Web Goat
<![CDATA[
# Teams of size 4
cd /virtual
mkdir webgoat
cd webgoat
scp UTORID@dh2020pc01.utm.utoronto.ca:/virtual/arnold/webgoat-container-7.1-exec.jar .
scp UTORID@dh2020pc01.utm.utoronto.ca:/virtual/arnold/ZAP_2.6.0_Core.tar.gz .
# In a new terminal ...
java -jar webgoat-container-7.1-exec.jar
# In a new terminal ...
tar -zxf ZAP_2.6.0_Core.tar.gz
bash ZAP_2.6.0/zap.sh
# Select "No, I do not want to persist this session at this moment in time"
# Configure ZAP as a proxy server using port 8081 (webgoat runs on port 8080)
# To the right of Standard Mode, click the cog to configure settings
# Now click on the Local Proxy menu, and use port 8081
]]>
<![CDATA[
# In the first terminal ...
firefox http://localhost:8080/WebGoat
# Configure firefox to use ZAP as a proxy:
# Right Menu, preferences, bottom preference Network Proxy
# Make sure to clear "No proxy for" field!
]]>
<![CDATA[
# Now back in Firefox...
# pick a section, and work on it for 20 minutes
# for the last 40 minutes, 3 of 4 run around and understand
# others work
# Instead of using webscarab, you can use firefox developer tools, or ZAP.
]]>
Some hints and instructions at webgoat7.1hints.txt