General | HTTP Basics (3) | Cycubix Docs

The Quiz

What type of HTTP command did WebGoat use for this lesson. A POST or a GET.

Hints

ℹ️ Info

Turn on Show Parameters or other features.

ℹ️ Info

Try to intercept the request with ZAP

Solution

The HTTP request observed in the previous exercise was a POST message. The magic number is hidden in the web page’s JavaScript. One of the methods to view this is to right click on the web page and select “Inspect”.

In the “Body” section, search for the phrase “magic” until you identify the value stored by the hidden magic_num field.

Further training

Visit Cycubix.com to find out more about our Application Security training courses. We also offer (ISC)² Official training for CISSP, SSCP, CCSP and CSSLP certifications.