WebGoat

• HTTP request parameters,
• HTTP request cookies,
• Java source code

Use www.webgoat.local

To use the host name of our machine instead of localhost,we can add a host name in /etc/hosts on Linux and MacOSX and C:\Windows\System32\drivers\etc on Windows

127.0.0.1 www.webgoat.local

Therefore our machine will resolve localhost (127.0.0.1) as www.webgoat.local

How HTTP works:

Each client request and server response has three parts:

• request or response line,
• header section
• entity body

HTTP Transaction by Client:

1. Client sends a document request to server
   Like a GET request:

GET /index.html?param=value HTTP/1.0

It has URL parameters: /index.html?param=value
These parameters will be available in the web access logs.

2. Client sends optional headers ; It inform the server of its configuration and the document formats it will accept.

User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, /

User-Agent is the agent used to acces the server.Here it is Mozilla firefox browser

3. In a POST request, the user supplied data will follow the optional headers and is not part of the contained within the POST URL.

Text in colour is user supplied data.

---