Installing WebGoat on Windows

Recently, I had to work on WebGoat to study the possible vulnerabilities we can have on a test web application. But since I used to normally work on Windows (Linux now), installing it and having it to start to work was a bit tiresome. After a while, I managed to install everything needed. So here are the steps I followed to get it work.

You need to have Java and Tomcat installed on your system. Assuming Java will be there, you can download Tomcat from here. Install Tomcat in the root folder instead of the Program Files folder to avoid messing with the permission settings. When the installation finishes, go to the installation directory and navigate to the conf folder and open tomcat-users.xml file. Under <tomcat-users> tag, insert the following text

<role rolename=”admin-gui”/>
<role rolename=”manager-gui”/>

<role rolename=”webgoat_admin”/>
<role rolename=”webgoat_user”/>
<role rolename=”webgoat_basic”/>

<user name=”webgoat” password=”webgoat” roles=”webgoat_admin” />
<user name=”guest” password=”guest” roles=”webgoat_user” />
<user name=”basic” password=”basic” roles=”webgoat_basic” />
<user name=”admin” password=”yourpassword” roles=”admin-gui,manager-gui” />

Now download the latest version of WebGoat WAR file from here. At this time, Tomcat should be listening on http://localhost:8080 unless you modified this setting during the installation of Tomcat. Open that address on your browser. Click on Manage App and then insert the username and password you specified at the last line of the above code. Then go down to WAR file to deploy section and locate your installation file from your download folder and click on Deploy.

That’s it. Now you should be able to see the WebGoat app working by navigating to http://localhost:8080/WebGoat/attack.

Cheers!

6 thoughts on “Installing WebGoat on Windows

  1. Hi
    i have added the roles you provided above in tocat-users.xml but each time when enter user name=admin and password= yourpassword on clicking login button no action will be performed.

  2. Where exactly should I insert the above xml code? I couldnt save the file when I pasted the text inside the tag…It shows a dialog stating that it is denied!!! Please help me fix the issue

    1. open notepad as an administrator, then open the xml file. you should be able to save now.

      That is why I noted “Install Tomcat in the root folder instead of the Program Files folder to avoid messing with the permission settings.”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.