How To Setup DVWA Using XAMPP (Windows Tutorial)

December 02, 2015
Today you are going to see how to setup DVWA using XAMPP on a windows computer:

Before going into the how-to guide, take a look at "what is DVWA?".

DVWA is a PHP/MySQL web application that is damn vulnerable. It is a safe and legal platform for penetration testers to test their skills and tools. And if you are a web developer you can use this damn vulnerable web application to understand the process of securing your web applications.

DVWA allows you to learn more about some of the most common web vulnerabilities. Using various difficulty levels, you can measure your skill level and improve yourself.

Damn Vulnerable Web Application

Note: Damn Vulnerable Web Application (DVWA) contains both documented and undocumented vulnerabilities. This is intentional. You are encouraged to try and discover as many issues as possible (Full path Disclosure, Authentication bypass, and some others).

Here is how to setup DVWA on your windows computer:

1. Download and install XAMPP on your computer. Then open the control panel and start "Apache" and "MySQL" service. (Download links are at the end of this article.)

2. Download DVWA. Then extract the zip file to the htdocs folder. The htdocs folder can be found at C:\xampp.

Note: Don't upload it to any internet facing servers.

3. Open the web browser, then type "127.0.0.1/DVWA-1.9" in the address bar (without quotes). You will see the setup page:


4. Click on "Create/Reset Database" button. If it shows any error, go to C:\xampp\htdocs\DVWA-1.9\config and then edit the config file. Here I'm using Notepad++ to edit the config file (see the image below):


5. Since the default password of PhpMyAdmin is blank, set db_password=''; (see the image below).


6. Now click on "Create/Reset Database" button. The database will be created and then you will be directed to a login page:


9. Enter "admin" as username and "password" as the password. Then click on the login button, you will see a page as shown below. Yes, you have setup DVWA successfully.


Download Links:


I hope you liked reading the article. If you find this article worthy, feel free to share this article to your friends and followers. And if you have any doubts, put in the comment section below, I would like to answer it. See ya.....

Post a Comment

11 comments :

  1. rohitJune 12, 2016 at 7:21 AM

    tons of thanks

    ReplyDelete
  2. AnonymousAugust 27, 2016 at 4:50 PM

    Fatal error: Uncaught Error: Call to undefined function mysql_connect() in C:\xampp\htdocs\DVWA-1.9\dvwa\includes\dvwaPage.inc.php:461 Stack trace: #0 C:\xampp\htdocs\DVWA-1.9\login.php(8): dvwaDatabaseConnect() #1 {main} thrown in C:\xampp\htdocs\DVWA-1.9\dvwa\includes\dvwaPage.inc.php on line 461 thats the error i got any help please

    ReplyDelete
  3. foyjogSeptember 22, 2016 at 6:53 PM

    you dont have php environment,check it

    ReplyDelete
  4. AnonymousOctober 19, 2016 at 2:04 AM

    Fatal error: Uncaught Error: Call to undefined function mysql_connect() in C:\xampp\htdocs\DVWA-1.9\dvwa\includes\dvwaPage.inc.php:461 Stack trace: #0 C:\xampp\htdocs\DVWA-1.9\login.php(8): dvwaDatabaseConnect() #1 {main} thrown in C:\xampp\htdocs\DVWA-1.9\dvwa\includes\dvwaPage.inc.php on line 461

    ReplyDelete
  5. AnonymousNovember 23, 2016 at 8:11 AM

    me too

    ReplyDelete
  6. MahinApril 6, 2017 at 3:57 AM

    :)

    ReplyDelete
  7. UnknownMay 19, 2017 at 9:10 PM

    thank you very much

    ReplyDelete
  8. UnknownJune 3, 2017 at 1:22 AM

    I'm getting this: DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment.

    I have copied it, but still not working...any ideas?..

    ReplyDelete
    Replies
    1. AnonymousJune 19, 2017 at 11:13 AM

      did you ever figure it out? Having the same problem

      Delete
    2. UnknownNovember 12, 2017 at 11:27 AM

      Rename config/config.inc.php.dist to config/config.inc.php

      Delete

Subscribe to: Post Comments ( Atom )
Powered by Blogger.