Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 26 21:05
    prince-7 edited #1571
  • Jan 26 21:03
    pull-request-size[bot] labeled #1571
  • Jan 26 21:03
    prince-7 opened #1571
  • Jan 26 21:01
    prince-7 closed #1570
  • Jan 26 21:01
    pull-request-size[bot] labeled #1570
  • Jan 26 21:01
    prince-7 opened #1570
  • Jan 25 13:24
    pull-request-size[bot] labeled #1569
  • Jan 25 13:24
    cigar-galaxy82 opened #1569
  • Jan 22 22:03

    bkimminich on develop

    Remove call to apt-get update f… (compare)

  • Jan 22 21:58

    bkimminich on develop

    Fall back to default Codespaces… (compare)

  • Jan 22 21:41

    bkimminich on develop

    Use TypeScript/Node devcontaine… (compare)

  • Jan 22 14:29

    bkimminich on develop

    Install Angular CLI globally on… (compare)

  • Jan 22 08:35

    bkimminich on develop

    Add template for new GitHub Cod… (compare)

  • Jan 21 12:40
    pull-request-size[bot] labeled #1568
  • Jan 21 12:40

    bkimminich on l10n_develop

    New translations en.json (Roman… (compare)

  • Jan 21 12:40
    bkimminich opened #1568
  • Jan 20 14:53
    J12934 assigned #1491
  • Jan 20 07:12

    bkimminich on develop

    Add missing 2020 and upcoming 2… Add "Nested Easter Egg" video b… Update to latest node-fetch ver… and 1 more (compare)

  • Jan 20 07:06

    bkimminich on master

    Add "Nested Easter Egg" video b… (compare)

  • Jan 19 11:30

    github-actions[bot] on develop

    Auto-fix linting issues Signed… (compare)

Clément Notin
@cnotin
oh yes indeed my bad :) thank you!!
Clément Notin
@cnotin
looks like Travis CI is back :)
Björn Kimminich
@bkimminich
Yeah, it was for a while but now my additional 50.000 credits are used up again while they haven't confirmed free OSS status yet. So it'll stop building again pretty soon, like probably now ... :-(
Clément Notin
@cnotin
Ouch... I've read something about this it's annoying...
bkimminich
@bkimminich:matrix.org
[m]
I've started experimenting with GitHub Actions as a plan B, and Linting, Unit and Integration tests work so far. Didn't get E2E to launch just yet and didn't touch Docker image building, Heroku deployment and GitHub releases yet.
Björn Kimminich
@bkimminich
👆Gitter now supports Matrix/Element chat, not sure if that's exciting, but it works at least... 😅
jrobber1
@jrobber1
Hi, I am running on windows and cant get CTF mode to work. Can someone point me in the right direction?
bkimminich
@bkimminich:matrix.org
[m]
You need to set NODE_ENV=ctf first and then run npm start from a Windows CMD or Powershell and that should be it. If it doesn't work, some specifics on the error you get would help.
jrobber1
@jrobber1
thats the problem there is no error
seems to work but doesnt gen the flags
https://cloud.skytap.com/vms/1523ab8deea92a2c4828daa837a5c7a7/desktops
check it out if you want :)
bkimminich
@bkimminich:matrix.org
[m]
What do the log messages during start-up say if "default" or "ctf" config is being used? If it doesn't say ctf, then the environment variable is not set correctly. If you didn't change the ctf.yml config file itself, that's the only issue I can think of.
jrobber1
@jrobber1
saying default i didnt change the ctf.yml

