config/default.yml
server:
port: 3000
basePath: ''
baseUrl: 'http://localhost:3000' # used for CSAF, e.g. https://example.com
application:
domain: juice-sh.op # for pre-loaded email users
name: 'OWASP Juice Shop'
logo: JuiceShop_Logo.png
favicon: favicon_js.ico
theme: bluegrey-lightgreen # Options: bluegrey-lightgreen blue-lightblue deeppurple-amber indigo-pink pink-bluegrey purple-green deeporange-indigo
showVersionNumber: true
showGitHubLinks: true
localBackupEnabled: true
numberOfRandomFakeUsers: 0
altcoinName: Juicycoin
privacyContactEmail: donotreply@owasp-juice.shop
customMetricsPrefix: juiceshop
chatBot:
name: 'Juicy'
greeting: "Nice to meet you <customer-name>, I'm <bot-name>"
trainingData: 'botDefaultTrainingData.json'
defaultResponse: "Sorry I couldn't understand what you were trying to say"
avatar: 'JuicyChatBot.png'
social:
twitterUrl: 'https://twitter.com/owasp_juiceshop'
facebookUrl: 'https://www.facebook.com/owasp.juiceshop'
slackUrl: 'https://owasp.org/slack/invite'
redditUrl: 'https://www.reddit.com/r/owasp_juiceshop'
pressKitUrl: 'https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop'
nftUrl: 'https://opensea.io/collection/juice-shop'
questionnaireUrl: ~
recyclePage:
topProductImage: fruit_press.jpg
bottomProductImage: apple_pressings.jpg
welcomeBanner:
showOnFirstStart: true
title: 'Welcome to OWASP Juice Shop!'
message: "<p>Being a web application with a vast number of intended security vulnerabilities, the <strong>OWASP Juice Shop</strong> is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications. The <strong>OWASP Juice Shop</strong> is an open-source project hosted by the non-profit <a href='https://owasp.org' target='_blank'>Open Web Application Security Project (OWASP)</a> and is developed and maintained by volunteers. Check out the link below for more information and documentation on the project.</p><h1><a href='https://owasp-juice.shop' target='_blank'>https://owasp-juice.shop</a></h1>"
cookieConsent:
message: 'This website uses fruit cookies to ensure you get the juiciest tracking experience.'
dismissText: 'Me want it!'
linkText: 'But me wait!'
linkUrl: 'https://www.youtube.com/watch?v=9PnbKL3wuH4'
securityTxt:
contact: 'mailto:donotreply@owasp-juice.shop'
encryption: 'https://keybase.io/bkimminich/pgp_keys.asc?fingerprint=19c01cb7157e4645e9e2c863062a85a8cbfbdcda'
acknowledgements: '/#/score-board'
hiring: '/#/jobs'
csaf: '/.well-known/csaf/provider-metadata.json' # scheme,host,port taken from baseUrl
promotion:
video: owasp_promo.mp4
subtitles: owasp_promo.vtt
easterEggPlanet:
name: Orangeuze
overlayMap: orangemap2k.jpg
googleOauth:
clientId: '1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com'
authorizedRedirects:
- { uri: 'https://demo.owasp-juice.shop' }
- { uri: 'https://juice-shop.herokuapp.com' }
- { uri: 'https://preview.owasp-juice.shop' }
- { uri: 'https://juice-shop-staging.herokuapp.com' }
- { uri: 'https://juice-shop.wtf' }
- { uri: 'http://localhost:3000', proxy: 'https://local3000.owasp-juice.shop' }
- { uri: 'http://127.0.0.1:3000', proxy: 'https://local3000.owasp-juice.shop' }
- { uri: 'http://localhost:4200', proxy: 'https://local4200.owasp-juice.shop' }
- { uri: 'http://127.0.0.1:4200', proxy: 'https://local4200.owasp-juice.shop' }
- { uri: 'http://192.168.99.100:3000', proxy: 'https://localmac.owasp-juice.shop' }
- { uri: 'http://192.168.99.100:4200', proxy: 'https://localmac.owasp-juice.shop' }
- { uri: 'http://penguin.termina.linux.test:3000', proxy: 'https://localchromeos.owasp-juice.shop' }
- { uri: 'http://penguin.termina.linux.test:4200', proxy: 'https://localchromeos.owasp-juice.shop' }
challenges:
showSolvedNotifications: true
showHints: true
showMitigations: true
codingChallengesEnabled: solved # Options: never solved always
restrictToTutorialsFirst: false
overwriteUrlForProductTamperingChallenge: 'https://owasp.slack.com'
xssBonusPayload: '<iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe>'
safetyMode: auto
showFeedbackButtons: true
csafHashValue: 7d679a6a84a1ec0f12f91e2f487b9e89a7282ef775cbbec8baea2fa50eb101b7ee402dadd1bb9df0d8aaeb3ecb93e2892735f44b0c6cfb32c2f70478ae45afb7
hackingInstructor:
isEnabled: true
avatarImage: JuicyBot.png
hintPlaybackSpeed: normal # Options: faster fast normal slow slower
products:
-
name: 'Apple Juice (1000ml)'
price: 1.99
deluxePrice: 0.99
limitPerUser: 5
description: 'The all-time classic.'
