diff --git a/README.md b/README.md index eaaa514..2874e1f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,66 @@ # CSPJ Application +## HOW TO TEST + +The IP address refers to the IP address that y'all configure for the VM. + +### 1. DVWA + +DVWA is listening on port `80`, so in the browser no need to enter port number. +Just navigate to the IP address. +![dvwa-no-modsecurity](assets/screenshot_130225_040803.png) + +### 2. ModSecurity DVWA + +ModSecurity is listening on port `3331`, it is a proxy for DVWA. +Go to `:3331` in the browser. +![dvwa-modsecurity](assets/screenshot_130225_040940.png) + +Go to the `Command Injection` tab. +![dvwa-command-injection](assets/screenshot_130225_041013.png) + +Enter in `127.0.0.1; ls`. +![dvwa-command-injection-2](assets/screenshot_130225_041113.png) + +If 401 Forbidden error is returned, ModSecurity is great success. +![dvwa-modsecurity-forbidden](assets/screenshot_130225_041144.png) + +### 3. Client + Backend Server + ML Model + +Start the `cspj-application` program, be it on Windows or Linux. +Backend server is listening on port `3333`. +At the top right of the program window, click on the red `Server disconnected` thingy. +Enter the IP address, and make sure port is set to `3333`. +Click connect, and it should turn green. +![client-server-url](assets/screenshot_130225_042054.png) + +Press the humongous blue `Setup/reset DB` button. +Should see that DB setup was carried out. +![client-db-setup](assets/screenshot_130225_042221.png) + +Go to the `Login` tab. +Enter: + +- Email: `asdf@gmail.com` +- Password: `asdf` + +Press next, and should see `Login successful`. +![client-login-unsecure](assets/screenshot_130225_042610.png) + +Turn on the secure endpoint switch. +Enter: + +- Email: `asdf@gmail.com' OR 1=1; --` +- Password: `randompasswordjakfl;dsjflkadsjlkf;sjkfl;dj;l` + +Press next again. +This time should fail. +![client-login-secure](assets/screenshot_130225_042859.png) + +Okay done. + +## Everything below can ignore + ## Setup ### Requirements diff --git a/assets/screenshot_130225_040803.png b/assets/screenshot_130225_040803.png new file mode 100644 index 0000000..e634769 Binary files /dev/null and b/assets/screenshot_130225_040803.png differ diff --git a/assets/screenshot_130225_040940.png b/assets/screenshot_130225_040940.png new file mode 100644 index 0000000..5a93cab Binary files /dev/null and b/assets/screenshot_130225_040940.png differ diff --git a/assets/screenshot_130225_041013.png b/assets/screenshot_130225_041013.png new file mode 100644 index 0000000..29727b4 Binary files /dev/null and b/assets/screenshot_130225_041013.png differ diff --git a/assets/screenshot_130225_041113.png b/assets/screenshot_130225_041113.png new file mode 100644 index 0000000..89bca05 Binary files /dev/null and b/assets/screenshot_130225_041113.png differ diff --git a/assets/screenshot_130225_041144.png b/assets/screenshot_130225_041144.png new file mode 100644 index 0000000..66b448e Binary files /dev/null and b/assets/screenshot_130225_041144.png differ diff --git a/assets/screenshot_130225_042054.png b/assets/screenshot_130225_042054.png new file mode 100644 index 0000000..c2f7367 Binary files /dev/null and b/assets/screenshot_130225_042054.png differ diff --git a/assets/screenshot_130225_042221.png b/assets/screenshot_130225_042221.png new file mode 100644 index 0000000..68abec6 Binary files /dev/null and b/assets/screenshot_130225_042221.png differ diff --git a/assets/screenshot_130225_042610.png b/assets/screenshot_130225_042610.png new file mode 100644 index 0000000..d0cf8fa Binary files /dev/null and b/assets/screenshot_130225_042610.png differ diff --git a/assets/screenshot_130225_042859.png b/assets/screenshot_130225_042859.png new file mode 100644 index 0000000..3bd15a9 Binary files /dev/null and b/assets/screenshot_130225_042859.png differ