dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/webgoat/main/project/WebContent/lesson_plans/HowToWork.html
wirth.marcel 82e32acb77 * Hints added 
* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk@301 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-04-07 14:28:38 +00:00

32 lines
2.2 KiB
HTML
Raw Blame History

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Work with WebGoat </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Welcome to a short introduction of WebGoat.<br>
Here you will learn how to use WebGoat and additional tools for the lessons.<br><br>
<b>The interface of WebGoat</b><br><br>
<img src="/WebGoat/images/introduction/interface.jpg"><br><br>
1. Here you see all Categories of Lessons in WebGoat. Click on the Categories to see all Lessons in it.<br>
2. This link will give you the technical background to solve the lesson.<br>
3. Do you need some help to find the solution? Here you will find useful hints.<br>
4. Here you will find a complete solution of the selected lesson.<br>
5. If you want to restart a lesson you can use this link.<br><br><br>
<b>Solve the Lesson</b><br><br>
Always read first the lessons plan. Then try to solve the lesson and if necessary, use the hints. If you cannot solve the lesson using the hints, you may watch the solution. Here every step is explained.<br><br><br>
<b>Read and edit Parameters</b><br><br>
To read and edit Parameters you need a proxy to intercept the HTTP request. Here we use WebScarab. More informations to WebScarab you will get in the Chapter "Useful Tools".
After installing WebScarab and making a proxy on localhost we can start.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_1.jpg"><br><br>
We have to select "intercept request" in the tab "Intercept". If we send a new HTTP request now, we get a new WebScarab window.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_2.jpg"><br><br>
Here we can read and edit the sent parameter. After "Accept changes" the request will be sent to the server.
<br><br><br>
<b>Read and edit Cookies</b><br><br>
Often it is not only necessary to change the value of parameters but to change the value of cookies. We use again WebScarab and intercept the request as explained in the last topic.<br><br>
<img src="/WebGoat/images/introduction/HowToUse_3.jpg"><br><br>
We again get the new window on sending a HTTP request. On the screenshot you see where we can find cookies and how to edit the values of them.
<br><br><br>
<!-- Stop Instructions -->
Reference in New Issue View Git Blame Copy Permalink