image: apple_juice.jpg
reviews:
- { text: 'One of my favorites!', author: admin }
-
name: 'Orange Juice (1000ml)'
description: 'Made from oranges hand-picked by Uncle Dittmeyer.'
price: 2.99
deluxePrice: 2.49
image: orange_juice.jpg
reviews:
- { text: 'y0ur f1r3wall needs m0r3 musc13', author: uvogin }
-
name: 'Eggfruit Juice (500ml)'
description: 'Now with even more exotic flavour.'
price: 8.99
image: eggfruit_juice.jpg
reviews:
- { text: 'I bought it, would buy again. 5/7', author: admin }
-
name: 'Raspberry Juice (1000ml)'
description: 'Made from blended Raspberry Pi, water and sugar.'
price: 4.99
image: raspberry_juice.jpg
-
name: 'Lemon Juice (500ml)'
description: 'Sour but full of vitamins.'
price: 2.99
deluxePrice: 1.99
limitPerUser: 5
image: lemon_juice.jpg
-
name: 'Banana Juice (1000ml)'
description: 'Monkeys love it the most.'
price: 1.99
image: banana_juice.jpg
reviews:
- { text: 'Fry liked it too.', author: bender }
-
name: 'OWASP Juice Shop T-Shirt'
description: 'Real fans wear it 24/7!'
price: 22.49
limitPerUser: 5
image: fan_shirt.jpg
-
name: 'OWASP Juice Shop CTF Girlie-Shirt'
description: 'For serious Capture-the-Flag heroines only!'
price: 22.49
image: fan_girlie.jpg
-
name: 'OWASP SSL Advanced Forensic Tool (O-Saft)'
description: 'O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.'
price: 0.01
image: orange_juice.jpg
urlForProductTamperingChallenge: 'https://www.owasp.org/index.php/O-Saft'
-
name: 'Christmas Super-Surprise-Box (2014 Edition)'
description: 'Contains a random selection of 10 bottles (each 500ml) of our tastiest juices and an extra fan shirt for an unbeatable price!'
price: 29.99
image: undefined.jpg
useForChristmasSpecialChallenge: true
-
name: 'Rippertuer Special Juice'
description: 'Contains a magical collection of the rarest fruits gathered from all around the world, like Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... and others, at an unbelievable price! <br/><span style="color:red;">This item has been made unavailable because of lack of safety standards.</span>'
price: 16.99
image: undefined.jpg
keywordsForPastebinDataLeakChallenge:
- hueteroneel
- eurogium edule
-
name: 'OWASP Juice Shop Sticker (2015/2016 design)'
description: 'Die-cut sticker with the official 2015/2016 logo. By now this is a rare collectors item. <em>Out of stock!</em>'
price: 999.99
image: sticker.png
deletedDate: '2017-04-28'
-
name: 'OWASP Juice Shop Iron-Ons (16pcs)'
description: 'Upgrade your clothes with washer safe <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">iron-ons</a> of the OWASP Juice Shop or CTF Extension logo!'
