6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
50 lines
2.7 KiB
HTML
50 lines
2.7 KiB
HTML
<!-- Start Instructions -->
|
|
<h1>How To Work With WebGoat</h1>
|
|
<p>
|
|
Welcome to a short introduction to WebGoat.<br>
|
|
Here you will learn how to use WebGoat and additional tools for the lessons.<br><br>
|
|
</p>
|
|
<h2>Environment Information</h2>
|
|
<p>
|
|
WebGoat uses the Apache Tomcat server. It is configured to run on localhost although this can be
|
|
easily changed. This
|
|
configuration is for single user, additional users can be added in the tomcat-users.xml file.
|
|
If you want to use WebGoat in a laboratory or in
|
|
class you might need to change this setup. Please refer to the Tomcat Configuration
|
|
in the Introduction section.</p>
|
|
|
|
<h2>The WebGoat Interface</h2>
|
|
<p>
|
|
<img src="images/introduction/interface.jpg"><br><br>
|
|
1. These are Lesson Categories in WebGoat. Click on a Category to see all Lessons in it.<br>
|
|
2. This will show technical hints to solve the lesson.<br>
|
|
3. This will show the HTTP Request Parameters<br>
|
|
4. This will show the HTTP Request Cookies<br>
|
|
5. This will show goals and objectives of the lesson.<br>
|
|
6. This will show the underlying Java source code.<br>
|
|
7. This will show the complete solution of the selected lesson.<br>
|
|
8. If you want to restart a lesson you can use this link.</p>
|
|
<h2>Solve The Lesson</h2>
|
|
<p>
|
|
Always start with the lessons plan. Then try to solve the lesson and if necessary,
|
|
use the hints. The last hint is the solution text if applicable. If you cannot solve the lesson using the hints, you may view the
|
|
solution for complete details.</p>
|
|
<h2>Read And Edit Parameters</h2>
|
|
<p>
|
|
To read and edit Parameters you need a local proxy to intercept the HTTP request.
|
|
Here we use WebScarab. More information on WebScarab can be found in the "Useful Tools" Chapter.
|
|
After installing WebScarab and configuring your browser to use it as proxy on localhost we can start.<br><br>
|
|
<img src="images/introduction/HowToUse_1.jpg"><br><br>
|
|
We have to select "Intercept Request" in the tab "Intercept". If we send a HTTP request we get a new WebScarab window.<br><br>
|
|
<img src="images/introduction/HowToUse_2.jpg"><br><br>
|
|
Here we can read and edit the intercepted parameter. After "Accept changes" the request will be sent to the server.
|
|
</p>
|
|
<h2>Read And Edit Cookies</h2>
|
|
<p>
|
|
Often it is not only necessary to change the value of the parameters but to change the value of cookies.
|
|
We can use WebScarab to intercept the request and change cookies values just like parameter data as explained in the last topic.<br><br>
|
|
<img src="images/introduction/HowToUse_3.jpg"><br><br>
|
|
We get a new window on sending a HTTP request. On the screenshot you see where we can find cookies and how to edit the values of them.
|
|
</p>
|
|
<!-- Stop Instructions -->
|