forked from somerset-inc/juice-shop-goof
-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.yml
418 lines (418 loc) · 19.7 KB
/
default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
server:
port: 3000
basePath: ''
application:
domain: juice-sh.op
name: 'OWASP Juice Shop'
logo: JuiceShop_Logo.png
favicon: favicon_js.ico
theme: bluegrey-lightgreen # Options: bluegrey-lightgreen blue-lightblue deeppurple-amber indigo-pink pink-bluegrey purple-green deeporange-indigo
showVersionNumber: true
showGitHubLinks: true
localBackupEnabled: true
numberOfRandomFakeUsers: 0
altcoinName: Juicycoin
privacyContactEmail: donotreply@owasp-juice.shop
customMetricsPrefix: juiceshop
chatBot:
name: 'Juicy'
greeting: "Nice to meet you <customer-name>, I'm <bot-name>"
trainingData: 'botDefaultTrainingData.json'
defaultResponse: "Sorry I couldn't understand what you were trying to say"
avatar: 'JuicyChatBot.png'
social:
twitterUrl: 'https://twitter.com/owasp_juiceshop'
facebookUrl: 'https://www.facebook.com/owasp.juiceshop'
slackUrl: 'https://owasp.org/slack/invite'
redditUrl: 'https://www.reddit.com/r/owasp_juiceshop'
pressKitUrl: 'https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop'
nftUrl: 'https://opensea.io/collection/juice-shop'
questionnaireUrl: ~
recyclePage:
topProductImage: fruit_press.jpg
bottomProductImage: apple_pressings.jpg
welcomeBanner:
showOnFirstStart: true
title: 'Welcome to OWASP Juice Shop!'
message: "<p>Being a web application with a vast number of intended security vulnerabilities, the <strong>OWASP Juice Shop</strong> is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications. The <strong>OWASP Juice Shop</strong> is an open-source project hosted by the non-profit <a href='https://owasp.org' target='_blank'>Open Web Application Security Project (OWASP)</a> and is developed and maintained by volunteers. Check out the link below for more information and documentation on the project.</p><h1><a href='https://owasp-juice.shop' target='_blank'>https://owasp-juice.shop</a></h1>"
cookieConsent:
message: 'This website uses fruit cookies to ensure you get the juiciest tracking experience.'
dismissText: 'Me want it!'
linkText: 'But me wait!'
linkUrl: 'https://www.youtube.com/watch?v=9PnbKL3wuH4'
securityTxt:
contact: 'mailto:donotreply@owasp-juice.shop'
encryption: 'https://keybase.io/bkimminich/pgp_keys.asc?fingerprint=19c01cb7157e4645e9e2c863062a85a8cbfbdcda'
acknowledgements: '/#/score-board'
hiring: '/#/jobs'
promotion:
video: owasp_promo.mp4
subtitles: owasp_promo.vtt
easterEggPlanet:
name: Orangeuze
overlayMap: orangemap2k.jpg
googleOauth:
clientId: '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com'
authorizedRedirects:
- { uri: 'https://demo.owasp-juice.shop' }
- { uri: 'https://juice-shop.herokuapp.com' }
- { uri: 'https://preview.owasp-juice.shop' }
- { uri: 'https://juice-shop-staging.herokuapp.com' }
- { uri: 'https://juice-shop.wtf' }
- { uri: 'http://localhost:3000', proxy: 'https://local3000.owasp-juice.shop' }
- { uri: 'http://127.0.0.1:3000', proxy: 'https://local3000.owasp-juice.shop' }
- { uri: 'http://localhost:4200', proxy: 'https://local4200.owasp-juice.shop' }
- { uri: 'http://127.0.0.1:4200', proxy: 'https://local4200.owasp-juice.shop' }
- { uri: 'http://192.168.99.100:3000', proxy: 'https://localmac.owasp-juice.shop' }
- { uri: 'http://192.168.99.100:4200', proxy: 'https://localmac.owasp-juice.shop' }
- { uri: 'http://penguin.termina.linux.test:3000', proxy: 'https://localchromeos.owasp-juice.shop' }
- { uri: 'http://penguin.termina.linux.test:4200', proxy: 'https://localchromeos.owasp-juice.shop' }
challenges:
showSolvedNotifications: true
showHints: true
showMitigations: true
codingChallengesEnabled: solved # Options: never solved always
restrictToTutorialsFirst: false
overwriteUrlForProductTamperingChallenge: 'https://owasp.slack.com'
xssBonusPayload: '<iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe>'
safetyOverride: false
showFeedbackButtons: true
hackingInstructor:
isEnabled: true
avatarImage: JuicyBot.png
hintPlaybackSpeed: normal # Options: faster fast normal slow slower
products:
-
name: 'Apple Juice (1000ml)'
price: 1.99
deluxePrice: 0.99
limitPerUser: 5
description: 'The all-time classic.'
