Setting Up OWASP-BWA With VirtualBox
Today, we will go through how to set up OWASP-BWA with VirtualBox. Before we start, here are some of the requirements:
- Operating System: Windows 7 or above (with admin privilege) OR Any Linux Distro OR MAC
- RAM: Minimum 4GB
- Hard disk: Minimum 50GB free space
- Virtual Box (download here)
- OWASP BWA Project 1.2 image file (download here)
- BurpSuite proxy (download here)
- Wireshark (download here)
- Mozilla Firefox Browser (download here)
- 7-Zip file archiver (download here)
Now that you have everything ready, let's get started!
Step 1: Install VirtualBox
Step 2: Unzip OWASP Broken Web Apps VM
Step 3: Open VirtualBox and hit the icon for "New"
VM Name and OS Type: Enter name "OWASP-BWA" and select OS "Linux" and Version "Ubuntu"
Memory: Default of 512 is fine
Virtual Hard Disk: Important! Select "Use existing hard disk" and click on the folder.
Browse the unzipped folder contents of the OWASP Broken Web Apps VM. Select "OWASP Broken Web Apps.vmdk" (Note: There are similar files that end with -s001 — make sure you don't pick those.)
Click OK to finish VM Setup
Step 4: Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and select "Settings" (also available via menu Machine->Settings)
Go to Settings --> Network --> Adapter 1.
Make sure the checkbox for enabled is checked.
Change "Attached to:" from "NAT:" to "Host-Only Adapter"
Step 5: Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and hit "Start"
Step 6: After the VM boots the OWASP-BWA login page will provide the following message (the IP address will be similar but not exactly this)
You can access the web apps at http://192.168.56.201
Step 7: Open a browser on your main machine (not the VM) and go to this URL. It should load a page that starts with "OWASP Broken Web Applications"
Note: You don't need to actually login to the virtual machine. Everything is already running.
Boot Up Error Message - Kernel requires feature on CPU: pae
- Power off VM (not VirtualBox, just VM window)
- Right click on OWASP-BWA on left side and select "Settings" (also available via menu Machine --> Settings)
- Go to System --> Processor and enable PAE
- Click OK and restart VM
Host Only Adapter Shows Error Message and Name says "not selected" with no options
- Go to the VirtualBox Manager (e.g. the main virtualbox control app, not the individual vm)
- Go to the VirtualBox --> Preferences and then select "Network" (Note: these are settings for the overall virtualbox app)
- There is text box with the title "Host-only Networks:" it is most likely an empty text area, which is the problem
- Click the plus icon on the right to add a new adapter. After this has been done, you should now see "vboxnet0".
- Click "Ok" and then go back to the VMs preferences. You should be able to select the hostonly adapter now.