Difference between revisions of "Set up bWAPP for MacOS (M1 Chip)"
Line 17: | Line 17: | ||
2. Open the command prompt and use following commands (install apache & mysql before) | 2. Open the command prompt and use following commands (install apache & mysql before) | ||
a) We have our downloaded zip file --> cd Downloads | a) We have our downloaded zip file --> '''cd Downloads''' | ||
b) Unzip file --> sudo unzip -d /var/www/html bWAPP_latest.zip | b) Unzip file --> sudo unzip -d /var/www/html bWAPP_latest.zip | ||
c) To check our apache web folder go to the directory --> cd /var/www/html | c) To check our apache web folder go to the directory --> cd /var/www/html | ||
Line 39: | Line 39: | ||
* Look at your apache errorlogs --> sudo cat /var/log/apache2/error.log | * Look at your apache errorlogs --> sudo cat /var/log/apache2/error.log | ||
* You should get the error that "bWAPP" is an unknown database, it's because install.php can't execute it's code and can't create the bWAPP database for you. To get around this problem you need to create the bWAPP database manually as well as the content / tables inside from the install.php file with copy/paste. | |||
* Create the database manually --> create database bWAPP; | * Create the database manually --> create database bWAPP; |
Revision as of 16:41, 20 December 2023
Summary
bWAPP (Buggy Web Application) is an intentionally insecure web application designed for educational and training purposes. It was created to provide security professionals, developers, and students with practical experience in the field of web application security. bWAPP contains a variety of security vulnerabilities and weaknesses from the TOP 10 OWASP, allowing users to practice and understand the most critical web application security risks.
Requirements
- Operating system: KaliLinux / beeBox
To install bWAPP, KaliLinux is recommended as the operating system, as Ubuntu 22.04LTS has compatibility problems with the latest bWAPP version and is therefore not recommended. Another alternative is beeBox, but this article will only deal with the installation of bWAPP on KaliLinux
Description
Step 1: Install bWAPP in Kali
1. Visit bWAPP Download Page - Download the newest version v2.2
2. Open the command prompt and use following commands (install apache & mysql before)
a) We have our downloaded zip file --> cd Downloads b) Unzip file --> sudo unzip -d /var/www/html bWAPP_latest.zip c) To check our apache web folder go to the directory --> cd /var/www/html d) Change the folder permission of bWAPP --> sudo chmod -R 777 bWAPP e) Start apache service --> sudo service apache2 start f) Start mysql service --> sudo service mysql start
Step 2: Configure settings for mySQL
a) Login to mysql --> sudo mysql b) Modify the settings.php file for mySQL --> cd /var/www/html/bWAPP/admin c) Under $db_username & $db_password set your credentials for the mySQL login d) Now login to mysql --> mysql -h $your_dbservername -u $your_dbusername e) Create a user --> CREATE USER '$your_dbusername'@'$your_db_servername' identified by ; f) Now grant the user all privileges over the database --> grant all privileges on bWAPP.* to '$your_dbusername'@'$your_db_servername' identified by ; g) Now open the browser and navigate to /localhost/bWAPP/install.php and click on "install here"
Step 3: Blank page redirect: Solution
If bWAPP could not be installed or you were redirected to a blank page, you must follow the steps below to make bWAPP work:
- Look at your apache errorlogs --> sudo cat /var/log/apache2/error.log
- You should get the error that "bWAPP" is an unknown database, it's because install.php can't execute it's code and can't create the bWAPP database for you. To get around this problem you need to create the bWAPP database manually as well as the content / tables inside from the install.php file with copy/paste.
- Create the database manually --> create database bWAPP;
- Open install.php file and copy every SQL command into SQL
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)