Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/interference-security/DVWS
OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
https://github.com/interference-security/DVWS
mysql owasp php ratchet vulnerabilities websockets
Last synced: 25 days ago
JSON representation
OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
- Host: GitHub
- URL: https://github.com/interference-security/DVWS
- Owner: interference-security
- License: mit
- Created: 2017-01-07T15:43:34.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2024-06-12T19:24:27.000Z (6 months ago)
- Last Synced: 2024-06-30T04:13:32.453Z (6 months ago)
- Topics: mysql, owasp, php, ratchet, vulnerabilities, websockets
- Language: PHP
- Homepage: https://www.owasp.org/index.php/OWASP_Damn_Vulnerable_Web_Sockets_(DVWS)
- Size: 968 KB
- Stars: 330
- Watchers: 16
- Forks: 69
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: changelog.txt
- License: LICENSE
Awesome Lists containing this project
- awesome-cyber-skills - Damn Vulnerable Web Sockets - server communication.| (Support)
README
# OWASP Damn Vulnerable Web Sockets (DVWS)
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to [DVWA](https://github.com/ethicalhack3r/DVWA). You will find more vulnerabilities than the ones listed in the application.https://owasp.org/www-project-damn-vulnerable-web-sockets/
## Requirements
In the ```hosts``` file of your attacker machine create an entry for ```dvws.local``` to point at the IP address hosting the DVWS application.Location of ```hosts``` file:
Windows: ```C:\windows\System32\drivers\etc\hosts```
Linux: ```/etc/hosts```
Sample entry for ```hosts``` file:
```
192.168.100.199 dvws.local
```The application requires the following:
Apache + PHP + MySQL
PHP with MySQLi support
[Ratchet](https://github.com/ratchetphp/Ratchet)
[ReactPHP-MySQL](https://github.com/bixuehujin/reactphp-mysql/)
Install "Ratchet" and "ReactPHP-MySQL" using composer:
```
git clone https://github.com/interference-security/DVWS
cd DVWS
composer install
```## Docker Installation
```bash
docker build -t dvws .# For connecting with existing database
docker run -it \
--name DVWS \
-p 8080:8080 -p 8888:8888 \
-e "DB_HOST=db" \
-e "DB_USER=dvws" \
-e "DB_PASSWORD=DVWS" \
-e "DB_DATABASE=dvws" \
--restart always \
dvws# or use docker-compose
docker-compose up
```Visit http://localhost:8080/setup.php for getting started
## Setting up DVWS
Set the MySQL hostname, username, password and an existing database name in the ```includes/connect-db.php``` file then go to Setup to finish setting up DVWS.## Running DVWS
On the host running this application, run the following command from DVWS directory: ```php ws-socket.php --heartbeat-interval ```Example: ```php ws-socket.php --heartbeat-interval 10```
## Important Note
DVWS has been developed with limited knowledge of Web Sockets. Feel free to contribute and enhance this project.## Screenshot
![image](https://user-images.githubusercontent.com/5358495/119394820-a725e580-bca0-11eb-9cc7-d31fc30572ce.png)