Hacking Tutorials

Installing bWAPP in Linux to practice web application hacking

Hello Ultimates! Today we will learn how to setup bWAPP in Linux to practice web application hacking. With bWAPP you can test your skills by hacking into webapps that are vulnerable to Cross Site Scripting, HTML Injection, SQL Injection, Broken authentication etc.

Download and Extract bWAPP

First of all download it from here and then extract the files

download bWAPP

Copying files to the /var/www/html directory

Open the newly extracted bWAPP folder and copy the content. Now go to /var/www/html directory and paste the files

how to install bWAPP

Starting essential services and giving permissions to bWAPP

Next thing we need to do is to start apache2 service (needed to run bWAPP) and mysql service (for database purposes). We also need to give proper permission to the bWAPP to make it work. For this purpose I will enter these commands in the terminal one by one:

bWAPP access denied not found error

service apache2 start
service mysql start
chmod -R 777 /var/www/html

Removing database password

Edit the settings.php file located under /var/www/html/bWAPP/admin/settings.php and delete the password “bug” and save the file.

access denied in bWAPP

Everything is ready now.

Visit this link in your browser to install bWAPP —> http://localhost/bWAPP/install.php

bWAPP tutorial

After installing bWAPP. Login using the default credentials bee, bug.

bWAPP login

You will get a list of vulnerabilities you can try to hack after logging into the bWAPP

how to install bWAPP

You can start testing your skills with bWAPP now 😉

There are 3 levels available for every test Low, Medium, High. Choose the one which suits your level of skills and keep practicing.

Also Read: Reflected XSS on JSON, AJAX, XML based web apps

About the author


I am Somdev Sangwan also known as D3V. I am n00b and I love computers and hacking. I am a python freak and your friendly neighborhood hacker.


Click here to post a comment

Subscribe Now

Subscribe for free and get latest articles delivered right into your inbox.

Thank you for subscribing.

Something went wrong.