1. Home
  2. Training Library
  3. Web Penetration Testing with Juice Shop

Juice Shop Deployment

Start course
Overview
Difficulty
Intermediate
Duration
2h 6m
Students
4
Description

This course puts into practice a lot of the concepts we've covered so far. We'll be using a vulnerable website called Juice Shop to solve a variety of challenges. This will give us opportunity to practice what we have learned so far, and also learn about new techniques and new vulnerabilities as well, such as XX vulnerabilities.

Transcript

Hi. Within this lecture, we're going to see how to deploy this Juice Shop to Heroku, okay? In order to do that, I'm going to open my GitHub page. So, find the link that I have shared in the resources of this lecture. So, it's GitHub, my name Atilsamancioglu and Juice Shop, and if you scroll down a little bit, you can see this deploy on Heroku section. So, it's very easy to do, thanks to this button over here. All you have to do is just create an account in the Heroku and then just hit on this button, and your website will be live and it will be connected on the Internet. It's going to be great, okay? So, it's for free by the way, of course, Heroku also has some paid versions of its services as well, but we are good to go with the free services. So, here you go. Now, of course, if Heroku doesn't work for you, or if you want, you can just follow these instructions and run this locally on your web server as well. But I'm not going to do that, I'm doing that because I want to run this on a real server, so it will be a good experience for you, okay? So, you can follow these instructions to install the Node.Js on your Kali Linux and it will be probably installed for you. You can just clone this on your local server, but we're going to do this because it's free, it's for real and it's much better. So, first of all, I'm going to open this in a new link, and sign up on the Heroku, okay? So, as you can see Heroku is a service. A very good web service actually that can allow you to run web services or something like a server on a cloud. And we're going to have to give your name and last name and email and company, something like that. You don't have to give the company name obviously, but you can choose whatever you want from here. So, let's do that together. I'm going to give it my name and I'm going to give some email address over there. So, I'm going to do this last. So, make sure you choose your email address. So, for the role, I'm going to say something over here, like a professional developer, so your country, choose your country, language, choose a language and this is not a regular language, it's a like a development language, I'm going to go for Python. It doesn't matter what you choose by the way. So, let me just do this capture. And finally, I'm going to give my email address and let's see if this one works. So, I'm going to give some email address and try to create a free account. And this email address is already used by me, I believe. So, let me give another email address of mine, okay? And let's try this, let's try this another roboting one more time and try this. Apparently, I've used all of my email addresses, so let me try this one. So, I believe this one is not in use. So, this is just a test email that I'm using for hacking purposes. And here you go. Right now I have to go to this email address and confirm this, okay? So, let me go to that email address and let's see if I'm logged in with that in this Kali. Yeah, here you go. Now, all you have to do is just open this and hit on that and it will confirm this, okay? So, we're going to have to create a password over here. I'm going to choose a password, so make sure you follow the instructions. So, it has to be minimum of eight characters contain letters, numbers, and symbols. Here you go. Now, we are here we can proceed. So, after you create your account it will take you to this dashboard of Heroku. Okay, you don't have to do anything in here. You can actually close it down. All you have to do, log into your account and click 'Deploy to Heroku' button here, okay? So, this will automatically do everything for us since we are logged in. If it's not going to ask for anything, it will only ask for an app name, and it's trying to deploy the Juice Shop which is good. So, for the app name, you're going to have to choose something that actually makes sense; something like OWASP Juice Shop. And as you can see, it's not available, so I'm going to add atil over there, just choose your own name and choose the region, it doesn't matter, I'm going to go for Europe since I'm very close to Europe, okay? And I'm going to say Deploy app, and it's going to take a little while to do that by the way. But after this is done, then we're going to have a website that is working really on the Internet and it won't have a cool nickname, it won't have a cool domain name, it will have the name of owaspjuiceshopatil.heroku.com. So, if we want we can add a domain later on. But of course, we're not going to do that because it's a vulnerable site. So, you don't want to share this with anyone because they will hack it eventually. And I thought of just leaving this on the Internet and sharing link with you guys, so that you can practice without just going all through this hassle. But again, this will be hacked by someone eventually. Someone will break something on the website, okay? And you're going to have to reset it and you won't be able to do that without logging into my Heroku account. So, it's better to learn about this stuff and just deploy your own server and deal with it. And then when you're done, you can just delete your server. Okay, I'm going to show you how to delete it as well after you deploy it. But first we're going to have to deploy it. And again, this is how you actually create a web server and create like a website if you want on Heroku as well. Developers generally use Heroku Digital Ocean kind of thing when they want to create a web server. It's very user friendly and it's a very good service. Now, I'm going to pause this video and come back when this is deployed because it's going to take something like 15-20 minutes I believe, so feel free to pause the video and come back when it's done as well. So, here you go. Now it's done for me, okay? And when you see your apps was successfully deployed, then it means that you are ready. So, there are two options over here. One is for viewing the website itself and the other one is for the managing the app. So, I'm going to show you both ways. First of all, we're going to see if we manage to deploy it really by viewing the app itself. So, I'm going to click over here. it will open this in a new tab, okay? So, we're going to come back to managing the app later on. I'm going to close this one, and here you go. We are inside of the OWASP Juice Sh, this is the website that I'm talking about. Now, let's go to manage app and see the options that we get. As you can see, this is our app owaspjuiceshopatil over here. So, yours will be obviously different, okay? But if we can see the details over there, we can see the latest activity. We can see the installed add-ons and something like that. We don't need any add-ons over there just to increase the bandwidth or something like that. If you go to Settings, you can change the app name, you can actually view the region and stuff. If you scroll down a little bit, you can add domains if you want like owasp.com. Of course, owasp.com is going to be taken, but whatever you want in here by purchasing a domain, but you don't have to do that, okay? So, if you're doing a real website, of course, you may want to do this, but not in this case. So, over here you can transfer your app to anyone you want. You can just delete the app after you're done. I suggest you delete the app after you're done, because it's a vulnerable app and it's on the Internet. Someone can hack this. It's not going to cause any problems, but there's no point to leave that open. So, after you're done, you can just come over here and just try to see these menus and try to delete your app if you're done with it. So, that's our website. So, find us, find your own website, and then we're going to start working on this website to discover the vulnerabilities and challenges that we're going to solve, okay? As you can see this's a website that you can order juice. It's an e-commerce website, actually, and this is going to be pure fun. So, we're going to stop here and continue working on this in the next lecture.

About the Author
Students
431
Courses
55
Learning Paths
3

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.