Maven Security - Web Security Dojo

Has anyone ever used this VM? Specifically I am using the web goat web app by the owasp and I am trying to read session information using web scarab and I am having some trouble. The VM is ubuntu based and I have set the network proxy to the local host using port 8008. But for the life of me I have not gotten any traffic when I am submitting my name on this test page. I can't figure out what I am doing wrong.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Bl8ckr0uter

Well I figured out (stupid firefox wasn't picking up my system wide proxy settings even though I told it to).

Now I am having a problem with resolution to the web goat site. If I set the the proxy to the listening port of web scarab then I can't get to any sites. I am going to try to find a way around this.

Ok I think I figured this out too. There is a button on the bottom of the page that says accept changes, well I think you actually have to put a change in order for it to work when you click it lol.

Bl8ckr0uter

Ok I figured this one out as well. While troubleshooting earlier I put a proxy in the proxy in the proxies section of the web scarab app. Well this isn't needed, unless of course you have a proxy. I just so happened to put 127.0.0.1:8088 so it was forwarding request back to itself. Lol #fail #noob

networker050184

Glad we could help!

Bl8ckr0uter

networker050184 wrote: »

Glad we could help!

Lol!

In all seriousness the webgoat project is more of a testing environment than a testing tutorial. I thought it was going to be a mix of both (and it is kind of) but it is way more weighted to being a testing environment than anything else IMO. However with the web app hackers handbook in tote, I should be ok.