WebGoat (A3) Sensitive Data Exposure - Insecure Login - Code World

WebGoat (A3) Sensitive Data Exposure - Insecure Login

Others 2021-03-28 21:38:47 views: null

It is too simple to write, but because of obsessive-compulsive disorder, I will write a topic. . .

This lesson just wants to vividly illustrate that an attacker can monitor network traffic, so encryption is very important for transmitting sensitive information. . There is no specific content, so the mind map is also omitted.

page 2

Question guide, click Log in, use the packet capture tool to capture the packet, you can get the user name and password of a user, fill in the corresponding input box in the figure below, and submit.

The burpsuite I used to capture packets, you can see the following messages in the proxy module, the username is CaptainJack, and the password is BlackPearl

You can also use the developer tools of the browser directly, for example, the picture below is chrome

It's over~ Alas. . .

Guess you like

Origin blog.csdn.net/elephantxiang/article/details/114649942

WebGoat (A3) Sensitive Data Exposure - Insecure Login

WebGoat (A5) Broken Access Control - Insecure Direct Object References

Web security offensive and defensive range of WebGoat - 3

Qiwei obtains sensitive user data

[Project data optimization 1] Desensitization of sensitive data

Applet login / authorization / personal information / sensitive information / cache / Audio

Building a cache of sensitive data using soft references

Building a cache of sensitive data using soft references

Building a cache of sensitive data using soft references

Enabling insecure guest login-solve multiple processing methods that cannot be accessed from the network disk

Basic knowledge included (3) MYSQL case sensitive

[vue3+pinia+Cookie] Realize token login and data persistence

How to use confd + ACM managing sensitive data in the cloud

[PHP] Laravel reflect MySQL, Sqlite case of sensitive data

MyBatis return Map key data Key value sensitive issues

How to encrypt sensitive data in the database with MD5?

How should I handle a UnnecessaryStubbingException that is sensitive to ordering in underlying data structures?

Data security and classification classification, sensitive information definition and classification standards

Apache Ivy Injection Vulnerability Could Allow Attackers to Extract Sensitive Data

[Problem Solution] - lombok's @Data is not case-sensitive

Shiro gets login data

The data bridge of the advertising business system - "log center-exposure data transfer and settlement"

Ali cloud released sensitive data protection products SDDP, personal data protection to achieve "internal anti-foreign"

iOS App Data Protection: How to Protect Images, Resources and Sensitive Data in iOS Apps

SSH remote login and data copy

Unsafe code Insecure CAPTCHA

Why is HashMap insecure

why is this considered insecure?

OWASP: Insecure Configuration

Use springboot + mybatis interceptor realize the ID and other production encryption and decryption of sensitive data

Recommended

Ranking

#2019110700005

What materials and procedures are required for patent transfer

What is the blockchain Ethereum triplet state root transaction root receipt root

Front-end study notes 04 --- About the insertion of html pictures and videos

Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries

2017 Qingdao-site tournament I The Squared Mosquito Coil

[BZOJ3165][HEOI2013]Segment (line segment tree without marking)

Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju

The latest tutorial on making framework for iOS

DAX Section 6: Statistical Functions

Daily

More

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)