OWASP 1-Liner

About OWASP 1-Liner

OWASP 1-Liner is a deliberately vulnerable Java and JavaScript-based chat application. It runs in two versions simultaneously - vulnerable and securish. The vulnerable version is intended for attack demos and the securish version is intended for demoing countermeasures.

For more information see the OWASP 1-Liner homepage.

Current status

Deployment of the OWASP 1-Liner on the OWASPBWA VM is incomplete at this point. Some features are working, but other areas are non-functional.

Setup instructions

In order to use this application, you must access it using some specific hostnames.
  1. Note the IP of this host (it is shown below and is also displayed on the console when the VM boots).
  2. Configure your hosts file (/etc/hosts on Linux, C:\Windows\System32\drivers\etc\hosts on Windows) to redirect the following domains to the IP of the VM: local.1-liner.org, other.1-liner.org, local.l-liner.org, 3rd-party.info, attackr.se. For example, the line in the hosts file will look like: owaspbwa local.1-liner.org other.1-liner.org local.l-liner.org 3rd-party.info attackr.se

  3. Browse to http://local.1-liner.org/oneliner/ to get started.