Hello WHF members.

We are now Accepting applications for.

Malware Analysis/Malware Removal Course

If you are interested please follow the link below.
Malware Course Application

Setting up OWASP-BWA with virtualBox

IT Security related topics

Moderator: Forum Moderators

User avatar

Topic author
Malware Analysis II
Malware Analysis II
Posts: 157
Joined: Mon Nov 16, 2015 6:49 pm

#1 Setting up OWASP-BWA with virtualBox

Postby kakarot007 » Sat Nov 12, 2016 8:48 am

Lab requirements:
Operating System: Windows 7 or above (with admin privilege) OR Any Linux Distro OR MAC

RAM: Minimum 4GB

Hard disk: Minimum 50GB free space

Virtual Box : download
OWASP BWA Project 1.2 image file : download

BurpSuite proxy : download
Wireshark : download
Mozilla Firefox Browser : download
7-Zip file archiver : download


Follow the steps to Setup Lab (OWASP BWA):

Step 1: Install VirtualBox

Step 2: Unzip OWASP Broken Web Apps VM

Step 3: Open VirtualBox and hit the icon for "New"

A. VM Name and OS Type: Enter name "OWASP-BWA" and select OS "Linux" and Version "Ubuntu"

B. Memory: Default of 512 is fine

C. Virtual Hard Disk: Important Select "Use existing hard disk" and click on the folder.

D. Browse to the unzipped folder contents of the OWASP Broken Web Apps VM. Select "OWASP Broken Web Apps.vmdk" Note: There are similar files ending in -s001. Don't pick those.

E. Click OK to finish VM Setup

Step 4: Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and select "Settings" (also available via menu Machine->Settings)

A. Go to Settings->Network->Adapter 1.
B. Make sure the checkmark for enabled is checked.
C. Change "Attached to:" from "NAT: to "Host-Only Adapter"
D. Click OK

Step 5: Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and hit "Start"

Step 6: After the VM boots the OWASP-BWA login page will provide the following message (the IP address will be similar but not exactly this)
You can access the web apps at

Step 7: Open a browser on your main machine (not the VM) and go to this URL. It should load a page that starts with "OWASP Broken Web Applications"

Note: You don't need to actually login to the virtual machine. Everything is already running.

Common Errors

Boot Up Error Message - Kernel requires feature on CPU: pae
A. Power off VM (not VirtualBox, just VM window)
B. Right click on OWASP-BWA on left side and select "Settings" (also available via menu Machine->Settings)
C. Go to System->Processor and enable PAE
D. Click OK and restart VM

Host Only Adapter Shows Error Message and Name says "not selected" with no options
A. Go to the VirtualBox Manager (e.g. the main virtualbox control app, not the individual vm)
B. Go to the VirtualBox->Preferences and then select "Network" (note: these are settings for the virtualbox app overall)
C. There is text box with the title "Host-only Networks:" it is most likely an empty text area and this is the problem
D. Click the plus icon on the right to add a new adapter. You should now see "vboxnet0"
E. Click ok and then go back to the VMs preferences. You should be able to select the hostonly adapter now


I might start a full tutorial series covering OWASP TOP 10 using OWASP-BWA . As soon as i get some time i will start it cheers !! :wink:

35GB of Programming, Computer Science, Wizardry, and General Technology Book Library

Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest