Skip to content

interference-security/DVWS

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
class
 
 
css
 
 
fonts
 
 
img
 
 
includes
 
 
js
 
 
pages
 
 
LICENSE
 
 
README.md
 
 
blind-sql-injection.php
 
 
brute-force.php
 
 
changelog.txt
 
 
command-execution.php
 
 
composer.json
 
 
csrf.php
 
 
error-sql-injection.php
 
 
file-inclusion.php
 
 
index.php
 
 
logout.php
 
 
phpinfo.php
 
 
reflected-xss.php
 
 
setup.php
 
 
stored-xss.php
 
 
ws-socket.php
 
 
OWASP Damn Vulnerable Web Sockets (DVWS) Requirements Setting up DVWS Running DVWS Important Note Screenshot

README.md

OWASP Damn Vulnerable Web Sockets (DVWS)

OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the ones listed in the application.

https://owasp.org/www-project-damn-vulnerable-web-sockets/

Requirements

In the hosts file of your attacker machine create an entry for dvws.local to point at the IP address hosting the DVWS application.

Location of hosts file:

Windows: C:\windows\System32\drivers\etc\hosts

Linux: /etc/hosts

Sample entry for hosts file:

192.168.100.199         dvws.local

The application requires the following:

Apache + PHP + MySQL

PHP with MySQLi support

Ratchet

ReactPHP-MySQL

Install "Ratchet" and "ReactPHP-MySQL" using composer:

git clone https://github.com/interference-security/DVWS
cd DVWS
composer install

Setting up DVWS

Set the MySQL hostname, username, password and an existing database name in the includes/connect-db.php file then go to Setup to finish setting up DVWS.

Running DVWS

On the host running this application, run the following command from DVWS directory: php ws-socket.php --heartbeat-interval <seconds>

Example: php ws-socket.php --heartbeat-interval 10

Important Note

DVWS has been developed with limited knowledge of Web Sockets. Feel free to contribute and enhance this project.

Screenshot

image

About

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

www.owasp.org/index.php/OWASP_Damn_Vulnerable_Web_Sockets_(DVWS)

Topics

mysql php websockets owasp vulnerabilities ratchet

Resources

Readme

License

MIT license

Stars

316 stars

Watchers

16 watching

Forks

68 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages