more details about the service

README.md

@@ -1,17 +1,31 @@
 Whatsscam
 ====================
-This service was played as part of the enowars8 tournament.
+This service was played as part of the enowars8 tournament. The theme of this years enowars was scamming so my website has a scam like touch with redirects, scammy logos and a scam feeling like atmosphere. 
 
 Whatsscam is an online messenger service that lets you "securely" text with people.
 The Service contains vulnerabilities that can leak data. 
 Inside the documentation folder a readme is contained that explains the exploits/vulnerabilities and possible fixes.
 
+The main features of this service include a User system this means you can login logout and you have a profile page for your profile.
+
+The second feature is inside the home directory which is a private messaging platform in which you have to use a publickey to text the person that has the corresponding private key.
+The List that connects the User to a publickey is inside the userlist so that you can choose a user and copy his publickey to than text him.
+
+The third feature is a groupchat that lets you create join and text inside groups.
+
+The fourth feature is a backup that lets you create a backup of your profile inside the profile page.
+The backup works via a token that verifies you than you can see parts of the profile. 
+
+The fifth feature is a adding friend function which works intuitive you can add and reject friends but you can also see part of the profiles of your friends.
+This works as a bait for the players and is not a flagstore more details to flagstores inside the ```documentation/README.md```
+
 # Running
 
 ```bash
 git clone [email protected]:enowars/enowars8-service-WhatsScam.git
+cd enowars8-service-WhatsScam
 cd service
-docker-compose up
+docker-compose up --build
 ```
 
 The service listens to port: `*:9696`

documentation/README.md

@@ -39,7 +39,7 @@ The Backup token is vulnerable as the authlib does not differentiate between 2 a
 # Exploits
 
 None of the exploits are connected.
-All the exploits are also inside the checker/src/checker.py .
+All the exploits are also inside the ```checker/src/checker.py``` .
 
 
 ## Exploit 1
@@ -381,8 +381,8 @@ The Fixes listed are only part of all possible ways to fix the exploits.
 
 The Checker is a tool that checks the features of the service for its behavior.
 
-For Whatsscam it sends http requests that try out a feature for example if you can text or add a certain person as a friend. It is used to prevent unintentional fixes or that someone turns off the service or any features. It is also used to simulate traffic for testing and to simulate regular traffic as usual for a real service. For details please look into the "checker/src/checker.py" for functions or the "checker/src/checker_util_func.py". 
+For Whatsscam it sends http requests that try out a feature for example if you can text or add a certain person as a friend. It is used to prevent unintentional fixes or that someone turns off the service or any features. It is also used to simulate traffic for testing and to simulate regular traffic as usual for a real service. For details please look into the ```checker/src/checker.py``` for functions or the ```checker/src/checker_util_func.py```. 
 
-If you wanna start the checker you use "docker compose up --build" inside the checker folder. 
+If you wanna start the checker you use ```docker compose up --build``` inside the checker folder. 
 
-Than you can use the enochecker to activate the checker via "enochecker_test -a YOUR_IP -p 19696 -A YOUR_IP" (checker listens to port 19696).
+Than you can use the enochecker to activate the checker via ```enochecker_test -a YOUR_IP -p 19696 -A YOUR_IP``` (checker listens to port 19696).