One cannot directly attack live sites or live web applications to practice web hacking without proper permissions. So to practice web hacking skills/web penetration skills we need something where we can practice web hacking skills without harming someone’s web app or site so for that we can install bWAPP in Linux for Web Hacking.
What is bWAPP?
bWAPP i.e Buggy Web Application is an intentionally insecure web application for practicing web hacking skills and it is free and open source. It has more than 100+ web vulnerabilities.
So now let’s see how to install bWAPP in Linux to start web hacking.
Install bWAPP in Linux
First, we need to download bWAPP. So for that click here to start downloading bWAPP from Sourceforge.
After it is downloaded open Terminal and then change your working directory to Downloads since our bWAPP is downloaded in the Downloads directory.
Now it’s time to unzip the downloaded bWAPP zip file and then we need to move it to the apache web folder. But we can directly unzip the bWAPP zip file in the apache web folder using the command given below. If asked for a password then enter your sudo password.
sudo unzip -d /var/www/html bWAPP_latest.zip
Now that we’ve extracted our zip file in the apache web folder let’s change our working directory to the apache web folder using the command given below.
Make sure that there is a folder named bWAPP in this directory. For that list all the files and folders in this directory using the ls command. If in case the folder is not available then you need to extract the zip file again in the apache web folder.
Since the folder named bWAPP is available. Change the permission of that folder using the command given below.
sudo chmod -R 777 bWAPP
Now start the apache service using the command given below.
sudo service apache2 start
Start the Mysql service using the command given below.
sudo service mysql start
Now we need to set up MySQL for our bWAPP in Linux. For that get inside the bWAPP admin directory using the command given below.
Now we need to make some changes in the settings.php file, so open that file in any text editor that you want for example nano text editor.
sudo nano settings.php
In this file change db_username to user and db_password to pass and then save changes using Ctrl + S after that close the settings.php file using Ctrl + X.
Now it’s time to connect to the MySQL server, so for that type the following command.
We need to create a user in our MySQL server for bWAPP so to create a user with a username user and password pass type the command given below. Make sure to use the same username and password that you specified in the settings.php file in the bWAPP/admin directory.
create user 'user'@'localhost' identified by 'pass';
Now we need to give our newly created user all the privileges on the bWAPP database. So for that type the following command.
grant all privileges on bWAPP.* to 'user'@'localhost' identified by 'pass';
Since the query is OK as shown in the image above, now it’s time to open your web browser and visit localhost/bWAPP/install.php
Here click on here in click here to install message to install bWAPP in Linux and if you’ve followed the above steps correctly then bWAPP will be successfully installed.
Now to login into bWAPP by clicking on the login button that is in the menu bar and then enter bee as username and bug as password.
And we’ve successfully logged in to our bWAPP in linux on our localhost. bWAPP has over 100 vulnerabilities for you including all vulnerabilties from OWASP Top 10 project. So simply select what you want to hack and then start hacking !!!!
Re-Opening bWAPP in Linux
To reopen bWAPP first you need to run apache2 and mysql service and then visit http://localhost/bWAPP/ to start hacking 🙂
sudo service apache2 start #starts apache2 sudo service mysql start #starts mysql
So this is how you can easily install bWAPP in Linux with just a few simple commands but don’t forget to run apache2 and MySQL service before using bWAPP or else it will throw out an error.