price: 14.99
image: iron-on.jpg
-
name: 'OWASP Juice Shop Magnets (16pcs)'
description: 'Your fridge will be even cooler with these OWASP Juice Shop or CTF Extension logo <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">magnets</a>!'
price: 15.99
image: magnets.jpg
-
name: 'OWASP Juice Shop Sticker Page'
description: 'Massive decoration opportunities with these OWASP Juice Shop or CTF Extension <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">sticker pages</a>! Each page has 16 stickers on it.'
price: 9.99
image: sticker_page.jpg
-
name: 'OWASP Juice Shop Sticker Single'
description: 'Super high-quality vinyl <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">sticker single</a> with the OWASP Juice Shop or CTF Extension logo! The ultimate laptop decal!'
price: 4.99
image: sticker_single.jpg
-
name: 'OWASP Juice Shop Temporary Tattoos (16pcs)'
description: 'Get one of these <a href="https://www.stickeryou.com/products/owasp-juice-shop/794" target="_blank">temporary tattoos</a> to proudly wear the OWASP Juice Shop or CTF Extension logo on your skin! If you tweet a photo of yourself with the tattoo, you get a couple of our stickers for free! Please mention <a href="https://twitter.com/owasp_juiceshop" target="_blank"><code>@owasp_juiceshop</code></a> in your tweet!'
price: 14.99
image: tattoo.jpg
reviews:
- { text: 'I straight-up gots nuff props fo''these tattoos!', author: rapper }
-
name: 'OWASP Juice Shop Mug'
description: 'Black mug with regular logo on one side and CTF logo on the other! Your colleagues will envy you!'
price: 21.99
image: fan_mug.jpg
-
name: 'OWASP Juice Shop Hoodie'
description: 'Mr. Robot-style apparel. But in black. And with logo.'
price: 49.99
image: fan_hoodie.jpg
-
name: 'OWASP Juice Shop-CTF Velcro Patch'
description: '4x3.5" embroidered patch with velcro backside. The ultimate decal for every tactical bag or backpack!'
price: 2.92
quantity: 5
limitPerUser: 5
image: velcro-patch.jpg
reviews:
- { text: 'This thang would look phat on Bobby''s jacked fur coat!', author: rapper }
- { text: 'Looks so much better on my uniform than the boring Starfleet symbol.', author: jim }
-
name: 'Woodruff Syrup "Forest Master X-Treme"'
description: 'Harvested and manufactured in the Black Forest, Germany. Can cause hyperactive behavior in children. Can cause permanent green tongue when consumed undiluted.'
price: 6.99
image: woodruff_syrup.jpg
-
name: 'Green Smoothie'
description: 'Looks poisonous but is actually very good for your health! Made from green cabbage, spinach, kiwi and grass.'
price: 1.99
image: green_smoothie.jpg
reviews:
- { text: 'Fresh out of a replicator.', author: jim }
-
name: 'Quince Juice (1000ml)'
description: 'Juice of the <em>Cydonia oblonga</em> fruit. Not exactly sweet but rich in Vitamin C.'
price: 4.99
image: quince.jpg
-
name: 'Apple Pomace'
description: 'Finest pressings of apples. Allergy disclaimer: Might contain traces of worms. Can be <a href="/#recycle">sent back to us</a> for recycling.'
price: 0.89
limitPerUser: 5
image: apple_pressings.jpg
-
name: 'Fruit Press'
description: 'Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.'
price: 89.99
image: fruit_press.jpg
-
name: 'OWASP Juice Shop Logo (3D-printed)'
description: 'This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.'
price: 99.99
image: 3d_keychain.jpg # Exif metadata contains "OpenSCAD" as subtle hint...
fileForRetrieveBlueprintChallenge: JuiceShop.stl # ...to blueprint file type
exifForBlueprintChallenge:
- OpenSCAD
-
name: 'Juice Shop Artwork'
description: 'Unique masterpiece painted with different kinds of juice on 90g/m² lined paper.'