PS C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1\config> set NODE_ENV=ctf
PS C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1\config> npm start

juice-shop@12.1.1 start C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1
node app

info: All dependencies in ./package.json are satisfied (OK)
info: Chatbot training data botDefaultTrainingData.json validated (OK)
{ locale: 'en', useNoneFeature: undefined, trainByDomain: undefined }
info: Detected Node.js version v14.15.1 (OK)
info: Detected OS win32 (OK)
info: Detected CPU x64 (OK)
info: Configuration default validated (OK)
info: Required file index.html is present (OK)
info: Required file styles.css is present (OK)
info: Required file tutorial-es2018.js is present (OK)
info: Required file main-es2018.js is present (OK)
info: Required file polyfills-es2018.js is present (OK)
info: Required file runtime-es2018.js is present (OK)
info: Required file vendor-es2018.js is present (OK)
info: Required file main-es5.js is present (OK)
info: Required file tutorial-es5.js is present (OK)
info: Required file polyfills-es5.js is present (OK)
info: Required file runtime-es5.js is present (OK)
info: Required file vendor-es5.js is present (OK)
info: Port 3000 is available (OK)
info: Server listening on port 3000

bkimminich
@bkimminich:matrix.org
[m]
Hm, by setting NODE_ENV you define the config file to use, but it seems to ignore that. Seems you run both commands from the config-folder. Can you cd.. out of that and try again?
tandejun
@tandejun
hi! can I check if there is any way to customize the currency of the Juice Shop products? By default, it is using an unspecified currency (¤).
btw - thanks for the great work!
bkimminich
@bkimminich:matrix.org
[m]
There's no customization of the currency symbol available at the moment. I thought about that in the past, but it didn't feel right to have this in the config properties as it's less a theme related but locale specific thing. So I made it absolutely neutral. An alternative would be to depend it on the selected language, but without introducing currency conversion or anything. Just as a cosmetic improvement?
tandejun
@tandejun
yeap it would be just as a cosmetic improvement to suit users from different countries. No worries though, thanks for getting back to me, i appreciate it!
Clément Notin
@cnotin
Hi! FYI I just noticed that the CI/CD on my PR #1533 has restarted after having finished (with one error in e2e)!
@bkimminich did you restart it yourself? Or is it normal?
Ok just saw your comment ;)
bkimminich
@bkimminich:matrix.org
[m]
I restarted it manually, yeah.
Clément Notin
@cnotin
fingers crossed!
bkimminich
@bkimminich:matrix.org
[m]
Yup!
Clément Notin
@cnotin
Nice job :)
There are some errors in the tests that check the default config but I had those in local testing, was it already the case?
jrobber1
@jrobber1

Just tried to cd.. out of the config folder same result PS C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1\config> cd ..
PS C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1> set NODE_ENV=ctf
PS C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1> npm start

juice-shop@12.1.1 start C:\Users\Administrator\Downloads\juice-shop-12.1.1_node14_win32_x64\juice-shop_12.1.1
node app

info: All dependencies in ./package.json are satisfied (OK)
info: Chatbot training data botDefaultTrainingData.json validated (OK)
{ locale: 'en', useNoneFeature: undefined, trainByDomain: undefined }
info: Detected Node.js version v14.15.1 (OK)
info: Detected OS win32 (OK)
info: Detected CPU x64 (OK)
info: Configuration default validated (OK)
info: Required file index.html is present (OK)
info: Required file styles.css is present (OK)
info: Required file main-es2018.js is present (OK)
info: Required file tutorial-es2018.js is present (OK)
info: Required file polyfills-es2018.js is present (OK)
info: Required file runtime-es2018.js is present (OK)
info: Required file vendor-es2018.js is present (OK)
info: Required file main-es5.js is present (OK)
info: Required file tutorial-es5.js is present (OK)
info: Required file polyfills-es5.js is present (OK)
info: Required file runtime-es5.js is present (OK)
info: Required file vendor-es5.js is present (OK)
info: Port 3000 is available (OK)
info: Server listening on port 3000

