The purpose of this program is to help beginner and intermediate users to hone their web exploitation and development skills by mirroring a vunerable e-commerce application. It also allows the user to make changes to the front and back end, with reset buttons provided if something goes wrong.
The program isn't perfect and only has a number of vulnerabilities, so feel free to add your own vulnerabilties.
This is purely for edcational purpose and so the creator does not condone the use of knowledge gained here for malicious purposes.
This program has only been tested on the Linux operating system, so it is recommended to use Linux as the choice of OS, specifically Ubuntu
The first program that needs to be installed is Docker as the program makes use of dockers containers, and it is essential that Docker-Compose is installed in order to build the container for the program.
Next it is recommended to use either Google-Chrome or Firefox as they are the only browsers to have been fully tested, any others might result in the CSS code to not render, as is the case with Chromium. For the best experience I recommend Google Chrome as there are a few external CSS packages invoked that only seem to run on Chrome, but they are aesthetic and do not add to the functionality of the website.
For web exploitation, it is necesary to install and use a web proxy to intercept and ghance requests. I made use of the [Burp-Suite] (https://portswigger.net/burp/communitydownload) proxy.
The container takes up roughly 500MB of space as it also includes every dependency required to run it, including mySQL 5.7 and PHP 5.4.
- On the linux operating system, open up the command line inside the folder containing the program.
- Make the project folder writable and executable using:
sudo chmod -R 777 GVW
- Make sure there are no processes using port 8080, this can be done using the following line on linux:
netstat -aon | grep 8080
And to kill the process:
sudo kill -9 [Process ID]
- Use 'docker-compose' to build and run the program, using a line similar to:
sudo docker-compose up
During this process, some scary red text may appear. This is normal and there is no need to worry.
-
Check the program is working by accessing http://127.0.0.1:8080
-
To close the program go to the terminal and use Ctrl +C and then type in:
sudo docker-compose down
For the web proxy, I used [Burp-Suite] (https://portswigger.net/burp/communitydownload).
- Install and setup the Burp Suite proxy using the link provided.
- Setup the proxy to listen on an arbritrary port, I personally used port 8100.
- Setup the browser of your choice to listen for a proxy on the same port as the one used above, usually done via Settings then search for proxy settings.
It is recommended to clone the project and import it into [Visual Studio] (https://code.visualstudio.com/download) in order to edit the code. DO NOT EDIT the folder labeled copies as that is used for resetting the front end or the backend if the user makes a change to the program that they wish to take back but for some reason cannot do so normally.
When making changes, make sure that you have ctually saved the changes locally (Ctrl + S in visual studio) then refresh the page. If they are not immediately visible, try emptying the browser's cache, or by re building the container via:
sudo docker-compose build --no-cache
This project has been designed to make use of google chrome and cannot guarantee that the application will look good on others. In some cases the CSS will fail to render at all if there is a web proxy active and you are not using Chrome, the only way to rectify this is to disable the proxy or to make sure the proxy for the browser has a valid certificate .