Web App Hacking Workshop for Saintcon/Cactuscon
Download links are below this section
First look at the Easy Setups at the bottom if you are running MacOs or Kali Linux.
- Download/Install Git
- Download/Install Docker
- Download Browser
- If you are on Windows just use Firefox
- Autochrome is a tool that configures Chromium to work with Burp out of the box(if more familiar with Chrome then download Chromium)
- Don't use Safari, Opera, Internet Explorer, or Chrome
- Download Burp Suite
- Seriously, try and get a Burp Suite Pro Trial. You have to give them a work email and they will probably follow up or something but in our opinion it is the best tool for the job and will make the workshop better.
- Install Burp Extensions
- If using MacOS or Kali Linux and use the setup script in the
Easy Mac Setup or Easy Kali Setup
section at the bottom.df- This clones all needed git repos, pulls docker images, installs autochrome and starts docker containers
- requires Git, Brew, Docker, Chromium and Ruby to be installed
- Clone Repos if not using
setup.sh
script from step 6.- Autochrome (if using Chromium)
- SqlMap
- Payload Lists
- This Repo
- Solution Repo
- Configure Firefox
- Install Burp Certificate
- Run docker containers
- Take a nap
- You still here, great!
- Now We Hack!!
https://docs.docker.com/docker-for-mac/install/
https://docs.docker.com/docker-for-windows/install/
https://docs.docker.com/compose/install/
Docker on Kali
https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
https://download-chromium.appspot.com
https://github.com/nccgroup/autochrome
macOS 10.9 (Mavericks) and higher Ubuntu 16.04 (and other XDG-supporting Linuxes) You will need ruby version 2.0 or higher and unzip. These are included in supported macOS versions. You may need to apt install ruby on Linux.
git clone git@github.com:nccgroup/autochrome.git
ruby autochrome/autochrome.rb
Launch Chromium.
* MacOS: open ~/Applications/Chromium.app
* Linux: ~/.local/autochrome/chrome
https://www.wikihow.com/Enter-Proxy-Settings-in-Firefox
127.0.0.1:8080
https://portswigger.net/burp/communitydownload
Highly Recommended to get the Pro Trial License https://portswigger.net/requestfreetrial/pro
Open Burp go to Extender Tab > BApp Store
- Wsdler
- Json Beautifier
- Logger++
git clone git@github.com:sqlmapproject/sqlmap.git
git clone git@github.com:danielmiessler/SecLists.git
MacOs: brew install hydra
git clone git@github.com:vanhauser-thc/thc-hydra.git
cd thc-hydra
./configure
make
make install
https://github.com/bkimminich/juice-shop docker pull bkimminich/juice-shop docker run --rm -p 3000:3000 bkimminich/juice-shop Browse to http://localhost:3000
https://github.com/sethlaw/vtm
https://github.com/snoopysecurity/dvws
https://github.com/Cyrivs89/docker-dvws .
docker run --rm -it -p 80:80 cyrivs89/web-dvws
Make sure Git, Docker, Brew, Chromium and Ruby are already installed
git clone https://github.com/justinlarson/Web-App-Hacking-Workshop.git
cd Web-App-Hacking-Workshop
chmod 755 setup_Mac.sh
./setup_Mac.sh
- Chromium should open configured for Burp
- Juice shop will be running at
http://localhost:3000/#/search
- DVWS will be running at
http://localhost/dvws/
- VTM will be running at
http://localhost:8000
- AltoroMutual is not running local but is at
http://demo.testfire.net
This will install docker, clone all the repos, and start all the apps. :fingers_crossed: This didn't work in the Live CD version of Kali, for some reason it needed to be installed. It worked with 40G of disk space and 6G of Memory
git clone https://github.com/justinlarson/Web-App-Hacking-Workshop.git
cd Web-App-Hacking-Workshop
chmod 755 setup_Kali.sh
*RUN as ROOT*
./setup_Kali.sh