Merge pull request #6 from virtual-labs/main

from main

Author: AmritaValueCS-22

README.md

@@ -1,24 +1,25 @@
 ## Introduction
 
-
-<b>Discipline | <b>Fill your discipline name here
+<b>Discipline | <b>Computer Science and Engineering
 :--|:--|
-<b> Lab | <b> Fill your lab name here
-<b> Experiment|     <b> Fill your experiment name and number here
+<b> Lab | <b>Introductory Cyber Security Lab 
+<b> Experiment|     <b> Broken Authentication Via Cookie Manipulation
+## About the Experiment 
 
-### About the Experiment 
 
-Fill a brief description of this experiment here
 
-<b>Name of Developer | <b> Fill the name of experiment owner here 
+<b>Name of Developer | <b> Dr. Krishnashree Achuthan
 :--|:--|
-<b> Institute | <b>  
-<b> Email id|     <b>  
-<b> Department |  
+<b> Institute | <b>  Amrita Vishwa Vidyapeetham 
+<b> Email id|     <b>    krishna@amrita.edu
+<b> Department |   Center for Cyber Security Systems and Networks
 
 ### Contributors List
 
 SrNo | Name | Faculty or Student | Department| Institute | Email id
 :--|:--|:--|:--|:--|:--|
-1 | . | . | . | . | .
-2 | . | . | . | . | .
+1 | Vipin P | Faculty | Center for Cyber Security Systems and Networks| Amrita Vishwa Vidyapeetham | vipinp@am.amrita.edu
+2 | Pavithra S P  |Faculty | Center for Cyber Security Systems and Networks |Amrita Vishwa Vidyapeetham | pavithrasp@am.amrita.edu
+3 | Anandi K | Faculty | Center for Cyber Security Systems and Networks| Amrita Vishwa Vidyapeetham | anandik@am.amrita.edu
+
+

experiment/aim.md

@@ -1,2 +1,2 @@
-### Aim of the experiment
-<p>To understand how Broken Authentication via Cookie Manipulation works and how it can lead to unauthorized access. This experiment demonstrates how modifying session cookies can allow a user to escalate privileges. Users will learn how to identify and exploit such vulnerabilities.</p>
+
+<p>To understand how Broken Authentication via Cookie Manipulation works and how it can lead to unauthorized access. This experiment demonstrates how modifying session cookies can allow a user to escalate privileges. Users will learn how to identify and exploit such vulnerabilities.</p>

experiment/contributors.md

@@ -1,11 +1,10 @@
-EMPTY
-<!-- Remove all lines above this line before making changes to the file -->
-### Subject Matter Experts
-| SNo. | Name | Email | Institute | ID |
-| :---: | :---: | :---: | :---: | :---: |
-| 1 | name | email | institute | id |
-
-### Developers
-| SNo. | Name | Email | Institute | ID |
-| :---: | :---: | :---: | :---: | :---: |
-| 1 | name | email | institute | id |
+
+### Contributors List
+
+SrNo | Name | Faculty or Student | Department| Institute | Email id
+:--|:--|:--|:--|:--|:--|
+1 | Vipin P | Faculty | Center for Cyber Security Systems and Networks| Amrita Vishwa Vidyapeetham | vipinp@am.amrita.edu
+2 | Pavithra S P  |Faculty | Center for Cyber Security Systems and Networks |Amrita Vishwa Vidyapeetham | pavithrasp@am.amrita.edu
+3 | Anandi K | Faculty | Center for Cyber Security Systems and Networks| Amrita Vishwa Vidyapeetham | anandik@am.amrita.edu
+
+

experiment/procedure.md

@@ -1,4 +1,4 @@
-### Procedure
+
 
 <b><p>Log in with any username and password using the form .</p></b>
 
@@ -24,4 +24,4 @@
 <p>Click "Refresh Session" to reload your dashboard and apply the updated session, granting admin privileges.</p>
 
 <img src="./images/step9.png" alt="login" />
-<p>Hence, you have successfully broken authentication and gained unauthorized access to the admin dashboard by manipulating the session cookie. This happens due to the lack of proper session integrity checks, allowing users to modify and encode their own authentication data without validation.</p>
+<p>Hence, you have successfully broken authentication and gained unauthorized access to the admin dashboard by manipulating the session cookie. This happens due to the lack of proper session integrity checks, allowing users to modify and encode their own authentication data without validation.</p>

experiment/references.md

@@ -1,9 +1,8 @@
-### References
 
 1. OWASP Foundation, *Authentication Cheat Sheet*, OWASP, 2023. [Online]. Available: [https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
 
 2. OWASP Foundation, *Session Management Cheat Sheet*, OWASP, 2023. [Online]. Available: [https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html)
 
 3. PortSwigger Web Security Academy, *Authentication vulnerabilities*, PortSwigger, 2023. [Online]. Available: [https://portswigger.net/web-security/authentication](https://portswigger.net/web-security/authentication)
 
-4. MITRE, *CWE-565: Reliance on Cookies without Validation and Integrity Checking*, Common Weakness Enumeration, 2023. [Online]. Available: [https://cwe.mitre.org/data/definitions/565.html](https://cwe.mitre.org/data/definitions/565.html)
+4. MITRE, *CWE-565: Reliance on Cookies without Validation and Integrity Checking*, Common Weakness Enumeration, 2023. [Online]. Available: [https://cwe.mitre.org/data/definitions/565.html](https://cwe.mitre.org/data/definitions/565.html)

experiment/theory.md

@@ -1,4 +1,4 @@
-### Theory
+
 
 #### Overview of Broken Authentication
 **Broken Authentication** occurs when an application fails to correctly implement authentication or session management. This can allow attackers to bypass login mechanisms, hijack sessions, or gain access to sensitive accounts or functionality (like administrative dashboards).