image: apple_juice.jpg
reviews:
- { text: 'One of my favorites!', author: admin }
-
name: 'Orange Juice (1000ml)'
description: 'Made from oranges hand-picked by Uncle Dittmeyer.'
price: 2.99
deluxePrice: 2.49
image: orange_juice.jpg
reviews:
- { text: 'y0ur f1r3wall needs m0r3 musc13', author: uvogin }
-
name: 'Eggfruit Juice (500ml)'
description: 'Now with even more exotic flavour.'
price: 8.99
image: eggfruit_juice.jpg
reviews:
- { text: 'I bought it, would buy again. 5/7', author: admin }
-
name: 'Raspberry Juice (1000ml)'
description: 'Made from blended Raspberry Pi, water and sugar.'
price: 4.99
image: raspberry_juice.jpg
-
name: 'Lemon Juice (500ml)'
description: 'Sour but full of vitamins.'
price: 2.99
deluxePrice: 1.99
limitPerUser: 5
image: lemon_juice.jpg
-
name: 'Banana Juice (1000ml)'
description: 'Monkeys love it the most.'
price: 1.99
image: banana_juice.jpg
reviews:
- { text: 'Fry liked it too.', author: bender }
-
name: 'OWASP Juice Shop T-Shirt'
description: 'Real fans wear it 24/7!'
price: 22.49
limitPerUser: 5
image: fan_shirt.jpg
-
name: 'OWASP Juice Shop CTF Girlie-Shirt'
description: 'For serious Capture-the-Flag heroines only!'
price: 22.49
image: fan_girlie.jpg
-
name: 'OWASP SSL Advanced Forensic Tool (O-Saft)'
description: 'O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.'
price: 0.01
image: orange_juice.jpg
urlForProductTamperingChallenge: 'https://www.owasp.org/index.php/O-Saft'
-
name: 'Christmas Super-Surprise-Box (2014 Edition)'
description: 'Contains a random selection of 10 bottles (each 500ml) of our tastiest juices and an extra fan shirt for an unbeatable price!'
price: 29.99
image: undefined.jpg
useForChristmasSpecialChallenge: true
-
name: 'Rippertuer Special Juice'
description: 'Contains a magical collection of the rarest fruits gathered from all around the world, like Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... and others, at an unbelievable price! <br/><span style="color:red;">This item has been made unavailable because of lack of safety standards.</span>'
price: 16.99
image: undefined.jpg
keywordsForPastebinDataLeakChallenge:
- hueteroneel
- eurogium edule
-
name: 'OWASP Juice Shop Sticker (2015/2016 design)'
description: 'Die-cut sticker with the official 2015/2016 logo. By now this is a rare collectors item. <em>Out of stock!</em>'
price: 999.99
image: sticker.png
deletedDate: '2017-04-28'
-
name: 'OWASP Juice Shop Iron-Ons (16pcs)'
description: 'Upgrade your clothes with washer safe <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">iron-ons</a> of the OWASP Juice Shop or CTF Extension logo!'
price: 14.99
image: iron-on.jpg
-
name: 'OWASP Juice Shop Magnets (16pcs)'
description: 'Your fridge will be even cooler with these OWASP Juice Shop or CTF Extension logo <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">magnets</a>!'
