proxies.intercept.success").build()); } else { return trackProgress(failed().feedback("http-proxies.intercept.failure").build()); } } -} \ No newline at end of file +} diff --git a/webgoat-lessons/http-proxies/src/main/resources/plugin/HttpProxies/html/HttpProxies.html b/webgoat-lessons/http-proxies/src/main/resources/plugin/HttpProxies/html/HttpProxies.html index 59113e121..efdfb9e61 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/plugin/HttpProxies/html/HttpProxies.html +++ b/webgoat-lessons/http-proxies/src/main/resources/plugin/HttpProxies/html/HttpProxies.html @@ -37,7 +37,7 @@
@@ -48,4 +48,4 @@
- \ No newline at end of file +