0 - Intro/Setup - Damn Vulnerable Web Application (DVWA)
Intro/Setup video for Damn Vulnerable Web Application series. DVWA is an intentionally vulnerable application for you to learn about ethical hacking. I made this series for students on the MSc in cybersecurity course at Queen's University Belfast but hopefully it can help others too! In this video we will install and configure DVWA and look at useful web security tools. Hope you enjoy 🙂 ↢Damn Vulnerable Web Application (DVWA)↣ https://github.com/digininja/DVWA 👷♂️Resources🛠 https://cryptocat.me/resources ↢Chapters↣ Start - 0:00 Intro to DVWA and the video series - 0:30 Install and configure DVWA - 2:00
0 - Intro/Setup - Damn Vulnerable Web Application (DVWA)
Introduction to DVWA
In this section, the speaker introduces the Damn Vulnerable Web Application (DVWA), a vulnerable web app based on PHP and MySQL that allows users to test out different web-based vulnerabilities. The speaker explains that they will be going through different categories in each video, covering easy, medium, and difficult challenges.
Downloading and Installing DVWA
- To download DVWA, go to the GitHub repo and put it into your /var/www/html directory.
- Follow a guide for setting up DVWA on Kali Linux or Windows. Use a virtual machine to run DVWA as it is a vulnerable web app.
- Modify the config file by setting a username and password of your choice.
- Configure the database by creating a user with all privileges and configuring Apache 2 server.
Configuring PHP
- Check which version of PHP you have with
cd etc php.
- Configure PHP any by allowing URL f open and URL includes set them both to "on".
Setting up DVWA
In this section, the speaker sets up DVWA and explains how to browse to it.
Browsing to DVWA
- Browse to DVWA by copying the config file to config.inc.php.
- Click "Create/Reset Database" on the setup page.
- Login with admin as username and password.
Adding DVWA to Bookmarks Toolbar
- Add DVWA to bookmarks toolbar for easy access.
Setting Difficulty Level and Tools Required
In this section, the speaker explains how to set difficulty level and mentions some tools required for the challenges.
Setting Difficulty Level
- Set difficulty level from low, medium, high, or impossible.
- The goal is for it to be secure against all vulnerabilities.
Required Tools
- Install bash aliases for starting MySQL and Apache 2 services.
- Install Burp Suite with Foxy Proxy set up.
- Install Port Swigger certificate in preferences privacy and security certificates.
Bash Aliases and Burp Suite Setup
In this section, the speaker explains how to use bash aliases and set up Burp Suite.
Using Bash Aliases
- Use bash aliases for starting MySQL and Apache 2 services.
- Add cat command with sudo service mysql start or sudo service apache2 start depending on setup.
- Use quotes around command name if using alias keyword in name of command.
Setting Up Burp Suite
- Set up Foxy Proxy with a profile containing Burp settings.
- Install Port Swigger certificate in preferences privacy and security certificates.
- Turn on intercept request in order to filter traffic through Burp.