renamed JavaSource -> java, WebContent -> webapp regarding to Maven convention
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@392 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
ch.ko123
@ -0,0 +1,12 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> How to Spoof an Authentication Cookie </p>
|
||||
</div>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
|
||||
Many applications will automatically log a user into their site if the right authentication cookie is specified. Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. Some times the cookies maybe intercepted using Cross site scripting. This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.<br>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
The user should be able to bypass the authentication check.
|
||||
Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.
|
||||
<!-- Stop Instructions -->
|
||||
Reference in New Issue
Block a user