Install Docker and Run Juice-Shop Using Docker in Ubuntu 20.04
Content
- Step 1: Intro
- Step 2: Requirement
- Step 3: Update/Upgrade The System
- Step 4: Checking Internet Connectivity using Networking Tools
- Step 5: Using Basic Command and Checking System Version
- Step 6: Installing Docker and Running “Hello World App”
- Step 7: Installing OWASP on Docker and Testing it
Basic Intro:
Hello, my name is Zuber! I am interested in the tech field especially cybersecurity and passionate about technology. Today, I will be showing how to install /set up OWASP in docker using Ubuntu 20.04. This is going to be very simple, short, and straightforward. Let's get into it.
Intro to Docker and OWASP:
What is Docker?
- “Docker is an open-source platform for developing, shipping, and running applications. Docker enables you to separate your application from your infrastructure”.
- Here is a simple image to understand and differentiate between docker and operating systems such as Windows, Mac, Linux, etc.
Docker can be installed almost everywhere including, Windows, Linux, Data Center, Cloud, Serverless, and so many either. Unlike Virtual Machine or VM for short, Docker takes seconds to run in your environment unlike where OS such as Windows, Mac, and Linux would take mins to setup simple applications like simple “Hello World” and other things e.g OWASP! You can learn more about clicking this link: https://www.docker.com/
What is OWASP?
“The Open Web Application Security Project [OWASP] is a nonprofit foundation that works to improve the security software”. To learn more about this project, visit this link → https://owasp.org/
Requirement:
- Linux Machine
- Internet Access
- Google/Search Engine or Browser
- Basic knowledge of some tools, and terminal
- Don’t worry, I will cover everything here
To be able to run docker and owasp, you will need a Linux machine even though you can install docker on any platform[OS] like Windows and Mac but for this demo, I will be using Ubuntu Linux 20.04.
Updating & Upgrading The System:
- Let's first update using the below command
→ sudo apt update -y (Make sure to enter the password when it prompts).
- Upgrade the repo with this command:
→ sudo apt upgrade -y [Make sure to enter your password0
Let just all wait and let it do its thing and its finished finally.
Checking Internet Connectivity:
We can check if we have access to the internet, the reason why we doing this is that it's important to have access to the internet in order for us to install the tools and software we need for this project.
First Command
- Let's first use a command called ‘ping”
- ping is a utility used to test the reachability of a host on an Internet Protocol network. It's available on most platforms such as Chrome, Linux, Unix, Windows, and macOS. This utility uses a protocol called Internet Message Control Protocol or short for [ICMP].
- There few things to check if the network can be reachable and this method is used by IT and Network Engineers folks to troubleshoot networking devices.
→ ping localhost or → ping 127.0.0.1 → This will check if something is off with the machine, e.g {NIC}.
This was a success, now let's try a different IP address and domain rather than pinging our machine. Also, I just ping the router address and it responded successfully.
Pinging domains such as google.com / apple.com, etc.
→ ping apple.com
It also worked successfully which means we do now have access to the internet.
Let's use one more tool/utility called “curl” this can also be installed on other platforms and not just in Linux or Ubuntu specifically. Curl short for Client URL is basically a command line tool that enables data transfer over various network protocols. You can interact a site/domain using this tool from your command line. Let's demonstrate this in our machine.
- To get help and how to use this tool, type this in the terminal.
→ curl — help
I tried this on my local machine address [127.0.0.1] and it resued and sait this because there is no port open e.g [80,8080, 443] and no web server is running on this local machine.
→ curl google.com
Now we can see that we have internet connection/access by trying different tools.
Installing Docker and Running Basic/Simple “Hello World” App:
→ sudo apt install docker.io [Simple as that]
If Docker does not install with this command is because I think it's not in your repository so make sure to add it.
Hit “Y or Yes” to accept that and let the installation be finished. To check out if Docker was installed successfully, type one of this command: → docker — help or docker — version
Testing Docker with Hello World Application.
→ sudo docker run hello-world
It worked but we’ve received an error displaying “unable to find image “hello-world” locally. This happened because the image is not installed on our local machine and we need to pull it from the docker hub/repository. Now it works simply by pulling the image from the docker hub, here is the command that I used → sudo docker pull hello-world
Let's re-run our old command to run the “hello-world” app → sudo docker run hello-world
First, let's test and run Ubuntu and Nginx [Popular Web Server].
Install Nginx using this command → sudo apt install nginx
To if nginx was installed on our machine, used this command. → nginx -h [For more help] or nginx -v [For nginx version].
Here I was able to run Ubuntu by just using one command → sudo docker run -it ubuntu
Running Hello World in nginx → sudo docker — name nginx -p 8080:80 nginx:latest
Explaining the above command:
- docker = this is the tool we’re using to run this.
- container = docker command
- run = another command to run the app.
- — name [nginx] the name of the server.
- -p = to specify the port we’re going to be using it.
- 8080:80 [ (8080 being the server port | (80) being the client port]
For some reason, I was trouble having run “hello world” and I do not know why so let's skip this step since the server is successfully installed and running,
Find out the IP address of your current machine by using the → ip a or ifconfig and if you’re using Ubuntu make sure to install the net-tools since these tools do not come with this distro.
You should then be able to see if you look at the second option which is what’s currscbntly configure as NIC
Open a new tab/window and type the full IP address of your local machine, you should be able to see the nginx web server, click enter and go.
The browser already knows that websites run on port 80 by default so you do not have to type the port after the IP.
Running OWASP in Docker and Testing it — Final Step
Now have docker, and some container such as ngnix server running and up, lets's run another container called OWASP which is used to test your web application hacking skills in cybersecurity.
At this time, I’ll use my Kali Linux because some of the tools to test are already installed there and I do not want to spend more time installing it on my fresh ubuntu machine, “let's not reinvent the wheel”.
Open your terminal and run this command
$ docker run — rm -p 3000:3000 bkimminich/juice-shop
it should be accessible via port 3000 on localhost → localhost:3000 on your browser.
We’re going to need a few tools that will be used in this process, first one is the foxy proxy extension which is used for configuration options in firefox. This tool can be helpful during web app pentesting. Link → https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
The second tool is burpsuite which comes with all versions of Kali Linux.
Click the foxy proxy extension on firefox your firefox browser, and click ‘option’ then ‘add’ to add to our new settings. Click saved when you are done with the settings configuration.
Let's now lunch BurpSuite so we can kind of play around with this little application. Open your BS now.
Click proxy, then option to see our settings that we configured earlier.
Now go back to the extension ‘foxyproxy’ and click the burpsuite which we’ll be using to interact and intercept the traffic into our burp suite, etc.
Refresh the page and let's see the traffic and make sure that everything is working the way it is supposed to be.
It seems like its, we can do and play around with this but that might be another blog. The main of this blog was to install docker and juice and run them locally.
I hope you gain something valuable from this mini blog. See you next time and happy hacking!
