Import the BWAPP-all-network.ova and ensure the USB controller is not selected and the Guest OS Type is Ubuntu 64-bit. Then, open its browser.
Step 2
Select bWAPP – Start to enter the login page.
Step 3
The keyboard layout is set to Belgium by default. Change it to USA via System > Preferences. Click Add in the Layouts tab to select the USA keyboard. Make sure it is selected as the default.
Note: The top-right corner shows the keyboard layout that is currently selected.
Step 4
Next, remove the Belgium keyboard layout.
Step 5
Create a new user in the web interface by clicking bWAPP – Start, selecting New User, and entering the required information.
Task 2: Implement XSS Attacks
Step 1
After creating a user, log in to the website and navigate to the Bugs page.
Step 2
In the A3 – Cross-Site Scripting (XSS) section, choose Cross-Site Scripting – Reflected (GET) and click Hack.
Step 3
Enter content to see how the webpage handles input and then try to enter a script to cause the XXS vulnerability. If you cannot figure out how to accomplish this, review the hints at the end of the lab.
Step 4
Navigate back to the Bugs page and select Cross-Site Scripting – Stored (Blog). Enter text into the blog and click Submit to note the response.
Step 5
Next, submit an input to execute the alert() function, as in Step 3.