- Do you use ASOS.com for online shopping? You might be interested in this article about a price comparison Telegram bot I created.
Recently, I had to work on WebGoat to study the possible vulnerabilities we can have on a test web application. But since I used to normally work on Windows (Linux now), installing it and having it to start to work was a bit tiresome. After a while, I managed to install everything needed. So here are the steps I followed to get it work.
You need to have Java and Tomcat installed on your system. Assuming Java will be there, you can download Tomcat from here. Install Tomcat in the root folder instead of the Program Files folder to avoid messing with the permission settings. When the installation finishes, go to the installation directory and navigate to the conf folder and open tomcat-users.xml file. Under <tomcat-users> tag, insert the following text
<role rolename=”admin-gui”/> <role rolename=”manager-gui”/> <role rolename=”webgoat_admin”/> <role rolename=”webgoat_user”/> <role rolename=”webgoat_basic”/> <user name=”webgoat” password=”webgoat” roles=”webgoat_admin” /> <user name=”guest” password=”guest” roles=”webgoat_user” /> <user name=”basic” password=”basic” roles=”webgoat_basic” /> <user name=”admin” password=”yourpassword” roles=”admin-gui,manager-gui” />
Now download the latest version of WebGoat WAR file from here. At this time, Tomcat should be listening on http://localhost:8080 unless you modified this setting during the installation of Tomcat. Open that address on your browser. Click on Manage App and then insert the username and password you specified at the last line of the above code. Then go down to WAR file to deploy section and locate your installation file from your download folder and click on Deploy.
That’s it. Now you should be able to see the WebGoat app working by navigating to http://localhost:8080/WebGoat/attack.
6 thoughts on “Installing WebGoat on Windows”
i have added the roles you provided above in tocat-users.xml but each time when enter user name=admin and password= yourpassword on clicking login button no action will be performed.
I’m also having this problem. Anybody please help me…
I’m also having same problem. Please anybody help me…
Where exactly should I insert the above xml code? I couldnt save the file when I pasted the text inside the tag…It shows a dialog stating that it is denied!!! Please help me fix the issue
open notepad as an administrator, then open the xml file. you should be able to save now.
That is why I noted “Install Tomcat in the root folder instead of the Program Files folder to avoid messing with the permission settings.”
Yeah thank you!! Got the problem solved…