##Using Protractor and OWASP ZAP to solve the bodgeit store security challenges.
The "The BodgeIt Store" sample application is used https://github.com/psiinon/bodgeit.git
| No | Challenge | Completed |
|---|---|---|
| 01. | Login as test@thebodgeitstore.com | Yes |
| 02. | Login as user1@thebodgeitstore.com | Yes |
| 03. | Login as admin@thebodgeitstore.com | Yes |
| 04. | Find hidden content as a non admin user | Yes |
| 05. | Find diagnostic data | Yes |
| 06. | Level 1: Display a popup using: <script>alert("XSS")</script>. |
Yes |
| 07. | Level 2: Display a popup using: <script>alert("XSS")</script> |
No |
| 08. | Access someone else's basket Not implemented/tested yet :( | :( |
| 09. | Get the store to owe you money | No |
| 10. | Change your password via a GET request | Yes |
| 11. | Conquer AES encryption, and display a popup using: <script>alert("H@cked A3S")</script> | No |
| 12. | Conquer AES encryption and append a list of table names to the normal results. | No |
install OWASP ZAP
export PATH="/Applications/OWASP ZAP.app/Contents/Java/:$PATH"
npm install
node ./node_modules/protractor/bin/webdriver-manager update
node ./node_modules/grunt-protractor-runner/node_modules/protractor/bin/webdriver-manager update
protractor config.js