If you want to connect to Web Goat remotely will need to modify the server_80.xml file (or server_8080.xml based on your config) to allow remote connections. DOING THIS INCREASES RISK TO YOUR SYSTEM.
To modify the xml file navigate to your Web Goat folder. In my case
Select the appropriate file for editing; in my case server_80.xml. Change the line:
Start the Web Goat listener.
I ran the below script from one system to connect to the system where Web Goat was listening.
browser = mechanize.Browser()
browser.add_password("http://192.168.1.14/WebGoat/attack", "guest", "guest")
for form in browser.forms():
print "form is: ", form
for link in browser.links():
print link.text + ' : ' + link.url
Of course the IP address of where your Web Goat will most likely vary. So what is going on in the above is:
1. I imported mechanize (this needs to be installed onto your system)
2. I created a browser instance
3. I added the default username and password of Web Goat to browser instance 'guest' and 'guest'
4. I opened a session with the Web Goat listener
5. I print the available forms (there really is no need to do this)
6. I select the form (there is only one on this page)
7. I submit the form
8. I print the links' text and url's just to verify that I have successfully logged in and started the Web Goat
Next steps for me to practice are attacking Web Goat with Mechanize.