dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d8c58bef372df9ef46838e5538b78b42a288aa6
WebGoat/webgoat/main/project/WebContent/lesson_plans/HowToWork.html
mayhew64 9d8c58bef3 Removed hardcoded webgoat path for URLs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 16:57:23 +00:00

50 lines
2.7 KiB
HTML
Raw Blame History

<!-- Start Instructions -->
<h1>How To Work With WebGoat</h1>
<p>
Welcome to a short introduction to WebGoat.<br>
Here you will learn how to use WebGoat and additional tools for the lessons.<br><br>
</p>
<h2>Environment Information</h2>
<p>
WebGoat uses the Apache Tomcat server. It is configured to run on localhost although this can be
easily changed. This
configuration is for single user, additional users can be added in the tomcat-users.xml file.
If you want to use WebGoat in a laboratory or in
class you might need to change this setup. Please refer to the Tomcat Configuration
in the Introduction section.</p>
<h2>The WebGoat Interface</h2>
<p>
<img src="images/introduction/interface.jpg"><br><br>
1. These are Lesson Categories in WebGoat. Click on a Category to see all Lessons in it.<br>
2. This will show technical hints to solve the lesson.<br>
3. This will show the HTTP Request Parameters<br>
4. This will show the HTTP Request Cookies<br>
5. This will show goals and objectives of the lesson.<br>
6. This will show the underlying Java source code.<br>
7. This will show the complete solution of the selected lesson.<br>
8. If you want to restart a lesson you can use this link.</p>
<h2>Solve The Lesson</h2>
<p>
Always start with the lessons plan. Then try to solve the lesson and if necessary,
use the hints. The last hint is the solution text if applicable. If you cannot solve the lesson using the hints, you may view the
solution for complete details.</p>
<h2>Read And Edit Parameters</h2>
<p>
To read and edit Parameters you need a local proxy to intercept the HTTP request.
Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter.
After installing WebScarab and configuring your browser to use it as proxy on localhost we can start.<br><br>
<img src="images/introduction/HowToUse_1.jpg"><br><br>
We have to select "Intercept Request" in the tab "Intercept". If we send a HTTP request we get a new WebScarab window.<br><br>
<img src="images/introduction/HowToUse_2.jpg"><br><br>
Here we can read and edit the intercepted parameter. After "Accept changes" the request will be sent to the server.
</p>
<h2>Read And Edit Cookies</h2>
<p>
Often it is not only necessary to change the value of the parameters but to change the value of cookies.
We can use WebScarab to intercept the request and change cookies values just like parameter data as explained in the last topic.<br><br>
<img src="images/introduction/HowToUse_3.jpg"><br><br>
We get a new window on sending a HTTP request. On the screenshot you see where we can find cookies and how to edit the values of them.
</p>
<!-- Stop Instructions -->
Reference in New Issue View Git Blame Copy Permalink