From cfc1ad120248edbdef063f88797bc63f703af6b7 Mon Sep 17 00:00:00 2001 From: x71c4l Date: Fri, 15 Jul 2011 14:09:18 +0000 Subject: [PATCH] Updated readme to clarify build instructions. git-svn-id: http://webgoat.googlecode.com/svn/trunk@434 4033779f-a91e-0410-96ef-6bf7bf53c507 --- webgoat/README.txt | 229 +++++++++++++++++++++++---------------------- 1 file changed, 116 insertions(+), 113 deletions(-) diff --git a/webgoat/README.txt b/webgoat/README.txt index ee6a069bd..a929246d6 100644 --- a/webgoat/README.txt +++ b/webgoat/README.txt @@ -1,94 +1,97 @@ -********** WebGoat 5.3 -********** November/10/2000 -********** -** -** Source Code: http://code.google.com/p/webgoat -** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 -** Download: http://code.google.com/p/webgoat/downloads/list (Does not have Developer release) -** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents -** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project -** Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew) -** Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions) -** -********** - -Thank you for downloading WebGoat! - -This program is a demonstration of common server-side -application flaws. The exercises are intended to -be used by people to learn about application penetration -testing techniques. - - -WARNING 1: While running this program your machine will be -extremely vulnerable to attack. You should to disconnect -from the Internet while using this program. - -WARNING 2: This program is for educational purposes only. If you -attempt these techniques without authorization, you are very -likely to get caught. If you are caught engaging in unauthorized -hacking, most companies will fire you. Claiming that you were -doing security research will not work as that is the first thing -that all hackers claim. - -You can find more information about WebGoat at: -http://code.google.com/p/webgoat - - --------------- -Prerequisites (Skip to Option 3 for unzip and click to run configruation): --------------- - -These tools must be installed independent of the webgoat download. -- Java 1.6 - Java can ne downloaded at http://java.sun.com/javase/downloads/index.jsp - You only need to download and install the "Java SE Development Kit (JDK)" -- Maven > 2.0.9 - Maven can be downloaded at: http://maven.apache.org/ - At Ubuntu it can be installed with: - > apt-get install maven2 -- WebGoat source code - You can get the latest source for webgoat at the Google code repository - svn checkout http://webgoat.googlecode.com/svn/trunk/ webgoat_X_X - - --------------------- -Building the project --------------------- - -> cd webgoat -> mvn compile - -copy it to the local repository -> mvn install - -delete artifacts from previous build: -> mvn clean - - ----------------------------------- -Building the Eclipse project files ----------------------------------- - -> mvn eclipse:eclipse - -Afterward the project can be imported within Eclipse: -File -> Import -> General -> Existing Projects into Workspace - -Don't forget to declare a classpath variable named M2_REPO, pointing to ~/.m2/repository, otherwise many links to existing jars will be broken. -You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables - - ---------------------------------------------------- -Option 1: Run the project on Tomcat within Eclipse ---------------------------------------------------- - -1. Install a local Tomcat server -2. Open Eclipse -> File -> New -> Other -> Server -> Apache -> Tomcat -> Next --> Insert your Tomcat Installation directory --> Click next and add "webgoat" to the list of configured applications --> Finish -3. Adapt the conf/tomcat-users.xml file of your Tomcat server: +********** WebGoat 5.3 +********** November/10/2000 +********** +** +** Source Code: http://code.google.com/p/webgoat +** Download: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824 +** Download: http://code.google.com/p/webgoat/downloads/list (Does not have Developer release) +** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents +** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project +** Contact Info: webgoat@owasp.org (Direct to Bruce Mayhew) +** Mailing List: owasp-webgoat@lists.owasp.org (WebGoat Community - For most questions) +** +********** + +Thank you for downloading WebGoat! + +This program is a demonstration of common server-side +application flaws. The exercises are intended to +be used by people to learn about application penetration +testing techniques. + + +WARNING 1: While running this program your machine will be +extremely vulnerable to attack. You should to disconnect +from the Internet while using this program. + +WARNING 2: This program is for educational purposes only. If you +attempt these techniques without authorization, you are very +likely to get caught. If you are caught engaging in unauthorized +hacking, most companies will fire you. Claiming that you were +doing security research will not work as that is the first thing +that all hackers claim. + +You can find more information about WebGoat at: +http://code.google.com/p/webgoat + + +-------------- +Prerequisites (Skip to Option 3 for unzip and click to run configruation): +-------------- + +These tools must be installed independent of the webgoat download. +- Java 1.6 + Java can ne downloaded at http://java.sun.com/javase/downloads/index.jsp + You only need to download and install the "Java SE Development Kit (JDK)" +- Maven > 2.0.9 + Maven can be downloaded at: http://maven.apache.org/ + At Ubuntu it can be installed with: + > apt-get install maven2 +- WebGoat source code + WebGoat source code can be downloaded at: http://code.google.com/p/webgoat/source/checkout + Use any svn client (ex: Tortoise svn)to checkout the code. + + +-------------------- +Building the project +-------------------- + +Using the cmd shell: + +> cd webgoat +> mvn compile + +copy it to the local repository +> mvn install + +delete artifacts from previous build: +> mvn clean + + +---------------------------------- +Building the Eclipse project files +---------------------------------- + +> mvn eclipse:eclipse + +Afterward the project can be imported within Eclipse: +File -> Import -> General -> Existing Projects into Workspace +and select the webgoat directory as the "root directory." A webgoat should appear in the Projects section of your dialogue window. + +Don't forget to declare a classpath variable named M2_REPO, pointing to ~/.m2/repository, otherwise many links to existing jars will be broken. +You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables + + +--------------------------------------------------- +Option 1: Run the project on Tomcat within Eclipse +--------------------------------------------------- + +1. Install a local Tomcat server +2. Open Eclipse -> File -> New -> Other -> Server -> Apache -> Tomcat -> Next +-> Insert your Tomcat Installation directory +-> Click next and add "webgoat" to the list of configured applications +-> Finish +3. Adapt the conf/tomcat-users.xml file of your Tomcat server: @@ -99,25 +102,25 @@ Option 1: Run the project on Tomcat within Eclipse - - -4. Right Click on the webgoat project within eclipse -> Run As -> Run on server -5. http://localhost:8080/webgoat/attack - - ----------------------------------------------- -Option 2: Run the project on Tomcat with Maven ----------------------------------------------- - -1. mvn tomcat:run-war -2. http://localhost:8080/webgoat/attack - - --------------------------------------------------------- -Option 3: Run from the WebGoat 5.3 Standard distribution --------------------------------------------------------- -1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list -2. Unzip the file -3. Double click webgoat.bat -4. Browse to http://localhost/webgoat/attack - + + +4. Right Click on the webgoat project within eclipse -> Run As -> Run on server +5. http://localhost:8080/webgoat/attack + + +---------------------------------------------- +Option 2: Run the project on Tomcat with Maven +---------------------------------------------- + +1. mvn tomcat:run-war +2. http://localhost:8080/webgoat/attack + + +-------------------------------------------------------- +Option 3: Run from the WebGoat 5.3 Standard distribution +-------------------------------------------------------- +1. Download the WebGoat-OWASP_Standard-X.X.zip file from http://code.google.com/p/webgoat/downloads/list +2. Unzip the file +3. Double click webgoat.bat +4. Browse to http://localhost/webgoat/attack +