bkimminich
@bkimminich:matrix.org
[m]
I can't tell why it doesn't recognize the environment variable on your computer. I just tested in cmd.exe and it works setting NODE_ENV first and then run the app.
Björn Kimminich
@bkimminich
image.png
Mane Shreerang
@shreerang.shreerang1_gitlab
i found a bug using the payload on juice shop <noscript><p title="</noscript><img src=x onerror=alert(document.cookie)>"> also it is not present on score board so its a new discovery i guess!!!
check it out for yourself if you dont belive me
bkimminich
@bkimminich:matrix.org
[m]
The score board only recognizes the payloads defined therein. The question is where you applied that payload to decide if you found a new XSS or just exploited a known one with an unrecognized payload.
Mane Shreerang
@shreerang.shreerang1_gitlab
The score board only recognizes the payloads defined therein. The question is where you applied that payload to decide if you found a new XSS or just exploited a known one with an unrecognized payload.
i think i just exploited it with an unknown payload.
Björn Kimminich
@bkimminich
Yep, you did that on the search field, saw the screenshot in the Tweet... :wink:
bkimminich
@bkimminich:matrix.org
[m]
https://github.com/bkimminich/juice-shop/releases/tag/v12.3.0 is out now!
Mane Shreerang
@shreerang.shreerang1_gitlab
sir is it recommended to learn using juice shop before i get into actual real world bug bounty hunting??? also what is the level of similarity between juice shop and real world bugs???
bkimminich
@bkimminich:matrix.org
[m]
Some Juice Shop challenges are way over the top or pure shenanigans, but the majority is quite realistic. I can't say if it's sufficient as an exclusive bounty hunter training, though.
Mane Shreerang
@shreerang.shreerang1_gitlab
ohk sir i asked such a question cause i am a total noob and i don't have any technical background so i couldn't resist. thanks for your help and see you later.
bkimminich
@bkimminich:matrix.org
[m]
Merry Christmas/Happy Holidays to all Juice Shop users & contributors! 🎄🎁🎅
bkimminich
@bkimminich:matrix.org
[m]
I just pushed out v12.4.0 as the last release of 2020! It comes with mostly behind-the-scenes updates like Angular 11, ESLint instead of TSLint but also some bugfixes and a lovely new product!
bkimminich
@bkimminich:matrix.org
[m]
I'm thinking about having a feedback widget for the challenges where people can rate a challenge as "too easy" or "too hard" for its given difficulty, and maybe leave free text comments, too. Questions is, where to put this feedback. Definitely not my mail inbox. Also no auto-opened GH issues. Slack or Gitter incoming webhook maybe? Some Google Form (if that's automatable)? ...? Other ideas?
Tobias Stevenson
@h4dopel0gic
think i found a new bug manipulating the digital wallet. enter amount -> in the payment options set the continue button to enable using the debugger -> after returning to the wallet the funds are added ... i've only been at this less then a month actively ... anyone ever have this bug before?
bkimminich
@bkimminich:matrix.org
[m]
So you don't even have to select a "credit card" before doing that? Yeah, we should check that in the backend a bit more securely... 🪳👍
bkimminich
@bkimminich:matrix.org
[m]
If you could open a GH issue for that, @h4dopel0gic, that'd be awesome!
Tobias Stevenson
@h4dopel0gic
Happy to help, this will be my first GH issue ever ... should i just submit it as a "bug report"? any other requirements?
bkimminich
@bkimminich:matrix.org
[m]
Bug Report would be perfect, should contain all the info that will help chase this down and fix it! 👍
Tobias Stevenson
@h4dopel0gic
GH issue openend, should be simple to chase down ... i dont know the first thing about fixing it tho :D Let me know if there is anything else i can help
bkimminich
@bkimminich:matrix.org
[m]
@h4dopel0gic It's fixed and was released yesterday along with other changes as v12.5.0. Thanks again for reporting this!
s5urce
@s5urce:matrix.org
[m]
hey any1 online
bkimminich
@bkimminich:matrix.org
[m]
s5urce Occasionally, sure... 😁 ... Can we help you with anything?