jipengxiang/ST2515Practical2ParameterTampering

## ST2515Practical2ParameterTampering
Batch file to start web goat container:
cd /D C:\LEcturer\ST2515\Download
java -jar  webgoat-container-7.0.1-war-exec.jar -httpPort 8080


【WebGoat习题解析】Parameter Tampering->Bypass HTML Field Restrictions
The form below uses HTML form field restrictions. In order to pass this lesson, submit the form with each field containing
an unallowed value. You must submit invalid values for all six fields in one form submission.

1、这个习题如果直接用burp拦截提交请求后，发现Disabled input field没有被抓取到，所以就利用开发者工具将Disabled input field的“disabled”属性删掉


2、利用burp拦截提交请求，并将6个输入区域(包含radio button，checkbox，输入框，submit按钮)；此时发现Disabled input field输入值也被抓取到了


3、将输入值改成invalid value之后，点击“forward”；这样misson就完成了
	Batch file to start web goat container:
	cd /D C:\LEcturer\ST2515\Download
	java -jar webgoat-container-7.0.1-war-exec.jar -httpPort 8080



	【WebGoat习题解析】Parameter Tampering->Bypass HTML Field Restrictions
	The form below uses HTML form field restrictions. In order to pass this lesson, submit the form with each field containing
	an unallowed value. You must submit invalid values for all six fields in one form submission.

	1、这个习题如果直接用burp拦截提交请求后，发现Disabled input field没有被抓取到，所以就利用开发者工具将Disabled input field的“disabled”属性删掉



	2、利用burp拦截提交请求，并将6个输入区域(包含radio button，checkbox，输入框，submit按钮)；此时发现Disabled input field输入值也被抓取到了



	3、将输入值改成invalid value之后，点击“forward”；这样misson就完成了