Introduction
Before hacking anything, you need a safe and legal environment β a sandbox where you can learn, break, and fix without consequences.
In this part, weβll guide you through setting up a complete Web Hacking Lab with vulnerable web apps, intercepting tools like Burp Suite, and a browser configured for testing.
π§° What Youβll Set Up
π§ Kali Linux (Virtual Machine or native)
π Vulnerable apps: DVWA, bWAPP, Juice Shop
π Tools: Burp Suite, OWASP ZAP, browser plugins
π Local or isolated environment (for safety)
π¦ Step 1: Install Kali Linux (Preferred OS)
You can use Kali via:
Virtual Machine (recommended): Download from Offensive Security
Live USB or bare metal install
Why Kali?
Pre-installed tools (Burp Suite, Nmap, SQLMap)
Built for penetration testing
π Tip: You can also use Parrot OS or Ubuntu + manual tools.
𧱠Step 2: Install Vulnerable Web Apps
𧨠DVWA (Damn Vulnerable Web App)
sudo apt install apache2 mariadb-server php php-mysqli gitcd /var/www/html sudo git clone https://github.com/digininja/DVWA.git
Set up the configuration file:
cd DVWA/config
sudo cp config.inc.php.dist config.inc.phpStart the necessary services:
sudo service apache2 start
sudo service mysql startAccess DVWA in your browser:
http://localhost/DVWAπ bWAPP (Buggy Web App)
Clone the bWAPP project into your web root:
cd /var/www/html
sudo git clone https://github.com/rajeshkumarkhadka/bWAPP.gitConfigure check.php and database settings manually if needed.
Then open the app in your browser:
http://localhost/bWAPPπΉ Juice Shop (OWASP Juice Shop)
Install Juice Shop using Node.js:
npm install -g @juice-shop/juice-shop
juice-shopOnce started, open the app in your browser:
http://localhost:3000Alternative deployment options:
- Docker
- Heroku
Try online (no setup required):
https://demo.owasp-juice.shopπ΅οΈ Step 3: Install Burp Suite
π§° Burp Suite β Web Proxy Tool
Burp Suite is a powerful tool used for:
- Intercepting HTTP/HTTPS traffic
- Modifying requests on the fly
- Scanning for web vulnerabilities
π¦ Already pre-installed in Kali Linux. If not, install it manually:
sudo apt install burpsuiteπ§ Setup Instructions:
- Open Firefox
- Go to Preferences β Network Settings
- Choose Manual Proxy Configuration
- Set:
- HTTP Proxy: 127.0.0.1
- Port: 8080
- Enable:
Use this proxy for all protocols - Import Burpβs CA certificate to avoid HTTPS warnings
𧩠Bonus Tools & Browser Setup
Install these Firefox extensions:
HackBar β for manual payload testing
Wappalyzer β detect web technologies
Cookie Editor β manipulate cookies
User-Agent Switcher β disguise your browser
β Final Checklist
| Tool | Purpose |
|---|---|
| Kali Linux | Base OS for hacking tools |
| DVWA / bWAPP / Juice Shop | Targets for practice |
| Burp Suite | Request interception & modification |
| Firefox (hardened) | Testing browser |
| Proxy extensions & plugins | Improve speed & workflow |
π Wrapping Up
You now have your own ethical hacking lab, where you can safely practice and master every web attack technique we’ll cover next.
π Up next:
Part 3 β Information Gathering: Mapping the Web Attack Surface
Youβll learn how to fingerprint websites, find subdomains, detect input points, and build a hackerβs understanding of a target.
1 thought on “Setting Up Your Web Hacking Lab”