Product Tour

This article is going to cover the basic features available in our HackEDU Break/Fix lessons. It will cover:

  • Sandbox Browser

  • Browser Navigation

  • Intercept Requests

  • Proxy History

  • Code Editor

  • Language Selection

  • Save Code Button

  • Save & Run Test Button

  • Sandbox Output

  • Tests

  • Reset Sandbox Button

  • Hints


Each lesson starts with a written explanation of the vulnerability being explored, and an introduction to the vulnerable application you will be working with.

Sandbox Browser (Target Application)

This tab shows web pages served by a vulnerable application. This is a real application, running in a sandbox that's assigned to you.

Browser Navigation

As with any browser, you can navigate to different URLs – the resulting page requests will be sent to the application running in the sandbox. You can also use the View Source button to inspect the page source.

Intercept Requests

This switch enables the proxy, which holds all requests from the browser to the vulnerable application, giving you a chance to inspect and modify those requests before they're sent on their way.

Feel free to disable the proxy during your initial exploration – you can turn it back on at any time.

Proxy History

This tab records all the requests that have been sent to the vulnerable application, regardless of whether 'Intercept Requests' was enabled at the time.


You can select individual requests to see the full details of the request as well as the response sent back from the application.

Code Editor

The code editor shows you the vulnerable application code that's running in the sandbox, giving you a chance to identify and patch the vulnerability.

Language Selection

You can on the language option in the top right hand corner to change between supported languages, and to see version information and available libraries for your selected language.

Save Code

Once you save your code, your changes are applied to the sandbox – the vulnerable application will be patched with your changes.

If you patch a login function, for example, then logging in to the app via the browser tab will cause your code to be executed.

Save & Run Tests

You can submit your code for testing at any time. We'll test your patch and let you know if you've fixed the vulnerability.

Sandbox Output

If your saved code includes print statements, the resulting output will appear in the Sandbox Output menu located in the bottom left hand corner of the screen whenever the application runs your code.

For more information or tips for getting output, check out this article.

Tests

This tab lists all the patches you've submitted for testing, along with the results of each submission. If your patch doesn't fix the vulnerability, the results will explain why.

Reset Sandbox

You can click this button at any time to reset your sandbox. This will discard any local changes and return the sandbox to its clean, initial state.

Hints

If you need a hint and see the Show Hint button, you can click it for additional information. Only some of our lessons include hints and it will not affect your completion for these lessons.

Did this answer your question?