Merge pull request #128 from f5devcentral/develop

Appworld 2025 - Merge to Master - 2/21/2025
f5devcentral · Feb 21, 2025 · a68339b · a68339b
2 parents cd9ec42 + 6dc30b1
commit a68339b
Show file tree

Hide file tree

Showing 15 changed files with 97 additions and 100 deletions.
diff --git a/docs/waf2025/images/batch_query.png b/docs/waf2025/images/batch_query.png
diff --git a/docs/waf2025/images/burp.png b/docs/waf2025/images/burp.png
diff --git a/docs/waf2025/images/challenge_s.png b/docs/waf2025/images/challenge_s.png
diff --git a/docs/waf2025/images/deep_recur.png b/docs/waf2025/images/deep_recur.png
diff --git a/docs/waf2025/images/dvga_stuck.png b/docs/waf2025/images/dvga_stuck.png
diff --git a/docs/waf2025/images/graphiql.png b/docs/waf2025/images/graphiql.png
diff --git a/docs/waf2025/images/inql.png b/docs/waf2025/images/inql.png
diff --git a/docs/waf2025/images/py_term.png b/docs/waf2025/images/py_term.png
diff --git a/docs/waf2025/images/repeater.png b/docs/waf2025/images/repeater.png
diff --git a/docs/waf2025/images/udf_juice_shop_link.png b/docs/waf2025/images/udf_juice_shop_link.png
diff --git a/docs/waf2025/images/waf_log.png b/docs/waf2025/images/waf_log.png
diff --git a/docs/waf2025/module2/lab4.rst b/docs/waf2025/module2/lab4.rst
@@ -52,7 +52,7 @@ Apply additional protections against the OWASP Top 10
 
         .. image:: ../images/a3check.png
 
-    - Click on **NOT FULLFILLED** next to Evasion Techniques and then click on **Review & Update** at the bottom.
+    - Mouse over **NOT FULLFILLED** next to Evasion Techniques and click on the checkmark to the right to mark it FULLFILLED. Then click on **Review & Update** at the bottom.
 
         .. NOTE:: Some mitigations can be configrued direction in the OWASP Dashboard like this. Evasion techniques refer to techniques apoplied by hackers to attempt to access resources or evade what would otherwise be identified as an attack.
 

diff --git a/docs/waf2025/module3/lab1.rst b/docs/waf2025/module3/lab1.rst
@@ -1,5 +1,5 @@
-Lab 1 - Find DVGA Attack Types
----------------------------------------
+Lab 1 - Explore DVGA Attack Types and Execute Some Attacks
+----------------------------------------------------------
 Objective
 ~~~~~~~~~
 
@@ -20,6 +20,7 @@ Connect to the Linux Client
 
 .. image:: ../images/rdp.png
 
+.. NOTE:: you should only need to enter the password, the username should be auto-populated.
 
 Explore DVGA
 ~~~~~~~~~~~~
@@ -43,8 +44,100 @@ Explore DVGA
 .. NOTE:: Each solution may show a script or just a graphQL payload to use to execute the attack. If it shows a script, you will find a script file matching that attack type in the /graphql directory in the user’s home directory. If the solution shows a GraphQL payload you may choose either the GraphiQL Chrome extension or Burp Suite to execute the attack. After each attack you should review the WAF logs to see the results and which violations triggered. See the “Review Waf Logs” section at the end of Lab 2 for instructions.
 
 
+Execute an attack via a python script
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
+#. Open Terminal on the Linux jump host
+
+#. cd graphql
+
+#. python3 <script name>
+
+.. image:: ../images/py_term.png
+
+
+Execute an attack using the GraphiQL Chrome extension
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Copy the graphQL payload from the Solution
+
+.. image:: ../images/deep_recur.png   
+
+2. Open GraphiQL Chrome extension
+
+#. Enter http://dvga.f5appworld.com/graphql into the target field
+
+#. 4.	Paste the graphql payload from solution
+
+#. Send the request
+
+.. image:: ../images/graphiql.png
+
+
+
+Execute an attack using the Burp Suite
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Open Burp Suite from the desktop icon
+
+.. image:: ../images/burp.png
+
+
+2. Click “Next” and “Start Burp”.
+
+#. Go to the “InQL” Burp extension tab.
+
+#. Enter http://dvga.f5appworld.com/graphql in the GraphQL Endpoint field.
+
+#. Click "Analyze"
+
+.. NOTE:: This will run introspection on DVGA and return the entire schema.  You should see violations in the WAF logs for this.
+
+6. You should now see a directory for DVGA in the schema folders below.
+
+#. Expand the DVGA folder and the date-specific folder.
+
+#. Select the request type that best matches the attack payload youa re trying to use.
+
+#. In the GraphQL paylod area to the right, right-click and select "Send to Repeater"
+
+.. image:: ../images/inql.png
+
+
+10. Select the "Repeater" tab
+
+#. Paste the attack paylod from the SOlution into the Request area.
+
+#. Click "Send"
+
+#. Review the response.
+
+.. image:: ../images/repeater.png
+
+
+
+Review WAF Logs
+~~~~~~~~~~~~~~~
+
+#. In Chrome on the Linux jump host, go to the F5 Advanced WAF shortcut and Login
+
+**user: admin**
+
+**password: f5demos4u!**
+
+2. Navigate to the WAF Request Logs screen
+
+#. Select the request with your most recent attack
+
+#. Review the request and any GRAPHQL violations that may have triggered.
+
+.. image:: ../images/waf_log.png
+
+
+
+**Congratulations! You have just completed Module 3**
+
 
 
 

diff --git a/docs/waf2025/module3/lab2.rst b/docs/waf2025/module3/lab2.rst
diff --git a/docs/waf2025/waf2025.rst b/docs/waf2025/waf2025.rst
@@ -1,4 +1,4 @@
-WAF 2025 - Mitigating App Vulnerabilities with BIG-IP Advanced WAF
+WAF 2025 - Mitigating App Vulnerabilities with BIG-IP Advanced WAF 17.1
 =================================================================================
 
 BIG-IP Advanced Web Applications Firewall, AWAF, is an incredibly powerful security tool to protect applications. Protecting your apps against critical risks such as the threats listed in the OWASP Top 10, requires comprehensive and consistent security. F5 AWAF technology provides a strategic stop gap against common vulnerabilities like injection and cross-site scripting. In this lab we will look at the OWASP Top 10 Wzard and support for GraphQL.