Set up bWAPP for MacOS (M1 Chip)

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

bWAPP (Buggy Web Application) is an intentionally insecure web application designed for educational and training purposes. It was created to provide security professionals, developers, and students with practical experience in the field of web application security. bWAPP contains a variety of security vulnerabilities and weaknesses from the TOP 10 OWASP, allowing users to practice and understand the most critical web application security risks.

Requirements

  • Operating system: KaliLinux / beeBox

To install bWAPP, KaliLinux is recommended as the operating system, as Ubuntu 22.04LTS has compatibility problems with the latest bWAPP version and is therefore not recommended. Another alternative is beeBox, but this article will only deal with the installation of bWAPP on KaliLinux.

Description

Step 1: Install bWAPP in Kali

1. Visit bWAPP Download Page - Download the newest version v2.2

2. Open the command prompt and use following commands (install apache & mysql before)

a) We have our downloaded zip file --> cd Downloads
b) Unzip file --> sudo unzip -d /var/www/html bWAPP_latest.zip
c) To check our apache web folder go to the directory --> cd /var/www/html
d) Change the folder permission of bWAPP --> sudo chmod -R 777 bWAPP
e) Start apache service --> sudo service apache2 start
f) Start mysql service --> sudo service mysql start

Step 2: Configure settings for mySQL

a) Login to mysql --> sudo mysql
b) Modify the settings.php file for mySQL --> cd /var/www/html/bWAPP/admin
c) Under $db_username & $db_password set your credentials for the mySQL login
d) Now login to mysql --> mysql -h $your_dbservername -u $your_dbusername
e) Create a user --> CREATE USER '$your_dbusername'@'$your_db_servername' identified by ;
f) Now grant the user all privileges over the database --> grant all privileges on bWAPP.* to '$your_dbusername'@'$your_db_servername' identified by ;
g) Now open the browser and navigate to /localhost/bWAPP/install.php and click on "install here"

Step 3: Blank page redirect: Solution

If bWAPP could not be installed or you were redirected to a blank page, you must follow the steps below to make bWAPP work:

a) Look at your apache errorlogs --> sudo cat /var/log/apache2/error.log
b) You should get the error that "bWAPP" is an unknown database, it's because install.php can't execute it's code and can't create the bWAPP database for you. To get around this problem you need to create the bWAPP database manually as well as the content / tables inside from the install.php file with copy/paste.  

c) Create the database manually --> create database bWAPP;

d) Open install.php file and copy every SQL command into SQL


If you now try to install bWAPP over /localhost/bWAPP/install.php the output should be that a bWAPP database already exists. So you can go to "Login" and login. Happy hacking :)!


References