Reference no: EM132973936

Lab: Penetration Testing Tools

Resources folder

Take all the screenshots so that I can follow on my virtual machine later. (All the installation procedures and commands used on Terminal) Seems like you need to install java first (See the resources file)

Exploring WebScarab NG and Webgoat

WebScarab NG is another web security application testing tool that is pre-loaded on our virtual machines.

Olo, WebGoat is a deliberately insecure web application maintained by OWASP. It can be used to teach and practice web application security lessons. Experiment with WebScarab NG and Webgoat by practicing the information provided below. (Click the titles to learn more)

WebScarab Installation
WebScarab-NG (or simply WebScarab) is preinstalled on our Linux-based and XP-based VMS. If this is your first time using WebScarab. please spend some time perusing the WebScarab official vNelp.agg to learn more about the pen-test tool. Before you launch WebScarab on your VM. make sure that no other proxy is running (for example ZAP or Burp must be shut down if it is still running).

In a launched LXTerminal. type the following
-S java -jar /usr/tools/WebScarablWebScarab-ng.0.2.1.one-jar.jar
WebScarab wdl launch. Once the tool is fully loaded, you have WebScarab ready for use as shown in Figure Lab 2.1 Click -0K. No password is needed for user 'se (For advanced user. you can configure your JDBC connection).

Just like ZAP and Burp Suite. WebScarab also functions as a proxy. Therefore. you must change your brows& connection setting before you can use WebScarab to capture the transmitted data between a browser and a web server. If port 8008 (that is also the default port for WebScarab-NG) is used. then you can configure your Firefox the same way as we did for ZAP or Burp. However. port number must be 8008 as shown below (Figure Lab 2 2)

When you access a wobsite from the Firefox browser, WebScarab MI capture the data transmitted between the browser and the websito you are browsing (Figure Lab 2 3) Explore the various tabs and refer to the Vteb$carab NG page to search fix additional resources

To try out the website you can simply dick the shortcut in the Bookmarks Bar to access Webgoat as shovm in Figure Lab 2.6 (You can also manually type the URL

http filocalhost 8080/WebGoaVlogin If a different port was used when you fired up the website in the above LXTerminal you have to change 8080 to the number you specified )

Note You will need to create your login account to use the website Simply create a Username and establish a Password No other information is required To shut down the website. you can simply kill the LXTerminal that holds the website launching process.

Attachment:- Instruction - Lab pen.rar