bWAPP (Buggy Web Application) é uma aplicação web deliberadamente insegura. Ela possui diversas vulnerabilidades presentes em ambientes reais e pode ser considerada um excelente substituto para o DVWA - Damn Vulnerable Web Application como plataforma de ensino e aprendizagem de Penetration Testing. Sendo um ambiente completo e controlado para Testes de Intrusão e Ethical Hacking, ela também pode ser encontrada dentro do seu virtual appliance: bee-bug, que possui além das mais de 100 vulnerabilidades web mais diversas vulnerabilidades de de Infra-Estrutura, como por exemplo: SSL (BEAST/CRIME/BREACH/Poodle) e até serviços de VNC/FTP/NTP ou SNMP deliberadamente mal configurados.
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.
Download our What is bWAPP? introduction tutorial, including free exercises...
bWAPP is for web application security-testing and educational purposes only.
Have fun with this free and open source project!
Cheers, Malik Mesellem
Diferente de outros ambientes web, como por exemplo o http://testphp.vulnweb.com/, que só possuem vulnerabilidades de SQL/XSS e afins, o bWAPP (ou bee-bug) possui vulnerabilidades que comprometem o ambiente inteiro. Podendo obter acesso total a VM.
- SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections
- Blind SQL injection and Blind OS Command injection
- Boolean-based and time-based Blind SQL injections
- Drupal SQL injection (Drupageddon)
- AJAX and Web Services issues (JSON/XML/SOAP)
- Heartbleed vulnerability (OpenSSL) + detection script included
- Shellshock vulnerability (CGI)
- Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
- phpMyAdmin BBCode Tag XSS
- Cross-Site Request Forgery (CSRF)
- Information disclosures: favicons, version info, custom headers,...
- Unrestricted file uploads and backdoor files
- Old, backup & unreferenced files
- Authentication, authorization and session management issues
- Password and CAPTCHA attacks
- Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
- Arbitrary file access with Samba
- Directory traversals and unrestricted file access
- Local and remote file inclusions (LFI/RFI)
- Server Side Request Forgery (SSRF)
- XML External Entity attacks (XXE)
- Man-in-the-Middle attacks (HTTP/SMTP)
- HTTP parameter pollution and HTTP verb tampering
- Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,...
- POODLE vulnerability
- BREACH/CRIME/BEAST SSL attacks
- HTML5 ClickJacking and web storage issues
- Insecure iFrame (HTML5 sandboxing)
- Insecure direct object references (parameter tampering)
- Insecure cryptographic storage
- Cross-Origin Resource Sharing (CORS) issues
- Cross-domain policy file attacks (Flash/Silverlight)
- Local privilege escalations: udev, sendpage
- Cookie and password reset poisoning
- Host header attacks: password reset poisoning en cache pollutions
- PHP CGI remote code execution
- Dangerous PHP Eval function
- Local and remote buffer overflows (BOF)
- phpMyAdmin and SQLiteManager vulnerabilities
- Nginx web server vulnerabilities
- HTTP response splitting, unvalidated redirects and forwards
- WSDL SOAP vulnerabilities
- Form-based authentication and No-authentication modes
- Active Directory LDAP integration
- Fuzzing possibilities
- and much more...
- HINT: download our bee-box VM > it has ALL necessary extensions
- bee-box is compatible with VMware and VirtualBox!
- Enjoy it little bees ;)
Observação: A ultima atualização da plataforma data de 2/11/2014. Isso é bom e ruim. Bom pois como ela esta desatualizada, as vulnerabilidades descobertas dessa época pra ca, dos serviços que ela possui, estão exploráveis. Mas o lado ruim é a falta de mais serviços vulneráveis que poderiam ter sido adicionados na plataforma nesse meio tempo.
Fica a dica para contribuirmos com o projeto!
Referências:
http://www.itsecgames.com/
https://sourceforge.net/projects/bwapp/
I went on google in search of how to take off eviction from my public records and most people on different forums kept talking about a professional . and how fast, affordable and reliable he is…I then went ahead, and told him my issues with my records. His response to my mails made me calm and optimistic about the whole thing. I made a down payment for the job and he cleaned my public records in 3 days. What a relief!…Now i don't have to worry anymore and its so amazing. Fix your credit report by contacting his email {onlinehacker4hire@gmail.com} and by the time he's done with your job, do not hesitate to spread words about his services to people in need of a professional hacker because i'm very sure you'd be glad you hired him for the job.whatsapp:
ResponderExcluirI went on google in search of how to take off eviction from my public records and most people on different forums kept talking about a professional . and how fast, affordable and reliable he is…I then went ahead, and told him my issues with my records. His response to my mails made me calm and optimistic about the whole thing. I made a down payment for the job and he cleaned my public records in 3 days. What a relief!…Now i don't have to worry anymore and its so amazing. Fix your credit report by contacting his email {onlinehacker4hire at gmail.com} and by the time he's done with your job, do not hesitate to spread words about his services to people in need of a professional hacker because i'm very sure you'd be glad you hired him for the job.
ResponderExcluir