Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.
With this Vulnerable Application , you can practice the Following attacks:
- Cross Site Scripting (XSS)
- SQL injection (SQLi)
- Hidden (but unprotected) content
- Cross Site Request Forgery
- Debug code
- Insecure Object References
- Application logic vulnerabilities
There is also a ‘scoring’ page (linked from the ‘About Us’ page) where you can see various hacking challenges and whether you have completed them or not.
How to setup the Pen Testing Lab?
Requirements:
- BodgeIt app(download)
- Tomcat server
Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).
step 1:Install the Tomcat
Install the Tomcat in your system. If you don’t know how to do install the tomcat , do google search.
Step 2: Start the server
Start the tomcat server.
In Ubuntu, type the following command in Terminal:
sudo /etc/init.d/tomcat6 start
For windows users, just click the tomcat server in all programs.
Step 3:
Open the browser and type “localhost:8080”. It will show a page “It works !”. There you can access the manager webapp(http://localhost:8080/manager/html) page. Clicking the link will ask to enter the username and password. enter your computer username and password.
Step 4:
Now you are in “Tomcat Web Application Manager” page. Scroll down and there you can see the WAR file to deploy form.
Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file . Now click the Deploy button.
Yes, Now the Application successfully installed..
Access the BodgeIt in this location: http://localhost:8080/bodgeit/
Enjoy ..! if you have any queries, please comment here.