[Owasp-live-cd-2008-project] Ubuntu 11 vs. WTE

OWASP Live CD 2008 Project owasp-live-cd-2008-project at lists.owasp.org
Wed Feb 29 19:41:28 UTC 2012


Thanks for the (quick!) help, Matt. Much appreciated.

For others on this list, FYI...

I have successfully gotten the OWASP WTE tools installed on a couple of new Ubunto 11.10 VMs. Couple gotchas to look out for, though. See below.

First, the setups:

I have generated VMs in Parallels, VirtualBox, and VMware. In Parallels, I used the native download/install wizard to build a current Ubuntu VM. In VMware Fusion, I imported the Parallels VM. In VirtualBox, I downloaded the Ubuntu ISO and installed from scratch. (Don't ask...)

To import the Parallels VM into VMware, you MUST uninstall the Parallels Tools from the Parallels VM first. Then the import went cleanly. Just launch VMware Fusion and point it to your Parallels VM repository. When you click on a Parallels VM, it will give you the option to import it to VMware Fusion. Not quite so simple for VirtualBox -- I must be missing something -- so a clean ISO install did the trick.

Next, the gotchas:

1) Be sure your VM is up to date before starting with the WTE tools. 

	apt-get update ; apt-get upgrade.

2) If you're starting from a fresh Ubuntu, add the following to your /etc/apt/sources.list

	deb http://appseclive.org/apt/stable /
	apt-get update

3) Before trying to install the owasp-wte-* tools, be sure you have the latest openjdk installed.

	apt-get install openjdk-6-jdk

 If WebGoat isn't launching for you, this is probably why. (This was the biggest pitfall I encountered, FWIW.)

 NOTE: You may well have the JRE installed, but you need the full JDK. Do the above cmd.

4) (The xdg-utils are indeed installed by default, Matt. I think the errors I was getting were more related to something else (though I'm not positive what it was.))

5) In Ubuntu 11, the menu system is vastly different than it was in 10. Perhaps there are better ways of doing what I've done, but if you click on the "Dash Home" button on the desktop (top left), you can then click on "More Apps" --> "Installed" to find the icons for the various OWASP tools. (I didn't find/see any good way of putting them all in one menu yet.)

6) Again, if starting from a base Ubuntu, your Firefox won't have all the nice plug-ins that the Live CD had, so be sure to also install the WTE version. That'll give you (among other things) Foxyproxy, with various proxy settings pre-loaded.

	apt-get install owasp-wte-firefox

Hope that's useful.

Cheers,

Ken van Wyk


On Feb 27, 2012, at 4:24 PM, OWASP Live CD 2008 Project wrote:

> Ken, 
> 
> The quick answer is:
> 
> $ sudo apt-get install xdg-utils
> 
> which is a dependency I need to add for the menu creation to work as expected.  It used to be a default install item for Ubuntu and I must have missed that change.
> 
> Thanks for the bug report!!!  : )
> 
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> 
> 
> On Mon, Feb 27, 2012 at 3:16 PM, OWASP Live CD 2008 Project <owasp-live-cd-2008-project at lists.owasp.org> wrote:
> Hi Matt,
> 
> So I'm updating my OWASP WTE virtual machine. Things are mostly working out just fine, but a couple minor glitches -- and a (probably related)  question...
> 
> FIrst, on a couple of the packages, I'm getting some error messages about files not existing. For example:
> 
> xdg-icon-resource: file '/tmp/owasp-wte-burpsuite/owasp-wte-menu-icon.png' does not exist
> xdg-icon-resource: file '/tmp/owasp-wte-burpsuite/owasp-wte-burpsuite-icon.png' does not exist
> xdg-desktop-menu: file '/tmp/owasp-wte-burpsuite/owasp-owasp.directory' does not exist
> 
> 
> Perhaps related, I notice that some of the OWASP menu launchers for some of the applications have disappeared. For example, webgoat installs just fine, but the launch button on the menu is no longer present. Any quick win for restoring these back on the OWASP menu?
> 
> If this works, I'll also be installing a fresh Ubuntu 11 and seeing how that works. For now, I'm just updating the 10.x system.
> 
> Thanks!
> 
> Cheers,
> 
> Ken van Wyk
> 
> 
> 
> On Feb 20, 2012, at 8:32 PM, OWASP Live CD 2008 Project wrote:
> 
>> Ken and all
>> 
>> I just got done updating the Java tools that are part of WTE to make them openjdk friendly.  You can check the change log here:
>> http://code.google.com/p/owasp-wte/source/list
>> 
>> I've been doing installs on Ubuntu 11.10 without issue today so I've moved them into the stable repo here:
>> http://appseclive.org/apt/stable/
>> 
>> Some of the tools got updates (e.g. Zap proxy) but for those that only got their dependencies changed, the minor version got bumped up so that apt-get update will see the changes.  For example, the WebScarab package went from
>>   owasp-wte-webscarab-20090122-1_all.deb
>> to 
>>   owasp-wte-webscarab-20090122-2_all.deb
>> 
>> Let me know if you have any problems.  I'm planning a major refresh of WTE in April.  Exactly when that will be released will be determined by how my experiments with Ubuntu 12.04 early releases go.
>> 
>> Stay tuned...
>> 
>> --
>> -- Matt Tesauro
>> OWASP Board Member
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> 
>> 
>> On Tue, Jan 24, 2012 at 11:01 AM, OWASP Live CD 2008 Project <owasp-live-cd-2008-project at lists.owasp.org> wrote:
>> OWASP Live CD (WTE) project:
>> 
>> Anyone tried using the WTE VM (or ISO) in Ubuntu 11 yet?
>> 
>> I just installed a pristine 11.10 via the Parallels installer. (REALLY nice and easy way of installing any of several VMs quickly, btw.)
>> 
>> I've added the appseclive.org stable repository to the /etc/apt/sources.list file, but when I try to install a program (like owasp-wte-webgoat), it horks on the JDK, saying it needs sun-java6-jdk or sun-java5.jdk. However, I understand that Ubuntu 11 has moved to openjdk-6-jdk (or openjdk-7-jdk) in lieu of the Sun JDK.
>> 
>> Will the repositories at appseclive.org be updated for Ubuntu 11 any time soon?
>> 
>> Thanks!
>> 
>> Cheers,
>> 
>> Ken van Wyk
>> 
>> 
>> 
>> _______________________________________________
>> Owasp-live-cd-2008-project mailing list
>> Owasp-live-cd-2008-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
>> 
>> 
>> _______________________________________________
>> Owasp-live-cd-2008-project mailing list
>> Owasp-live-cd-2008-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
> 
> 
> _______________________________________________
> Owasp-live-cd-2008-project mailing list
> Owasp-live-cd-2008-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project
> 
> 
> _______________________________________________
> Owasp-live-cd-2008-project mailing list
> Owasp-live-cd-2008-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-live-cd-2008-project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-live-cd-2008-project/attachments/20120229/3a0bc201/attachment.html>


More information about the Owasp-live-cd-2008-project mailing list