price: 15.99
image: magnets.jpg
-
name: 'OWASP Juice Shop Sticker Page'
description: 'Massive decoration opportunities with these OWASP Juice Shop or CTF Extension <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">sticker pages</a>! Each page has 16 stickers on it.'
price: 9.99
image: sticker_page.jpg
-
name: 'OWASP Juice Shop Sticker Single'
description: 'Super high-quality vinyl <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">sticker single</a> with the OWASP Juice Shop or CTF Extension logo! The ultimate laptop decal!'
price: 4.99
image: sticker_single.jpg
-
name: 'OWASP Juice Shop Temporary Tattoos (16pcs)'
description: 'Get one of these <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">temporary tattoos</a> to proudly wear the OWASP Juice Shop or CTF Extension logo on your skin! If you tweet a photo of yourself with the tattoo, you get a couple of our stickers for free! Please mention <a href="https://twitter.com/owasp_juiceshop" target="_blank"><code>@owasp_juiceshop</code></a> in your tweet!'
price: 14.99
image: tattoo.jpg
reviews:
- { text: 'I straight-up gots nuff props fo''these tattoos!', author: rapper }
-
name: 'OWASP Juice Shop Mug'
description: 'Black mug with regular logo on one side and CTF logo on the other! Your colleagues will envy you!'
price: 21.99
image: fan_mug.jpg
-
name: 'OWASP Juice Shop Hoodie'
description: 'Mr. Robot-style apparel. But in black. And with logo.'
price: 49.99
image: fan_hoodie.jpg
-
name: 'OWASP Juice Shop-CTF Velcro Patch'
description: '4x3.5" embroidered patch with velcro backside. The ultimate decal for every tactical bag or backpack!'
price: 2.92
quantity: 5
limitPerUser: 5
image: velcro-patch.jpg
reviews:
- { text: 'This thang would look phat on Bobby''s jacked fur coat!', author: rapper }
- { text: 'Looks so much better on my uniform than the boring Starfleet symbol.', author: jim }
-
name: 'Woodruff Syrup "Forest Master X-Treme"'
description: 'Harvested and manufactured in the Black Forest, Germany. Can cause hyperactive behavior in children. Can cause permanent green tongue when consumed undiluted.'
price: 6.99
image: woodruff_syrup.jpg
-
name: 'Green Smoothie'
description: 'Looks poisonous but is actually very good for your health! Made from green cabbage, spinach, kiwi and grass.'
price: 1.99
image: green_smoothie.jpg
reviews:
- { text: 'Fresh out of a replicator.', author: jim }
-
name: 'Quince Juice (1000ml)'
description: 'Juice of the <em>Cydonia oblonga</em> fruit. Not exactly sweet but rich in Vitamin C.'
price: 4.99
image: quince.jpg
-
name: 'Apple Pomace'
description: 'Finest pressings of apples. Allergy disclaimer: Might contain traces of worms. Can be <a href="/#recycle">sent back to us</a> for recycling.'
price: 0.89
limitPerUser: 5
image: apple_pressings.jpg
-
name: 'Fruit Press'
description: 'Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.'
price: 89.99
image: fruit_press.jpg
-
name: 'OWASP Juice Shop Logo (3D-printed)'
description: 'This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.'
price: 99.99
image: 3d_keychain.jpg # Exif metadata contains "OpenSCAD" as subtle hint...
fileForRetrieveBlueprintChallenge: JuiceShop.stl # ...to blueprint file type
exifForBlueprintChallenge:
- OpenSCAD
-
name: 'Juice Shop Artwork'
description: 'Unique masterpiece painted with different kinds of juice on 90g/m² lined paper.'
price: 278.74
quantity: 0
image: artwork.jpg
deletedDate: '2020-12-24'
-
name: 'Global OWASP WASPY Award 2017 Nomination'
description: 'Your chance to nominate up to three quiet pillars of the OWASP community ends 2017-06-30! <a href="https://www.owasp.org/index.php/WASPY_Awards_2017">Nominate now!</a>'
price: 0.03
image: waspy.png
deletedDate: '2017-07-01'
-
name: 'Strawberry Juice (500ml)'
description: 'Sweet & tasty!'
