dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update documentation regarding WebWolf

Browse Source 
WebWolf no longer runs as a separate application we can simplify the description.
This commit is contained in:
Nanne Baars
2022-07-18 10:34:54 +02:00
committed by Nanne Baars
parent 9e3eb39069
commit fe7774bb6f
2 changed files with 3 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -47,7 +47,7 @@ docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amster
## 2. Standalone
Download the latest WebGoat and WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
```shell
java -Dfile.encoding=UTF-8 -jar webgoat-8.2.3.jar

20
src/main/resources/lessons/webwolf_introduction/documentation/IntroductionWebWolf.adoc
View File

@ -1,8 +1,7 @@
== Introducing WebWolf
You only need WebWolf if a lesson specifies you can use it. For a lot of lessons you use WebGoat without
starting WebWolf. If you need to do an exercise with WebWolf make sure it is running alongside WebGoat. Lessons
where you can use WebWolf are marked with the following icon (top right in assignment):
starting WebWolf. Lessons where you can use WebWolf are marked with the following icon (top right in assignment):
{nbsp}
@ -13,7 +12,7 @@ image::images/wolf-enabled.png[width=115,height=128]
Even if the icon is present, you are not obliged to use WebWolf, you can also use any intercepting tool you like.
(`netcat` etc.)
WebWolf is a separate web application which simulates an attacker's machine. It makes it possible for us to
WebWolf opens in a new browser tab and is a separate web application which simulates an attacker's machine. It makes it possible for us to
make a clear distinction between what takes place on the attacked website and the actions you need to do as
an "attacker". WebWolf was introduced after a couple of workshops where we received feedback that there
was no clear distinction between what was part of the "attackers" role and what was part of the "users" role on the
@ -23,18 +22,3 @@ website. The following items are supported in WebWolf:
* Receiving email
* Landing page for incoming requests
WebWolf runs as a separate web application. If you are using the Docker-compose file you can just point your browser webWolfLink:here[] to open WebWolf.
If you want to use the standalone version, you will need to download the jar file and start it:
```
java -jar webwolf-<<version>>.jar [--server.port=9090] [--server.address=localhost]
```
By default WebWolf starts on port 9090 with `--server.port` you can specify a different port. With `server.address` you
can bind it to a different address (default localhost)
Note: if you start WebGoat as standalone application you need to start WebWolf as standalone application as well.
This will start the application on port 9090, click webWolfLink:here[] to open WebWolf.
The first thing you need to do is login with the user you registered on WebGoat.