This article is going to cover the basic features available in our HackEDU Break/Fix lessons. It will cover:
Save Code Button
Save & Run Test Button
Reset Sandbox Button
Each lesson starts with a written explanation of the vulnerability being explored, and an introduction to the vulnerable application you will be working with.
Sandbox Browser (Target Application)
This tab shows web pages served by a vulnerable application. This is a real application, running in a sandbox that's assigned to you.
As with any browser, you can navigate to different URLs – the resulting page requests will be sent to the application running in the sandbox. You can also use the View Source button to inspect the page source.
This switch enables the proxy, which holds all requests from the browser to the vulnerable application, giving you a chance to inspect and modify those requests before they're sent on their way.
Feel free to disable the proxy during your initial exploration – you can turn it back on at any time.
This tab records all the requests that have been sent to the vulnerable application, regardless of whether 'Intercept Requests' was enabled at the time.
You can select individual requests to see the full details of the request as well as the response sent back from the application.
The code editor shows you the vulnerable application code that's running in the sandbox, giving you a chance to identify and patch the vulnerability.
You can on the language option in the top right hand corner to change between supported languages, and to see version information and available libraries for your selected language.
Once you save your code, your changes are applied to the sandbox – the vulnerable application will be patched with your changes.
If you patch a login function, for example, then logging in to the app via the browser tab will cause your code to be executed.
Save & Run Tests
You can submit your code for testing at any time. We'll test your patch and let you know if you've fixed the vulnerability.
If your saved code includes print statements, the resulting output will appear in the Sandbox Output menu located in the bottom left hand corner of the screen whenever the application runs your code.
For more information or tips for getting output, check out this article.
This tab lists all the patches you've submitted for testing, along with the results of each submission. If your patch doesn't fix the vulnerability, the results will explain why.
You can click this button at any time to reset your sandbox. This will discard any local changes and return the sandbox to its clean, initial state.
If you need a hint and see the
Show Hint button, you can click it for additional information. Only some of our lessons include hints and it will not affect your completion for these lessons.