price: 278.74
quantity: 0
image: artwork.jpg
deletedDate: '2020-12-24'
-
name: 'Global OWASP WASPY Award 2017 Nomination'
description: 'Your chance to nominate up to three quiet pillars of the OWASP community ends 2017-06-30! <a href="https://www.owasp.org/index.php/WASPY_Awards_2017">Nominate now!</a>'
price: 0.03
image: waspy.png
deletedDate: '2017-07-01'
-
name: 'Strawberry Juice (500ml)'
description: 'Sweet & tasty!'
price: 3.99
image: strawberry_juice.jpeg
-
name: 'Carrot Juice (1000ml)'
description: 'As the old German saying goes: "Carrots are good for the eyes. Or has anyone ever seen a rabbit with glasses?"'
price: 2.99
image: carrot_juice.jpeg
reviews:
- { text: '0 st4rs f0r 7h3 h0rr1bl3 s3cur17y', author: uvogin }
-
name: 'OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition)'
description: '10 sheets of Sweden-themed stickers with 15 stickers on each.'
price: 19.1
image: stickersheet_se.png
deletedDate: '2017-09-20'
-
name: 'Pwning OWASP Juice Shop'
description: '<em>The official Companion Guide</em> by Björn Kimminich available <a href="https://leanpub.com/juice-shop">for free on LeanPub</a> and also <a href="https://pwning.owasp-juice.shop">readable online</a>!'
price: 5.99
image: cover_small.jpg
reviews:
- { text: 'Even more interesting than watching Interdimensional Cable!', author: morty }
-
name: 'Melon Bike (Comeback-Product 2018 Edition)'
description: 'The wheels of this bicycle are made from real water melons. You might not want to ride it up/down the curb too hard.'
price: 2999
quantity: 3
limitPerUser: 1
image: melon_bike.jpeg
-
name: 'OWASP Juice Shop Coaster (10pcs)'
description: 'Our 95mm circle coasters are printed in full color and made from thick, premium coaster board.'
price: 19.99
quantity: 0
image: coaster.jpg
-
name: 'OWASP Snakes and Ladders - Web Applications'
description: 'This amazing web application security awareness board game is <a href="https://steamcommunity.com/sharedfiles/filedetails/?id=1969196030">available for Tabletop Simulator on Steam Workshop</a> now!'
price: 0.01
quantity: 8
image: snakes_ladders.jpg
reviews:
- { text: 'Wait for a 10$ Steam sale of Tabletop Simulator!', author: bjoernOwasp }
-
name: 'OWASP Snakes and Ladders - Mobile Apps'
description: 'This amazing mobile app security awareness board game is <a href="https://steamcommunity.com/sharedfiles/filedetails/?id=1970691216">available for Tabletop Simulator on Steam Workshop</a> now!'
price: 0.01
quantity: 0
image: snakes_ladders_m.jpg
reviews:
- { text: "Here yo' learn how tha fuck ta not show yo' goddamn phone on camera!", author: rapper }
-
name: 'OWASP Juice Shop Holographic Sticker'
description: "Die-cut holographic sticker. Stand out from those 08/15-sticker-covered laptops with this shiny beacon of 80's coolness!"
price: 2.00
quantity: 0
image: holo_sticker.png
reviews:
- { text: "Rad, dude!", author: rapper }
- { text: "Looks spacy on Bones' new tricorder!", author: jim }
- { text: "Will put one on the Planet Express ship's bumper!", author: bender }
-
name: 'OWASP Juice Shop "King of the Hill" Facemask'
description: "Facemask with compartment for filter from 50% cotton and 50% polyester."
price: 13.49
quantity: 0
limitPerUser: 1
image: fan_facemask.jpg
reviews:
- { text: "K33p5 y0ur ju1cy 5plu773r 70 y0ur53lf!", author: uvogin }
- { text: "Puny mask for puny human weaklings!", author: bender }
-
name: 'Juice Shop Adversary Trading Card (Common)'
description: 'Common rarity "Juice Shop" card for the <a href="https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform">Adversary Trading Cards</a> CCG.'
