Hi Brain Hackers readers, so far i have gave the Web Application Pen Testing tutorials .  Now it is time to for practicing your skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA).  This time i came with different web application  that will develop your knowledge in Web App PenTesting.


The BodgeIt Store
Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:
  • Cross Site Scripting (XSS)
  • SQL injection (SQLi)
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

How to setup the Pen Testing Lab?


Requirements:
Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).

step 1:Install the Tomcat
Install the Tomcat in your system.  If you don't know how to do install the tomcat , do google search.

Step 2: Start the server
Start the tomcat server.

In Ubuntu, type the following command in Terminal:
 sudo /etc/init.d/tomcat6 start
For windows users, just click the tomcat server in all programs.

Step 3:
Open the browser and type "localhost:8080". It will show a page "It works !".   There you can access the manager webapp(http://localhost:8080/manager/html) page.  Clicking the link will ask to enter the username and password.  enter your computer username and password.

Step 4:
Now you are in "Tomcat Web Application Manager" page.  Scroll down and there you can see the WAR file to deploy form.

Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file .  Now click the Deploy button.



Yes,  Now the Application successfully installed..

Access the BodgeIt in this location: http://localhost:8080/bodgeit/

Enjoy ..! if you have any queries, please comment here.

0 Response to "Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability: Brain Hackers"

Post a Comment

Google Translator

Search Box

Blog Archive

User Status

Free counters!

About Me

ADMIN
Pakistan
View my complete profile

Recent Posts

Recent Comments