Installing Dot Defender

Web Application Exploit Development

Preparing our Web Application Environment

First we have to install dotDefender on Metasploitable. This can be done by opening a command prompt and using wget on the following url:

http://www.applicure.com/downloads/3.85/linux/dotDefender-3.8-5.Linux.i386.deb.bin.gz
Retrieving dotDefender using WGET | Metasploit Unleashed

Retrieving dotDefender using WGET | Metasploit Unleashed

Then we must gunzip the downloaded file, make it executable using the chmod command and then run the .bin file to start the installation.

Decompressing dotDefender with GUNZIP | Metasploit Unleashed

Decompressing dotDefender with GUNZIP | Metasploit Unleashed

Once the installation starts we should be prompted with the following screen. Select “Next”.

dotDefender Installation Screen | Metasploit Unleashed

dotDefender Installation Screen | Metasploit Unleashed

We must agree to the License Agreement by selecting “I Agree”.

Metasploitable License Agreement | Metasploit Unleashed

Metasploitable License Agreement | Metasploit Unleashed

We can leave the default options and continue with the installation by selecting “Next”.

Metasploitable Configuration Options | Metasploit Unleashed

Metasploitable Configuration Options | Metasploit Unleashed

Here we must insert the location of Apache in Metasploitable. Apache is located at:

/usr/sbin/apache2

Then continue by selecting “Next”.

Metasploitable Apache path | Metasploit Unleashed

Metasploitable Apache path | Metasploit Unleashed

This information should be auto-filled in by the installer. Continue by selecting “Next”.

Apache config path | Metasploitable

Apache config path | Metasploitable

Here we must enter the password we would like to use for the dotDefender Administration GUI. Once we are finished we can select “Next”.

Choose a password for Metasploitable

Choose a password for Metasploitable

Make sure all the configuration options are correct with the following picture and select “Next”.

Verify Metasploitable settings

Verify Metasploitable settings

Once we select “Go” the installation will begin.

Metasploitable Installation

Metasploitable Installation

For this demonstration we only need to use dotDefender for monitoring. Once that is selected we can hit “Next”.

Dot11.png

If everything was successful we should have a screen like the one as follows. We will need to restart Apache before being able to use dotDefender so we can do so with:

/etc/init.d/apache2 restart
Restarting Apache | Metasploit Unleashed

Restarting Apache | Metasploit Unleashed

Once Apache has restarted we will need to connect to the GUI URL and insert the username “admin” and the password we created during the install and then hit “Log In”.

Metasploitable web portal login

Metasploitable web portal login

Now we have to add the site to dotDefender. This will be the IP of Metasploitable. Then select “Add New Site”.

Dot14.png

Once it has been added we will see the new section. Now the only thing left to do is select “Start dotDefender”

Dot15.png

Once we see the green check mark saying “dotDefender is enabled” the install is finished.

Dot16.png