bWAPP (buggy web application) Web-App setup on your localhost Kali Linux
In this tutorial, I’ll demonstrate you to setup bWAPP (buggy web application) along with Apache and Mysql on localhost. Here, I ‘m using Kali Linux as my local system.
bWAPP (buggy web application) is a deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
It is for security-testing and educational purposes only.
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP.
It’s also possible to download bee-box, a custom VM pre-installed with bWAPP.
Link for download bWAPP repo / bee-box / custom VM pre-installed:
https://sourceforge.net/projects/bwapp/files/bWAPP/
For this tutorial, I use Kali linux as my localhost and using bWAPP_latest.zip from above mentioned link. I recommend you to downlaod bWAPP_latest.zip from above link for this setup and installtion of bWAPP.
So, let’s get started…..
Step-1: Setup Web server (Install Apache)
I assume you are using Kali Linux distro, So you’ll have preinstalled Apache2 on your Kali machine.
You need to just hit below command to start Apach2:
# sudo systemctl start apache2
Check status of Apache2 by using below Command:
# sudo systemctl status apache2
Note: If status shows “Active” you’re good to go.
Apache2 server instlled on port 80 by default, so you just type localhost/ or 127.0.0.1 on your browser URL and you will be navigate to default Apache page as depicted below:
If Apache is not installed on your linux distro use below Command to complete it:
# sudo apt update
# sudo apt install apache2
# sudo systemctl enable apache2
# sudo systemctl start apache2
# sudo systemctl status apache2
Step-2: Install MySQL
Again if you’re using Kali Linux then MySQL is preinstalled on you system, you just hit below command to start MySQL:
# sudo systemctl start mysql
Check status of MySQL by using below Command:
# sudo systemctl status mysql
Note: If status shows “Active” you’re good to go.
If MySQL is not installed on your linux distro use below Command to complete it:
# sudo apt update
# sudo apt install mysql-server
# sudo systemctl start mysql
# sudo systemctl status mysql
Now once MySQL installed on your localhost you just hit below command to open up mysql shell:
# sudo mysql -u root -p
You need to enetr password for root user for MySQL , by default there no password set for root user so just hit enter and mysql shell prompt as below:
If you face any issues while installing MySQL on your system, I encourage you to use MySQL for reference or leave a comment below. Even, there’re lot of reliable sources availble on internet just go through one of them.
Step-3: Install bWAPP
Now, as I mentioned earlier, downlaod bWAPP_latest.zip from the below link https://sourceforge.net/projects/bwapp/files/bWAPP/
Create a directory named “bWAPP” as below:
/var/www/html/bWAPP
Move bWAPP_latest.zip file in bWAPP directory, and then use below command to unzip the bWAPP_latest.zip:
# unzip bWAPP_latest.zip
Grant permission to bWAPP directory by using command:
# sudo chmod -R 777 bWAPP
Now, navigate to /var/www/html/bWAPP/bWAPP/admin/ path:
Here, you can see the settings.php file, we need to change some settings in this file as below:
Just open up settings.php file with any editor and you can check default set up for db_server, db_username, db_password and db_name as below:
We need to change db_username and db_password as below,
Note: You can choose any username and password as you wish.
Just save the settings.php file and exit.
Step-4: Setup MySQL
Open mysql shell with command: # sudo mysql -u root -p and hit enter
In MySQL shell run below command :
MariaDB [(none)]> create user ‘username’@’localhost’ identified by ‘password’;
MariaDB [(none)]> grant all privileges on bWAPP.* to ‘username’@’localhost’ identified by ‘my_password’;
Once done, you can varify it by below command:
MariaDB [(none)]> SELECT User, Host, plugin FROM mysql.user;
As you can see in above image that our username and password stored in database.
Now just exit from MySQL by using command:
MariaDB [(none)]> exit;
Step-5: Final setup
Restart Apache2 and MySQL by hitting below command:
# sudo systemctl restart apache2 && systemctl restart mysql
Now open any web browser and type URL as below,
http://localhost/bWAPP/bWAPP/install.php
You will be redirect to above page and now click on insatll bWAPP.
Once you click you will be redirect to bWAPP login page as below:
Login with default credentials:
Login > bee
Password > bug
Bingo… Here we go!! 😃
You’re done. ✌
So, we have set up a bWAPP web application on our localhost. You can now Explore it.
If you encounter any errors during the installation or have query, let me know in the comments below.
Thanks for reading. Follow me for more update.