Difference between revisions of "WebGoat Installation"

From OWASP
Jump to: navigation, search
m (Installing to Windows: rename)
m (Installing to OS X (Tiger 10.4+): rename)
Line 28: Line 28:
  
 
==Installing to OS X (Tiger 10.4+) ==
 
==Installing to OS X (Tiger 10.4+) ==
# Unzip the Unix_WebGoat-x.x.zip to your working directory
+
# Rename Unix_WebGoat-x.x.zip to WebGoat.zip and unzip it to your working directory
 
# Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
 
# Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
  
Line 34: Line 34:
 
sudo sh webgoat.sh stop
 
sudo sh webgoat.sh stop
  
an alternative would be to start it with "sh webgoat.sh start8080" that will start the tomcat on TCP-PORT 8080
+
An alternative would be to start it with "sh webgoat.sh start8080" that will start the tomcat on TCP-PORT 8080
  
 
===IMPORTANT NOTICE:===
 
===IMPORTANT NOTICE:===
If youre running WebGoat v5.2 (which is built with Java v1.6) you have to change the webgoat.sh in line 10 from
+
If you're running WebGoat v5.2 (which is built with Java v1.6) you have to change the webgoat.sh in line 10 from
  
  AVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
+
  JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
  
 
to
 
to
  
  AVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home
+
  JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home
  
 
if you dont do so the Tomcat will fail to deploy the WebGoat.war and you will receive a HTTP-404-Error-Code when trying to start the App. (same issue on linux/other *nixes) I tested this with OSX Leopard 10.5.2 and now it works.
 
if you dont do so the Tomcat will fail to deploy the WebGoat.war and you will receive a HTTP-404-Error-Code when trying to start the App. (same issue on linux/other *nixes) I tested this with OSX Leopard 10.5.2 and now it works.

Revision as of 14:00, 16 January 2009

WebGoat User Guide Table of Contents

Contents


WebGoat is a platform independent environment. It utilizes Apache Tomcat and the JAVA development environment. Installers are provided for Microsoft Windows and UN*X environments, together with notes for installation on other platforms.

Installing Java and Tomcat

Note: This may no longer be necessary for v5.

Installing Java

  1. Install and deploy the approprite version from http://java.sun.com/downloads/ (1.4.1 or later)

Installing Tomcat

  1. Install and deploy core Tomcat from http://tomcat.apache.org/download-55.cgi

Installing to Windows

  1. Rename Windows_WebGoat-x.x.zip to WebGoat.zip and unzip it to your working environment.
  2. To start Tomcat, browse to the WebGoat directory unzipped above and double click "webgoat.bat"
  3. Start your browser and browse to: http://localhost/WebGoat/attack This link is case-sensitive. Make sure to use a large ‘W’ and ‘G’.

Installing to Linux

  1. Download WebGoat-x.x.war and rename it as WebGoat.war.
  2. Deploy WebGoat.war.
    1. Go to Tomcat default home page (likely http://localhost:port, where port may be 80, 8080, or 8180).
    2. Click on Tomcat Manager.
    3. Select WebGoat.war as the application to deploy.

Installing to OS X (Tiger 10.4+)

  1. Rename Unix_WebGoat-x.x.zip to WebGoat.zip and unzip it to your working directory
  2. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.

sudo sh webgoat.sh start80 sudo sh webgoat.sh stop

An alternative would be to start it with "sh webgoat.sh start8080" that will start the tomcat on TCP-PORT 8080

IMPORTANT NOTICE:

If you're running WebGoat v5.2 (which is built with Java v1.6) you have to change the webgoat.sh in line 10 from

JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home

to

JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home

if you dont do so the Tomcat will fail to deploy the WebGoat.war and you will receive a HTTP-404-Error-Code when trying to start the App. (same issue on linux/other *nixes) I tested this with OSX Leopard 10.5.2 and now it works.

Installing on FreeBSD

  1. Install Tomcat and Java from the ports collection
 cd /usr/ports/www/tomcat55
 sudo make install
  1. You will be required to manually download the Java JDK to install it. Instructions are given by the ports system about when and how to do this. The URL looks like this:

http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2

  1. Unzip the Unix_WebGoat-x.x.zip to your working directory
  2. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.

sudo sh webgoat.sh start sudo sh webgoat.sh stop

Running

  1. Start your browser and browse to: http://localhost/WebGoat/attack. Notice the capital 'W' and 'G'
  2. Login in as: user = guest, password = guest

Building

Skip these instructions if you are only interested in running WebGoat.

WebGoat is built using eclipse WTP 1.5.x. Please read the instructions at Goodle code to build the WebGoat application.

Return to the WebGoat User Guide Table of Contents