So I have decided to make a collection blog posts covering OWASP’s Juice Shop, from setup to going through some of the sections.
So before we jump into this, maybe I should explain what a Juice Shop is, but since OWASP has already written something cover this, so I will just use there blurb:
“OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!”https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
For the purpose of this blog post, I have set up a basic Debian VM to install Juice Shop into. We will also be using Docker as part of this setup. So let’s install docker to start with:
sudo apt-get update sudo apt-get update
sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg2 \ software-properties-common
Now time to take care of the GPG key:
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
With the prerequisites and GPG key taken care of, let install the Docker repository:
sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/debian \ $(lsb_release -cs) \ stable"
We just need to do one last update since adding the new repository:
sudo apt-get update
Finally, we can install Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io
The following command should download and run the hello-world container, this should confirm if Docker is installed and working:
sudo -g docker docker run hello-world
If everything went as intended, you should get a “Hello from Docker!” message (along with a bit more output).
Now it is time to set up the Juice Shop, so let’s pull down a prebuilt docker image (use at your own risk, always check the files you run on your system, etc):
sudo -g docker docker pull bkimminich/juice-shop sudo -g docker docker run --rm -p 3000:3000 bkimminich/juice-shop
With that you should end up seeing something like the following:
nfo: Detected Node.js version v10.15.3 (OK) info: Configuration default validated (OK) info: Server listening on port 3000
With this, you should now have the Juice Shop up and running, browsing to the
Edits Made After posting