[fix] path in HttpProxies html file was wrong
This commit is contained in:
committed by
Nanne Baars
parent
26ab0dc712
commit
f5c3610aba
webgoat-lessons/http-proxies/src/main
java
org
owasp
webgoat
resources
plugin
HttpProxies
html
9
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java
9
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/plugin/HttpBasicsInterceptRequest.java
@ -49,10 +49,15 @@ public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
|
|||||||
@RequestMapping(method = RequestMethod.GET)
|
@RequestMapping(method = RequestMethod.GET)
|
||||||
public @ResponseBody
|
public @ResponseBody
|
||||||
AttackResult completed(HttpServletRequest request) throws IOException {
|
AttackResult completed(HttpServletRequest request) throws IOException {
|
||||||
if (request.getHeader("x-request-intercepted").toLowerCase().equals("true") && request.getParameter("changeMe").equals("Requests are tampered easily")) {
|
String header = null;
|
||||||
|
String param = null;
|
||||||
|
if (request != null && (header = request.getHeader("x-request-intercepted")) != null
|
||||||
|
&& header.toLowerCase().equals("true")
|
||||||
|
&& (param = request.getParameter("changeMe")) != null
|
||||||
|
&& param.equals("Requests are tampered easily")) {
|
||||||
return trackProgress(success().feedback("http-proxies.intercept.success").build());
|
return trackProgress(success().feedback("http-proxies.intercept.success").build());
|
||||||
} else {
|
} else {
|
||||||
return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
|
return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
|
<form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
|
||||||
method="POST"
|
method="POST"
|
||||||
action="/WebGoat/HttpBasics/intercept-request"
|
action="/WebGoat/HttpProxies/intercept-request"
|
||||||
enctype="application/json;charset=UTF-8">
|
enctype="application/json;charset=UTF-8">
|
||||||
|
|
||||||
<input type="text" value="doesn't matter really" name="changeMe" />
|
<input type="text" value="doesn't matter really" name="changeMe" />
|
||||||
@ -48,4 +48,4 @@
|
|||||||
<div class="attack-output"></div>
|
<div class="attack-output"></div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
Reference in New Issue
Block a user