第一步:

 

这个实验需要用到wireshark抓包,但是127.0.0.1(192.168.44.130)的包是不能捕获到的,需要从虚拟机外(环境是虚拟机)(ip:192.168.44.1)访问192.168.44.130:,wireshark才能捕获到。

 

为了能够访问,需要修改tomcat的配置参数。在WebGoat-5.3_RC1/tomcat/conf/server8080.xml中,将如下段中的127.0.0.1改成192.168.44.130

 

<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <!--
 <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />
 -->
    <Connector address=" 127.0.0.1" port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               allowTrace="true" />

 

第二步:

 

遇到的问题是在tomcat中配置SSL后不能成功访问。

 

常见配置的过程:

 

1、创建数字证书

C:/Software/WebGoat/WebGoat-5.3_RC1/java/bin>keytool -genkey -alias tomcat -keya
lg RSA -keystore changeit
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <tomcat>
(RETURN if same as keystore password):

 

keytool在Java的bin文件夹下

 

2、配置tomcat

 

将下面该段去掉注释,并加上红色部分
    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <!--
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="changeit" keystorePass="changeit"/>
    -->

但是https//192.168.44.130:8443/webgoat/attack不能访问。

解决办法:将生成的证书changeit拷贝到WebGoat-5.3_RC1/tomcat文件夹下就可以了,原因是路径问题,默认路径是tomcat文件夹。

如果将changeit拷贝到WebGoat-5.3_RC1/tomcat/conf文件夹下,那么需要修改keystoreFile="/conf/changeit"

或者写绝对路径也可以keystoreFile="C:/Software/WebGoat/WebGoat-5.3_RC1/java/bin/changeit"

 

# tomcat # 虚拟机 # ssl # java
Logo
华为开发者空间

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐

cover

GaussDB性能调优

avatar 华为开发者空间
cover

领取云主机,带你基于PyTorch构建高效手写体识别系统

avatar 华为开发者空间
cover

华为“云上先锋”实践赛·AI赛道现场会活动成功举办

avatar 华为开发者空间