Giter Site home page Giter Site logo

fmreactvulnapp's Introduction

Reactvulna

Table of Contents

  1. Introduction
  2. Building, running the application
  3. Configuring a backend
  4. Exercises
    1. Exercise 1 - XSS
    2. Exercise 2 - Websocket
    3. Exercise 3 - CSRF
    4. Exercise 4 - Tabnabbing

Reactvulna is a deliberately vulnerable react application. Create React App. It uses the javulna backend. Reactvulna (together with the javulna backend) is a movie-related application, where you can log in and out, read information about movies, buy movie-related objects, send messages to other users of the application, etc. The functionalities are far from complete or coherent, they just serve the purpose of demonstrating specific vulnerabilities. This document contains exercises which can be done with Reactvulna to understand how to exploit and how to fix specific vulnerabilities.

Building, running the application

Run npm start for a dev server. Navigate to http://localhost:4200/. The app will automatically reload if you change any of the source files.

Or

Run npm run build to build the project. Set up your favourite HTTP server so that a visitor to your site is served index.html, and requests to static paths like /static/js/main.<hash>.js are served with the contents of the /static/js/main.<hash>.js file.

Configuring a backend

Reactvulna uses by default a backend hosted on Google Cloud. This cloud instance is live only for limited periods. If you want to use it with your own backend, get the javulna application and run it. Than configure Reactvulna to use your local backend by changing the baseUrl attribute in environments/environment.ts, and environments/environment.prod.ts

Exercises

Exercise 1 – Xss

The application contains several XSS vulnerabilities in the Users page! Find the vulnerabilities, and exploit them!
Then check the source-code, and fix it!
Discuss what could be the developer's reason for choosing the vulnerable solutions!

Exercise 2 – Websocket

The application uses websocket to implement a chat functionality!
Alas, it contains some vulnerabilities within it's implementation. Find an authenticaton-related vulnerability!
How would you exploit it?
How could you fix it?!

Exercise 3 – CSRF

The application is vulnerable to CSRF! Find the CSRF vulnerability, and exploit it!
How would you fix this vulnerability?

Exercise 4 – Tabnabbing

The application is vulnerable to Tabnabbing! Find the vulnerable place, and exploit it!
Fix the vulnerability!

fmreactvulnapp's People

Contributors

nypsm avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.