If you want to connect to Web Goat remotely will need to modify the server_80.xml file (or server_8080.xml based on your config) to allow remote connections. DOING THIS INCREASES RISK TO YOUR SYSTEM.
To modify the xml file navigate to your Web Goat folder. In my case
P:\WebGoat-5.4-OWASP_Standard_Win32\WebGoat-5.4\tomcat\conf
Select the appropriate file for editing; in my case server_80.xml. Change the line:
to:
Start the Web Goat listener.
I ran the below script from one system to connect to the system where Web Goat was listening.
#!/usr/bin/python
import mechanize
browser = mechanize.Browser()
browser.add_password("http://192.168.1.14/WebGoat/attack", "guest", "guest")
browser.open('http://192.168.1.14/WebGoat/attack')
for form in browser.forms():
print "form is: ", form
browser.select_form(nr=0)
browser.submit()
for link in browser.links():
print link.text + ' : ' + link.url
Of course the IP address of where your Web Goat will most likely vary. So what is going on in the above is:
1. I imported mechanize (this needs to be installed onto your system)
2. I created a browser instance
3. I added the default username and password of Web Goat to browser instance 'guest' and 'guest'
4. I opened a session with the Web Goat listener
5. I print the available forms (there really is no need to do this)
6. I select the form (there is only one on this page)
7. I submit the form
8. I print the links' text and url's just to verify that I have successfully logged in and started the Web Goat
Next steps for me to practice are attacking Web Goat with Mechanize.
.
No comments:
Post a Comment