上QQ阅读APP看书,第一时间看更新
How to do it...
For this recipe, you will need to download the OWASP BWA VM and install it by performing the following steps:
- Click Download Latest Version from the OWASP BWA VM link provided earlier and unzip the file OWASP_Broken_Web_Apps_VM_1.2.7z.
- You will be presented with a listing of several files, as follows:
- All file extensions shown indicate the VM can be imported into Oracle VirtualBox or VMware Player/Workstation. For purposes of setting up the web application pentesting lab for this book, we will use Oracle VirtualBox.
- Make a note of the OWASP Broken Web Apps-cl1.vmdk file. Open the VirtualBox Manager (that is, the Oracle VM VirtualBox program).
- Within the VirtualBox Manager screen, select Machine | New from the top menu and type a name for the machine, OWASP BWA.
- Set the type to Linux and version to Ubuntu (64-bit), and then click Next, as follows:
- The next screen allows you to adjust the RAM or leave as suggested. Click Next.
- On the next screen, choose Use an existing virtual hard disk file.
- Use the folder icon on the right to select OWASP Broken Web Apps-cl1.vmdk file from the extracted list and click Create, as follows:
- Your VM is now loaded in the VirtualBox Manager. Let's make some minor adjustments. Highlight the OWASP BWA entry and select Settings from the top menu.
- Select the Network section in the left-hand pane and change to Host-only Adapter. Click OK.
- Now let's start the virtual machine. Right-click then choose Start | Normal Start.
- Wait until the Linux system is fully booted, which may take a few minutes. After the booting process is complete, you should see the following screen. However, the IP address shown will be different for your machine:
- The information presented on this screen identifies the URL where you can access vulnerable web applications running on the VM. For example, in the previous screenshot, the URL is http://192.168.56.101/. You are given a prompt for administering the VM, but it is not necessary to log in at this time.
- Open the Firefox browser on your host system, not in the VM. Using the Firefox Browser on your host machine, enter the URL provided (for example, http://192.168.56.101/), where the IP address is specific to your machine.
- In your browser, you are presented with an index page containing links to vulnerable web applications. These applications will be used as targets throughout this book: