Setting Up Web Security Learning Lab
Michael Coates, Mozilla Infrastructure Security
Questions/Comments - Message me on twitter @_mwc
Past Presentations - Slide Deck
- Install VirtualBox
- Unzip OWASP Broken Web Apps VM into any directory (don't pick restricted directories that require admin or sudo to access)
- Open VirtualBox and hit the icon for "New"
Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and select "Settings" (also available via menu Machine->Settings)
- VM Name and OS Type: Enter name "OWASP-BWA" and select OS "Linux" and Version "Ubuntu"
- Memory: Default of 512 is fine
- Virtual Hard Disk: Important Select "Use existing hard disk" and click on the folder.
- Browse to the unzipped folder contents of the OWASP Broken Web Apps VM. Select "OWASP Broken Web Apps.vmdk" Note: There are similar files ending in -s001. Don't pick those.
- Click OK to finish VM Setup
Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and hit "Start"
After the VM boots the OWASP-BWA login page will provide the following message (the IP address will be similar but not exactly this)
You can access the web apps at http://192.168.56.101
Open a browser on your main machine (not the VM) and go to this URL. It should load a page that starts with "OWASP Broken Web Applications"
Note: You don't need to actually login to the virtual machine. Everything is already running.
- Go to Settings->Network->Adapter 1.
- Make sure the checkmark for enabled is checked.
- Change "Attached to:" from "NAT: to "Host-Only Adapter"
- Click OK
- Boot Up Error Message - Kernel requires feature on CPU: pae
- Power off VM (not VirtualBox, just VM window)
- Right click on OWASP-BWA on left side and select "Settings" (also available via menu Machine->Settings)
- Go to System->Processor and enable PAE
- Click OK and restart VM
- Host Only Adapter Shows Error Message and Name says "not selected" with no options
- Go to the VirtualBox Manager (e.g. the main virtualbox control app, not the individual vm)
- Go to the VirtualBox->Preferences and then select "Network" (note: these are settings for the virtualbox app overall)
- There is text box with the title "Host-only Networks:" it is most likely an empty text area and this is the problem
- Click the plus icon on the right to add a new adapter. You should now see "vboxnet0"
- Click ok and then go back to the VMs preferences. You should be able to select the hostonly adapter now
- Keyboard and mouse trapped in VM
- Mac: Hit the left command button to exit VM control
- Windows: Left Alt??
- Simply click back inside the vm with the mouse to regain keyboard control in the VM