Docker Burp Suite

Latest version
  1. Docker Burp Suite Login
  2. Docker Burp Suite Free
  3. Docker Burp Suite Download
  4. Docker Burp Suite Tutorial
  5. Burp Suite Docker

How to setup Burp Suite inside a docker container. Dockerfile FROM debian: RUN apt-get update && apt-get -y install locales: RUN apt-get update. Getting Started with Burp Suite Burp Suite is a very powerful tool for manipulating websites to find vulnerabilities. The community edition will work fine but is much slower than the Professional version. You can use the community edition to learn however if you are serious you should support the product and purchase it ($400/year).

Released:

A small library for working with the Burp Suite API

Project description

Burp Suite Professional & Enterprise API client (Unofficial)

A small Python library for working with the Burp Suite API.

Note - Requires Burp Suite Professional or Enterprise - https://portswigger.net/

Example usage:

Release historyRelease notifications RSS feed

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for burpsuite, version 0.0.3
Filename, sizeFile typePython versionUpload dateHashes
Filename, size burpsuite-0.0.3.tar.gz (51.2 kB) File type Source Python version None Upload dateHashes
Close

Hashes for burpsuite-0.0.3.tar.gz

Hashes for burpsuite-0.0.3.tar.gz
AlgorithmHash digest
SHA256f63632a2bd920b97a3d3e25ad4f8b2c91423321aad5ecd3004e125b3a5d94e9b
MD59ac0a5153b6fd3b693c6fe4b7b5caf40
BLAKE2-25664361cdd86a0c2f83f7c6a3a1253875fe14757ea8712ec30c7bb5e3089104e7b

Welcome back to the OWASP Top 10 training series. Today, we are going to install OWASP Juice Shop using both Heroku and Docker. This is the last step in our OWASP Top 10 lab setup. Last time, we installed OWASP WebGoat.

I’ve chosen to add it in this application so that we can experiment with attacking Nodejs backend targets with AngularJs front-end.

After this tutorial, we will start practicing the exploitation of the OWASP Top 10 vulnerabilities.If you haven’t been following along from the beginning, it’s not too late. All you have to do is follow the instructions on OWASP Zap or Burp Suite setup blog posts. Then install OWASP WebGoat and WebWolf. Or, if you prefer videos, I created the OWASP Top 10 video training series just for you.

In order to stay updated when new episodes are available, make sure to subscribe to the Friday newsletter below!

Why OWASP Juice Shop for this OWASP Top 10 training?

OWASP Juice Shop is a deliberately vulnerable modern web application built on the current single web application stacks. Besides, it has a front-end based on AngularJs and a backend in NodeJs. Moreover, it uses both sqlite and NoSQL MongoDB databases. It also has a rest API.

Juice Shop is an awesomely well maintained project. Therefore, it is a great target to hone your skills, whether you are a beginner or an experienced pentester.

A public instance is already available at https://juice-shop.herokuapp.com. However, I don’t recommend you directly test against it. In fact, you will often find some challenges already solved. Nektar ableton. Besides, it is a shared instance with others who might be malicious. Finally, it is especially not intended for brute forcing or automated testing. So be responsible and use it just to get a feel of Juice Shop features.

You can learn more on the Juice Shop architecture and its many features here.

Disclaimer: this is a deliberately vulnerable Web application. I strongly discourage running it on your host machine. For this reason, I a m going to continue working on my Debian 9 VM. For now, I’ll assume that you already have a Debian 9 VM running on your favorite Virtualization software. I am using VirtualBox.

How to Install OWASP Juice Shop on Heroku

Heroku is a cloud platform as a service (PaaS) supporting several programming languages. This means that you can deploy your code directly on the cloud and have a link to your web application. This is very convenient because it lets you deploy Juice Shop without any local setup.

  1. First, you need to have a Heroku account, which is free. Go to the signup page and register a new account.
  2. Go to the OWASP Juice Shop Github page and scroll down until you see the Heroku deploy button.
  3. Click on Deploy to Heroku, you will be redirected to your Heroku account.
  4. Give your app a unique name, and click on Deploy app button.
  5. Grab a cup of coffee 🙂
  6. After a while, you will have a brand new instance up and running.
  7. Click on the View button at the bottom to visit your instance.

How to Install OWASP Juice Shop locally using Docker

If you’d like to reduce network latency, or even not depend on the internet, working locally would be the way to go. We are going to use Docker to avoid installing all the dependencies. If you don’t have Docker installed yet, you can install it using the instructions on how to install Docker in the OWASP WebGoat tutorial.

  1. Connect to your Debian 9 VM that we created earlier.
  1. Download and run OWASP Juice Shop
  1. Go to: http://your-debian-9-vm-ip-address:3000
  2. You should see the same web page as https://juice-shop.herokuapp.com

Docker Burp Suite Login

Install Juice shop from source code

Docker Burp Suite Free

Some challenges are not available in neither Docker nor Heroku. For this reason, you have no choice but installing Juice shop from source code.

Docker Burp Suite Download

Burp

Step 1: NodeJS installation

Docker Burp Suite Tutorial

  1. Download the Linux64 bit binaries
  1. Extract it to a destination of yours, mine is /home/thehackerish/nodejs
  1. Update your PATH variable

Step 2: Juice Shop from source

  1. Go to Juice Shop’s release page and choose the archive you would like. Because I am using a Debian VM with a nodejs version 12, I am going to choose this one.
  2. Extract the archive
  1. Change directory to the folder and run the application
  1. Now all you have to do is visit your browser to verify that your challenges are available.

Testing our installation

Burp Suite Docker

Now that Juice Shop is up and running, let’s see if we can capture HTTP requests using our previously installed web proxies.

Suite
  1. Make sure you have either Burp Suite or Zaproxy up and running on your host machine.
  2. Using the FoxyProxy add-on, choose a web proxy.
  3. Go to the URL of Juice Shop.
  4. Verify that you can capture HTTP traffic.

The following screenshots demonstrate that my local Juice Shop instance is well configured with Burp Suite.

The following screenshots demonstrate that my local and Heroku Juice Shop instances are well configured with OWASP Zap.

Congratulations! You’ve finished setting up the lab for the OWASP Top 10 training! In the next episode, we are going to start exploiting our first vulnerability. Stay tuned!

A video is available on Youtube if you enjoy learning by watching!