OWASP Broken Web Applications Download
OWASP Broken Web Applications Download
Step 1: Download the Virtual Machine from ONE of the links below:
OWASP_Broken_Web_Apps_VM_1.2.7z (1.8GB): https://sourceforge.net/projects/owaspbwa/files/1.2/OWASP_Broken_Web_Apps_VM_1.2.7z/download
OWASP_Broken_Web_Apps_VM_1.2.7z (1.8GB): https://velocity.ncsu.edu/dl/cadvVlz/354964 (Password: CSC515_2018)
OWASP_Broken_Web_Apps_VM_1.2.zip (2.3GB): https://velocity.ncsu.edu/dl/cadvVlz/354965 (Password: CSC515_2018)
The.7z files require using 7zip (http://www.7-zip.org/) to extract the contents. The contents of .zip files may be extracted using most standard archive utilities.
Step 2: Extract/Decompress the files (using the appropriate archive utility)
Setting up the VM in VMWare
Setting up the VM in VMWare
If you have not done so already, get You can get a copy of VMWare through the VMWare Academic Program (VMAP), accessible at https://www.csc.ncsu.edu/vmap/. The instructions below are for VMWare Fusion 10 on Mac OSX, but the process should be similar on other OS or for Fusion 8.
Step 1: Open Up VMWare
Step 2: Go to File->Open
Step 3: Select the VMX file that was extracted previously
Step 4: A window for the VM will open. Do not click the triangle button (yet).
Step 5: Go to the main VMWare window and select the OWASP VM
Step 6: Go to Virtual Machine->Network Adapter and select the Host-Only Network Adapter
Step 7: Go back to the VM. Click the triangle in the middle of the screen to start the machine.
VMWare may ask you if you want to update the VM. Go ahead and do so. If prompted, select “I copied it”
Step 8: Follow the prompts. Login using username "root" and password "owaspbwa"
Step 9: Note the URL that is provided to access the web apps. This is the URL you will use to access DVWA and Gruyere.
Step 10: Access the DVWA and Gruyere applications through any web browser using the url provided (e.g. http://192.168.246.150). Note - this may differ across installations.
Using DVWA
Using DVWA
Step 1: Once the VM is set up, access owaspbwa in any web browser using the url provided (see steps 5d and 6 of “Setting up the VM in Virtualbox”)
Step 2: Click on the DVWA link
Step 3: Login Using:
Username: admin
Password: admin
Conclusion: You should be taken to the main application screen
Note: If you receive a 503 error when you attempt to access DVWA, close your browser and clear the browser cache. Then restart the VM and attempt to access DVWA again.
Using Gruyere
Using Gruyere
Step 1: Once the VM is set up, access owaspbwa in any web browser using the url provided (see steps 5d and 6 of “Setting up the VM in Virtualbox”)
Step 2: Click on the Gruyere link. It is in the second table from the top
Conclusion: You should be taken to the Gruyere homepage
Note: If you receive a 503 error when you attempt to access Gruyere, close your browser and clear the browser cache. Then restart the VM and attempt to access Gruyere again.
Page updated
Report abuse