| title | layout | tab | order | tags |
|---|---|---|---|---|
WebWolf |
true |
1 |
webgoat |
WebWolf is a separate web application which simulates an attackers machine. It makes it possible for us to make a clear distinction between what takes place on the attacked website and the actions you need to do as an "attacker". WebWolf was introduced after a couple of workshops where we received feedback that there was no clear distinction between what was part of the "attackers" role and what was part of the "users" role on the website. The following items are supported in WebWolf:
Upload a file needed to be downloaded during an assignment
WebWolf serves a mail client with which we can easily simulate sending an e-mail.
WebWolf can serve as a landing page to which you can make a call from inside an assignment, giving you as the attacker
information about the complete request. Think of it as a very simple form of netcat.
If you started the Docker image, WebWolf is already running. Please point your browser to: http://localhost:9090/WebWolf
If you want to use the standalone version, you will need to download the jar file and start it:
java -jar webwolf-<<version>>.jar [--server.port=9090] [--server.address=localhost]By default, WebWolf starts on port 9090 with --server.port you can specify a different port. With server.address you
can bind it to a different address (default localhost)