price: 3.99
image: strawberry_juice.jpeg
-
name: 'Carrot Juice (1000ml)'
description: 'As the old German saying goes: "Carrots are good for the eyes. Or has anyone ever seen a rabbit with glasses?"'
price: 2.99
image: carrot_juice.jpeg
reviews:
- { text: '0 st4rs f0r 7h3 h0rr1bl3 s3cur17y', author: uvogin }
-
name: 'OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition)'
description: '10 sheets of Sweden-themed stickers with 15 stickers on each.'
price: 19.1
image: stickersheet_se.png
deletedDate: '2017-09-20'
-
name: 'Pwning OWASP Juice Shop'
description: '<em>The official Companion Guide</em> by Björn Kimminich available <a href="https://leanpub.com/juice-shop">for free on LeanPub</a> and also <a href="https://pwning.owasp-juice.shop">readable online</a>!'
price: 5.99
image: cover_small.jpg
reviews:
- { text: 'Even more interesting than watching Interdimensional Cable!', author: morty }
-
name: 'Melon Bike (Comeback-Product 2018 Edition)'
description: 'The wheels of this bicycle are made from real water melons. You might not want to ride it up/down the curb too hard.'
price: 2999
quantity: 3
limitPerUser: 1
image: melon_bike.jpeg
-
name: 'OWASP Juice Shop Coaster (10pcs)'
description: 'Our 95mm circle coasters are printed in full color and made from thick, premium coaster board.'
price: 19.99
quantity: 0
image: coaster.jpg
-
name: 'OWASP Snakes and Ladders - Web Applications'
description: 'This amazing web application security awareness board game is <a href="https://steamcommunity.com/sharedfiles/filedetails/?id=1969196030">available for Tabletop Simulator on Steam Workshop</a> now!'
price: 0.01
quantity: 8
image: snakes_ladders.jpg
reviews:
- { text: 'Wait for a 10$ Steam sale of Tabletop Simulator!', author: bjoernOwasp }
-
name: 'OWASP Snakes and Ladders - Mobile Apps'
description: 'This amazing mobile app security awareness board game is <a href="https://steamcommunity.com/sharedfiles/filedetails/?id=1970691216">available for Tabletop Simulator on Steam Workshop</a> now!'
price: 0.01
quantity: 0
image: snakes_ladders_m.jpg
reviews:
- { text: "Here yo' learn how tha fuck ta not show yo' goddamn phone on camera!", author: rapper }
-
name: 'OWASP Juice Shop Holographic Sticker'
description: "Die-cut holographic sticker. Stand out from those 08/15-sticker-covered laptops with this shiny beacon of 80's coolness!"
price: 2.00
quantity: 0
image: holo_sticker.png
reviews:
- { text: "Rad, dude!", author: rapper }
- { text: "Looks spacy on Bones' new tricorder!", author: jim }
- { text: "Will put one on the Planet Express ship's bumper!", author: bender }
-
name: 'OWASP Juice Shop "King of the Hill" Facemask'
description: "Facemask with compartment for filter from 50% cotton and 50% polyester."
price: 13.49
quantity: 0
limitPerUser: 1
image: fan_facemask.jpg
reviews:
- { text: "K33p5 y0ur ju1cy 5plu773r 70 y0ur53lf!", author: uvogin }
- { text: "Puny mask for puny human weaklings!", author: bender }
-
name: 'Juice Shop Adversary Trading Card (Common)'
description: 'Common rarity "Juice Shop" card for the <a href="https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform">Adversary Trading Cards</a> CCG.'
