Ebook version for CTFs

[tghosth]

It would be cool if there was a version for CTFs with the answers and links to online Juice Shop resources removed. I have a fork here where I did this (https://github.com/tghosth/pwning-juice-shop) but it would be cool if there was a way of generating this automagically as right now I need to manually do it every time the ebook is updated...

[bkimminich]

I just added a CI job for the book that builds the normal edition and makes it available to download on AppVeyor. You could get that into your fork and set up your own job it would generate your CTF edition! Maybe put a little sticker on the cover as well to make it distinguishable?

[bkimminich]

You need to remove the Slack notification, as it shouldn't work from a fork. Otherwise, the .appveyor.yml should work out of the box for you!

[tghosth]

I just reread what I wrote and I don't think what I said was what I meant :)

The main problem is going through the book and removing the bits I don't want, that is what I have to do each time I want to pull the latest version from the upstream as if I try and pull directly I will get merge errors. I guess I am wondering if there is some way of adding something like preprocessor directives to the original markup like below rather than having to create a fork which would then always need to be manually updated.

#if ctfmode
No answers here
#else
Here is the answer text
#end

[bkimminich]

I checked your changes again, and it seems you wanted primarily to remove

• the solutions to avoid instant cheating
• all references to the Juice Shop project itself to avoid cheating by looking up stuff online?

The solutions are easy, but the rest would really be hard to get rid of in a consistent and still maintainable way...

[bkimminich]

I added this request to https://www.owasp.org/index.php/GoogleSeasonOfDocs2019#.22Pwning_OWASP_Juice_Shop.22_Companion_Guide as a potential project focus.

[b3cl0s3r]

I think I can do this for GSoD. So first I would like to ask the main idea here only to check if I have understood it well...

The main idea here is to write a 'new' eBook for all that people who wants to take a CTF challenge, making something like an 'anonymous' book without solutions... but, what should be in the ebook? Should it be completely rewritten removing information like "get involved" so they can't know about the project? What would be the main use case of this ebook? An ebook that is given by a teacher to its students, so things like "how to install" can be removed from the ebook because the teacher has already done it? Maybe having another project's tool to help the teacher to teach...

[tghosth]

These are my notes on the files that I change or remove for the CTF version

Files Changed

README.md

Removed from Part III - Getting involved onwards.

SUMMARY.md

Removed the following bullets

• Running OWASP Juice Shop
• Customization
• Hosting a CTF event
• Provide feedback
• Contribute to development
• Codebase 101
• Help with translation
• Appendix A - Challenge solutions
• Appendix B - Trainer's guide

part1/rules.md

Changed to the text of the Reading a solution before trying to: You have been warned.

part2/README.md

Removed "solution" column.

Files removed:

part1/ctf.md part1/customization.md part1/running.md part3/codebase.md part3/contribution.md part3/feedback.md part3/translation.md appendix/*

[bkimminich]

Just played around a bit and added HTML comments to the Markdown like this:

<!-- no-ctf -->
### Part III - Getting involved

Part three shows up various ways to contribute to the OWASP Juice Shop
open source project.
<!-- /no-ctf -->

These are ignored by gitbook build. After generting the normal edition of the book, we could do a Search & Replace all like this:

1. Replace <!-- no-ctf --> with <!-- no-ctf
2. Replace <!-- /no-ctf --> with /no-ctf -->

This should then result in

<!-- no-ctf
### Part III - Getting involved

Part three shows up various ways to contribute to the OWASP Juice Shop
open source project.
/no-ctf -->

thus removing the section from the book for a second run of gitbook to generate the CTF versions. We should be able to do all this on the CI server.

Removing the column with the solution links from the HTML table would be one part where it'd get ugly, Also the SUMMARY.md can probably not be changed like this. Here a separate SUMMARY.CTF.md would do the trick that is copied over the original before the second gitbook run.

[bkimminich]

Alternatively, we could just go with a second summary file where the chapters @tghosth mentioned are removed. Part III would then only be the Donation chapter, so that text change on the starting page wouldn't even be necessary. I could also add a second file with the full table without the solution column.

[bkimminich]

@tghosth, please check https://ci.appveyor.com/project/bkimminich/pwning-juice-shop/builds/25776464/artifacts and let me know if the juice-shop-ctf.pdf works for you. If there's some more content that needs to be removed or changed, please open a new ticket for that. Thanks! :+1:

[tghosth]

that is super cool! Thanks @bkimminich, looks good to me!