Metlo Juice Shop
Protection

Overview

Metlo can detect, categorize, and provide detailed context for attacks that are sent to the Juice Shop server. You can view all the attacks that Metlo has detected on the Protection page. Here, you can see the SQL Injection attacks you sent earlier via the Testing feature.

3680

Detail

You can click on the attack to get a more detailed view. Metlo stores the traces that were captured as part of an attack so you can dig into what requests triggered the attack. Also, you can view metadata such as the exact data in the request which caused the attack and where the request came from.

3680

Juice Shop Challenges

Login Admin is a Juice Shop challenge which requires the user to use SQL injection to login as an admin account. After completing this challenge, you can see this attack on Metlo’s Protection page as SQL Injection Attack.

Metlo can also detect Cross Site Scripting attack payloads which are sent to the Juice Shop server. Server-side XSS Protection is a challenge which requires the user to send a persisted XSS attack payload to the server. After completing this challenge, you can see this attack on Metlo’s Protection page as Cross-Site Scripting.