price: 2.99
deluxePrice: 0.99
deletedDate: '2020-11-30'
limitPerUser: 5
image: ccg_common.png
reviews:
- { text: "Ooooh, puny human playing Mau Mau, now?", author: bender }
-
name: 'Juice Shop Adversary Trading Card (Super Rare)'
description: 'Super rare "Juice Shop" card with holographic foil-coating for the <a href="https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform">Adversary Trading Cards</a> CCG.'
price: 99.99
deluxePrice: 69.99
deletedDate: '2020-11-30'
quantity: 2
limitPerUser: 1
image: ccg_foil.png
reviews:
- { text: "Mau Mau with bling-bling? Humans are so pathetic!", author: bender }
-
name: 'Juice Shop "Permafrost" 2020 Edition'
description: 'Exact version of <a href="https://github.com/juice-shop/juice-shop/releases/tag/v9.3.1-PERMAFROST">OWASP Juice Shop that was archived on 02/02/2020</a> by the GitHub Archive Program and ultimately went into the <a href="https://github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic">Arctic Code Vault</a> on July 8. 2020 where it will be safely stored for at least 1000 years.'
price: 9999.99
quantity: 1
limitPerUser: 1
image: permafrost.jpg
reviews:
- { text: "🧊 Let it go, let it go 🎶 Can't hold it back anymore 🎶 Let it go, let it go 🎶 Turn away and slam the door ❄️", author: rapper }
-
name: 'Best Juice Shop Salesman Artwork'
description: 'Unique digital painting depicting Stan, our most qualified and almost profitable salesman. He made a succesful carreer in selling used ships, coffins, krypts, crosses, real estate, life insurance, restaurant supplies, voodoo enhanced asbestos and courtroom souvenirs before <em>finally</em> adding his expertise to the Juice Shop marketing team.'
price: 5000
quantity: 1
image: artwork2.jpg
reviews:
- { text: "I'd stand on my head to make you a deal for this piece of art.", author: stan }
- { text: "Just when my opinion of humans couldn't get any lower, along comes Stan...", author: bender }
-
name: 'OWASP Juice Shop Card (non-foil)'
description: 'Mythic rare <small><em>(obviously...)</em></small> card "OWASP Juice Shop" with three distinctly useful abilities. Alpha printing, mint condition. A true collectors piece to own!'
price: 1000
quantity: 3
limitPerUser: 1
image: card_alpha.jpg
reviews:
- { text: 'DO NOT PLAY WITH THIS! Double-sleeve, then put it in the GitHub Arctic Vault for perfect preservation and boost of secondary market value!', author: accountant }
-
name: '20th Anniversary Celebration Ticket'
description: 'Get your <a href="https://20thanniversary.owasp.org/" target="_blank">free 🎫 for OWASP 20th Anniversary Celebration</a> online conference! Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors. With an anticipated 10k+ attendees from around the world, you will not want to miss this live on-line event!'
price: 0.00000000000000000001
deletedDate: '2021-09-25'
limitPerUser: 1
image: 20th.jpeg
reviews:
- { text: "I'll be there! Will you, too?", author: bjoernOwasp }
memories:
-
image: 'magn(et)ificent!-1571814229653.jpg'
caption: 'Magn(et)ificent!'
user: bjoernGoogle
-
image: 'my-rare-collectors-item!-[̲̅$̲̅(̲̅-͡°-͜ʖ-͡°̲̅)̲̅$̲̅]-1572603645543.jpg'
caption: 'My rare collectors item! [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]'
user: bjoernGoogle
-
image: 'favorite-hiking-place.png'
caption: 'I love going hiking here...'
geoStalkingMetaSecurityQuestion: 14
geoStalkingMetaSecurityAnswer: 'Daniel Boone National Forest'
-
image: 'IMG_4253.jpg'
caption: 'My old workplace...'
geoStalkingVisualSecurityQuestion: 10
geoStalkingVisualSecurityAnswer: 'ITsec'
-
image: 'BeeHaven.png'
caption: 'Welcome to the Bee Haven (/#/bee-haven)🐝'
user: evm
ctf:
showFlagsInNotifications: false
showCountryDetailsInNotifications: none # Options: none name flag both
countryMapping: ~