-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

The Broken Web Application (BWA) is an OWASP project that provides a self-contained VM complete with a variety of applications with known vulnerabilities. The applications within this VM enable students to learn about web application security, practice and observe web attacks, and make use of penetration tools such as Burp Suite.
To follow the recipes shown in this book, we will utilize OWASP’s BWA VM. At the time of writing this book, the OWASP BWA VM can be downloaded from https://sourceforge.net/projects/owaspbwa/files/.
We will download the OWASP BWA VM along with supportive tools to create our web app pentesting lab.
To complete this recipe, you will need the following:
For this recipe, you will need to download the OWASP BWA VM and install it by performing the following steps:
OWASP_Broken_Web_Apps_VM_1.2.7z
file.Figure 1.4 – File listing after unzipping OWASP_Broken_Web_Apps_VM_1.2.7z
OWASP Broken Web Apps-cl1.vmdk
file. Open VirtualBox Manager (that is, the Oracle VM VirtualBox program).OWASP BWA
.Figure 1.5 – Create Virtual Machine
OWASP Broken Web Apps-cl1.vmdk
file from the extracted list and click Create, as follows:Figure 1.6 – Hard disk allocation
Figure 1.7 – Network adapter settings
Figure 1.8 – Starting the VM
Figure 1.9 – Your assigned IP address for the VM
http://192.168.56.101/
. You will be given a prompt to administer the VM, but it is not necessary to log in at this time.http://192.168.56.101/
), where the IP address is specific to your machine.Figure 1.10 – Splash page of the VM
Leveraging a customized VM created by OWASP, we can quickly set up a web app pentesting lab containing purposefully vulnerable applications that we can use as legal targets for our exercises throughout this book.
Change the font size
Change margin width
Change background colour