BWAPP

From Alpine Linux
This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Sertonix on 17 Nov 2023.)

bWAPP or a buggy web application is a vulnerable web application.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

... "bin-path" => "/usr/bin/php-cgi82" # php-cgi ...

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

This material is obsolete ...

php-mysql doesn't exist anymore (Discuss)

apk add php-mysql mysql mysql-client php-zlib

Installing and configuring SQLol

Create a folder named webapps

mkdir -p /usr/share/webapps/

Switch to the webapps folder and download the source files

cd /usr/share/webapps/ wget https://downloads.sourceforge.net/project/bwapp/bWAPPv1.3/bWAPPv1.3.zip

Unpack the archive and delete it

unzip bWAPPv1.3.zip rm bWAPPv1.3.zip

Rename the folder

mv bWAPP bwapp

Change the folder permissions

chown -R lighttpd /usr/share/webapps/

Create a symlink to the bwapp folder

ln -s /usr/share/webapps/bwapp/ /var/www/localhost/htdocs/bwapp

Configuration and start MySQL

/usr/bin/mysql_install_db --user=mysql rc-service mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'

bWAPP configuration

Please add the MySQL configuration details to the bWAPP config file.

nano -w /usr/share/webapps/bwapp/config.inc.php

Browse to http://WEBSERVER_IP_ADDRESS/install.php for the installation.