price: 2.99
deluxePrice: 0.99
deletedDate: '2020-11-30'
limitPerUser: 5
image: ccg_common.png
reviews:
- { text: "Ooooh, puny human playing Mau Mau, now?", author: bender }
-
name: 'Juice Shop Adversary Trading Card (Super Rare)'
description: 'Super rare "Juice Shop" card with holographic foil-coating for the <a href="https://docs.google.com/forms/d/e/1FAIpQLSecLEakawSQ56lBe2JOSbFwFYrKDCIN7Yd3iHFdQc5z8ApwdQ/viewform">Adversary Trading Cards</a> CCG.'
price: 99.99
deluxePrice: 69.99
deletedDate: '2020-11-30'
quantity: 2
limitPerUser: 1
image: ccg_foil.png
reviews:
- { text: "Mau Mau with bling-bling? Humans are so pathetic!", author: bender }
-
name: 'Juice Shop "Permafrost" 2020 Edition'
description: 'Exact version of <a href="https://github.com/juice-shop/juice-shop/releases/tag/v9.3.1-PERMAFROST">OWASP Juice Shop that was archived on 02/02/2020</a> by the GitHub Archive Program and ultimately went into the <a href="https://github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic">Arctic Code Vault</a> on July 8. 2020 where it will be safely stored for at least 1000 years.'
price: 9999.99
quantity: 1
limitPerUser: 1
image: permafrost.jpg
reviews:
- { text: "🧊 Let it go, let it go 🎶 Can't hold it back anymore 🎶 Let it go, let it go 🎶 Turn away and slam the door ❄️", author: rapper }
-
name: 'Best Juice Shop Salesman Artwork'
description: 'Unique digital painting depicting Stan, our most qualified and almost profitable salesman. He made a succesful carreer in selling used ships, coffins, krypts, crosses, real estate, life insurance, restaurant supplies, voodoo enhanced asbestos and courtroom souvenirs before <em>finally</em> adding his expertise to the Juice Shop marketing team.'
price: 5000
quantity: 1
image: artwork2.jpg
reviews:
- { text: "I'd stand on my head to make you a deal for this piece of art.", author: stan }
- { text: "Just when my opinion of humans couldn't get any lower, along comes Stan...", author: bender }
-
name: 'OWASP Juice Shop Card (non-foil)'
description: 'Mythic rare <small><em>(obviously...)</em></small> card "OWASP Juice Shop" with three distinctly useful abilities. Alpha printing, mint condition. A true collectors piece to own!'
price: 1000
quantity: 3
limitPerUser: 1
image: card_alpha.jpg
reviews:
- { text: 'DO NOT PLAY WITH THIS! Double-sleeve, then put it in the GitHub Arctic Vault for perfect preservation and boost of secondary market value!', author: accountant }
-
name: '20th Anniversary Celebration Ticket'
description: 'Get your <a href="https://20thanniversary.owasp.org/" target="_blank">free 🎫 for OWASP 20th Anniversary Celebration</a> online conference! Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors. With an anticipated 10k+ attendees from around the world, you will not want to miss this live on-line event!'
price: 0.00000000000000000001
deletedDate: '2021-09-25'
limitPerUser: 1
image: 20th.jpeg
reviews:
- { text: "I'll be there! Will you, too?", author: bjoernOwasp }
memories:
-
image: 'magn(et)ificent!-1571814229653.jpg'
caption: 'Magn(et)ificent!'
user: bjoernGoogle
-
image: 'my-rare-collectors-item!-[̲̅$̲̅(̲̅-͡°-͜ʖ-͡°̲̅)̲̅$̲̅]-1572603645543.jpg'
caption: 'My rare collectors item! [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]'
user: bjoernGoogle
-
image: 'favorite-hiking-place.png'
caption: 'I love going hiking here...'
geoStalkingMetaSecurityQuestion: 14
geoStalkingMetaSecurityAnswer: 'Daniel Boone National Forest'
-
image: 'IMG_4253.jpg'
caption: 'My old workplace...'
geoStalkingVisualSecurityQuestion: 10
geoStalkingVisualSecurityAnswer: 'ITsec'
-
image: 'BeeHaven.png'
caption: 'Welcome to the Bee Haven (/#/bee-haven)🐝'
user: evm
ctf:
showFlagsInNotifications: false
showCountryDetailsInNotifications: none # Options: none name flag both
countryMapping: ~