Anybody use bWAPP?

tedjames

I just discovered bWAPP and installed Bee-Box to run on Oracle VirtualBox. I found a couple of great tutorials:

Install it on VirtualBox: https://www.youtube.com/watch?v=syBbcK9PrA0

Bucky Roberts' Burp Suite training using bWAPP: https://www.youtube.com/watch?v=hQsT4rSa_v0&index=2&list=PLv95pq8fEyuivHeZB2jeC435tU3_1YGzV

All of Bucky's tutorials are great, as far as I'm concerned. In this one, Bucky teaches Burp Suite and uses bWAPP as a target.

If you've used bWAPP/Bee-Box, how do you like it compared with other intentionally vulnerable systems?

It took me awhile to get the keyboard layout right. Seems the default is a European keyboard. But also, I'm having trouble getting the screen resolution down to something easier to work with. The best I've been able to get is everything full size, like a system configuration popup takes up the full screen. I'll keep looking for ways to adjust the screen resolution. If you have any suggestions, I'd love to hear them.

Also, is there a way to get it to display on two screens?

Thanks!

Update: I installed bWAPP on Kali Linux thanks to this tutorial: https://www.youtube.com/watch?v=XDCZ8FC856s

tedjames

I guess I'm the lone ranger. So far, it's been great. I've been using it to learn Burp Suite and will run other tools against it eventually.

Forget that YouTube link. Apparently, this guess has reposted Bucky's videos, and they are incomplete. Instead, you can get the entire Burp/bWAPP course here: https://thenewboston.com/

Chard26

That is seriously freaky, i have been looking a bee-box over the last few days.

From what i have tried it hasn't been too bad. I am going to try DVWA and Mulltidae next I think.

Cheers
Chard

xxxkaliboyxxx

I use Bwapp, along with DVWA, metaspolitalbe, WebGoat and vulnhub VMs. They are all really nice to attack in your VM labs.

tedjames

Here are some more:
https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-legally-practice-your-hacking-skills/

https://www.checkmarx.com/2015/11/06/13-more-hacking-sites-to-legally-practice-your-infosec-skills/

That's a mess o' vulnerabilities! I'm hoping to get more into some of these as I go.

Chard posted this in another area. Looks great: https://pentest.training/

tedjames

This is odd. When I try to go to any of the SQL Injection vulnerabilities, I get a blank screen. Every other type works.

ehlaban

I have the same problem with bWAPP on kali linux 2018. Did you find a solution? Only with the SQL Injection vulnerabilities i get a blank screen.

I downloaded BeeBox as a VM and that works. But i want it to work on my kali box.

tedjames

ehlaban wrote: »

I have the same problem with bWAPP on kali linux 2018. Did you find a solution? Only with the SQL Injection vulnerabilities i get a blank screen.

I downloaded BeeBox as a VM and that works. But i want it to work on my kali box.

I did not find a solution to the SQL Injecting problem. I even tried contacting the creator of the site. No reply.

I use it on a Kali VM.

yoba222

bwapp is good but getting old now. I don't know if you can do 2 screens on it specifically, but you definitely can in VirtualBox with Linux. I remember that keyboard frustration thing.

tedjames

I could never get that dual monitor thing to work...