dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated readme to clarify build instructions.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@434 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
x71c4l 2011-07-15 14:09:18 +00:00
parent c30d4650fd
commit 1a1e7125be
1 changed files with 116 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
README.txt
View File

@ -1,94 +1,97 @@
********** WebGoat 5.3 ********** WebGoat 5.3
********** November/10/2000 ********** November/10/2000
********** **********
** **
** Source Code: http://code.google.com/p/webgoat ** Source Code: http://code.google.com/p/webgoat
** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 ** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824
** Download: http://code.google.com/p/webgoat/downloads/list (Does not have Developer release) ** Download: http://code.google.com/p/webgoat/downloads/list (Does not have Developer release)
** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents ** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project ** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
** Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew) ** Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew)
** Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions) ** Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions)
** **
********** **********
Thank you for downloading WebGoat! Thank you for downloading WebGoat!
This program is a demonstration of common server-side This program is a demonstration of common server-side
application flaws. The exercises are intended to application flaws. The exercises are intended to
be used by people to learn about application penetration be used by people to learn about application penetration
testing techniques. testing techniques.
WARNING 1: While running this program your machine will be WARNING 1: While running this program your machine will be
extremely vulnerable to attack. You should to disconnect extremely vulnerable to attack. You should to disconnect
from the Internet while using this program. from the Internet while using this program.
WARNING 2: This program is for educational purposes only. If you WARNING 2: This program is for educational purposes only. If you
attempt these techniques without authorization, you are very attempt these techniques without authorization, you are very
likely to get caught. If you are caught engaging in unauthorized likely to get caught. If you are caught engaging in unauthorized
hacking, most companies will fire you. Claiming that you were hacking, most companies will fire you. Claiming that you were
doing security research will not work as that is the first thing doing security research will not work as that is the first thing
that all hackers claim. that all hackers claim.
You can find more information about WebGoat at: You can find more information about WebGoat at:
http://code.google.com/p/webgoat http://code.google.com/p/webgoat
-------------- --------------
Prerequisites (Skip to Option 3 for unzip and click to run configruation): Prerequisites (Skip to Option 3 for unzip and click to run configruation):
-------------- --------------
These tools must be installed independent of the webgoat download. These tools must be installed independent of the webgoat download.
- Java 1.6 - Java 1.6
Java can ne downloaded at http://java.sun.com/javase/downloads/index.jsp Java can ne downloaded at http://java.sun.com/javase/downloads/index.jsp
You only need to download and install the "Java SE Development Kit (JDK)" You only need to download and install the "Java SE Development Kit (JDK)"
- Maven > 2.0.9 - Maven > 2.0.9
Maven can be downloaded at: http://maven.apache.org/ Maven can be downloaded at: http://maven.apache.org/
At Ubuntu it can be installed with: At Ubuntu it can be installed with:
> apt-get install maven2 > apt-get install maven2
- WebGoat source code - WebGoat source code
You can get the latest source for webgoat at the Google code repository WebGoat source code can be downloaded at: http://code.google.com/p/webgoat/source/checkout
svn checkout http://webgoat.googlecode.com/svn/trunk/ webgoat_X_X Use any svn client (ex: Tortoise svn)to checkout the code.
-------------------- --------------------
Building the project Building the project
-------------------- --------------------
> cd webgoat Using the cmd shell:
> mvn compile
> cd webgoat
copy it to the local repository > mvn compile
> mvn install
copy it to the local repository
delete artifacts from previous build: > mvn install
> mvn clean
delete artifacts from previous build:
> mvn clean
----------------------------------
Building the Eclipse project files
---------------------------------- ----------------------------------
Building the Eclipse project files
> mvn eclipse:eclipse ----------------------------------
Afterward the project can be imported within Eclipse: > mvn eclipse:eclipse
File -> Import -> General -> Existing Projects into Workspace
Afterward the project can be imported within Eclipse:
Don't forget to declare a classpath variable named M2_REPO, pointing to ~/.m2/repository, otherwise many links to existing jars will be broken. File -> Import -> General -> Existing Projects into Workspace
You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables and select the webgoat directory as the "root directory." A webgoat should appear in the Projects section of your dialogue window.
Don't forget to declare a classpath variable named M2_REPO, pointing to ~/.m2/repository, otherwise many links to existing jars will be broken.
--------------------------------------------------- You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables
Option 1: Run the project on Tomcat within Eclipse
---------------------------------------------------
---------------------------------------------------
1. Install a local Tomcat server Option 1: Run the project on Tomcat within Eclipse
2. Open Eclipse -> File -> New -> Other -> Server -> Apache -> Tomcat -> Next ---------------------------------------------------
-> Insert your Tomcat Installation directory
-> Click next and add "webgoat" to the list of configured applications 1. Install a local Tomcat server
-> Finish 2. Open Eclipse -> File -> New -> Other -> Server -> Apache -> Tomcat -> Next
3. Adapt the conf/tomcat-users.xml file of your Tomcat server: -> Insert your Tomcat Installation directory
-> Click next and add "webgoat" to the list of configured applications
-> Finish
3. Adapt the conf/tomcat-users.xml file of your Tomcat server:
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<tomcat-users> <tomcat-users>
<role rolename="webgoat_basic"/> <role rolename="webgoat_basic"/>
@ -99,25 +102,25 @@ Option 1: Run the project on Tomcat within Eclipse
<user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/> <user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
<user password="tomcat" roles="tomcat" username="tomcat"/> <user password="tomcat" roles="tomcat" username="tomcat"/>
<user password="guest" roles="webgoat_user" username="guest"/> <user password="guest" roles="webgoat_user" username="guest"/>
</tomcat-users> </tomcat-users>
4. Right Click on the webgoat project within eclipse -> Run As -> Run on server 4. Right Click on the webgoat project within eclipse -> Run As -> Run on server
5. http://localhost:8080/webgoat/attack 5. http://localhost:8080/webgoat/attack
---------------------------------------------- ----------------------------------------------
Option 2: Run the project on Tomcat with Maven Option 2: Run the project on Tomcat with Maven
---------------------------------------------- ----------------------------------------------
1. mvn tomcat:run-war 1. mvn tomcat:run-war
2. http://localhost:8080/webgoat/attack 2. http://localhost:8080/webgoat/attack
-------------------------------------------------------- --------------------------------------------------------
Option 3: Run from the WebGoat 5.3 Standard distribution Option 3: Run from the WebGoat 5.3 Standard distribution
-------------------------------------------------------- --------------------------------------------------------
1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list 1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list
2. Unzip the file 2. Unzip the file
3. Double click webgoat.bat 3. Double click webgoat.bat
4. Browse to http://localhost/webgoat/attack 4. Browse to http://localhost/webgoat/attack