Run npm install
.
- Run the cookies/insecure.js using Node. Load localhost:8000/home in your browser.
- Navigate to localhost:8000/start?id=stacy. You should see the cookies being set in the browser's console.
- Navigate to localhost:8000/home. You should see a different message from 1.
- Run the cookies/mal.js using Node and load localhost:8001/malhome in your browser in a different tab.
- Navigate to localhost:8000/home. You should see the same message as 1. Not the cookie value.
Why did this happen? Repeat the experiment with cookies/secure.js and see if the same thing happens.
Run npm install
- Run the sessions/insecure.js using Node. Load localhost:8000/ in your browser.
- Enter name and click submit. You will see a session being created and stored in a cookie. See the console.
- Run the sessions/mal.js using Node. Load localhost:8001/malhome in your browser. Will the session ID be displayed in the console?
- Explore the code in sessions/insecure.js. Identify all potential vulnerabilities.
- Setup CodeQL for this repository and inspect the report.
- CSRF tokens.