SC 100: Installing the OWASP Juice Shop in the Cloud (25 pts)

What You Need

A cloud Linux server. I used Debian 12 on the Google Cloud. I recommend 2 vCPUs and 8 GB RAM.

Installing Node.js and the OWASP Juice Shop

On your Linux server, execute these commands, one at a time:

sudo apt update sudo apt install nodejs npm git -y git clone https://github.com/sambowne/juice-shop-orig.git --depth 1 cd juice-shop-orig npm install npm start

It took about 7 minutes to install on a Google Cloud server with 2 vCPUs and 8 GB RAM. I tried using a minimal server and abandoned it after waiting 30 minutes for the installation.

OWASP Juice Shop starts, showing a "Server listening on port 3000" message, as shown below.

Opening the Google Cloud Firewall

Click the link below to open the Google Cloud Console page:

https://console.cloud.google.com

At the top left, click the three-bar icon.

Point to "Compute Engine" and click "VM instances", as shown below.

On the "VM instances" page, click the name of your server, as shown below.

Note your External IP address, outlined in yellow in the image below. You'll need it later.

On the next page, in the "Network interfaces" section, click your Network name, which is probably "default", as shown below.

On the "VPC network details" page, on the left side, click Firewall, as shown below.

On the "Firewall policies" page, at the top, click "CREATE FIREWALL RULE" and enter these values:

Name: allow3000
Targets: All instances on the network
Source IPv4 ranges: 0.0.0.0/0
Specified protocols and ports: Check TCP and enter 3000

At the botton, click Create, as shown below.

Viewing the Juice Shop

In a Web browser, go to this address, replacing the IP address with the correct address for your Linux server.

http://35.222.29.122:3000

The Dashboard appears, as shown below.

Flag SC 100.1: Help Message (15 pts)
At the top left of the "OWASP Juice Shop" page, click the three-bar "hamburger" icon.
The flag is covered by a green rectangle in the image below.

Making a Change

On your Linux server, press Ctrl+C to stop the Juice Shop.

Then execute this command:

nano ./frontend/src/assets/i18n/en.json

Add the word "Changed", outlined in yellow in the image below.

Execute these commands to rebuild and start the app:

npm install npm start

At the top left of the "OWASP Juice Shop" page, click the three-bar "hamburger" icon.

The change is visible, as shown in the image below.

Changing the Feedback Label

On your Linux server, press Ctrl+C to stop the Juice Shop.

Then execute this command:

grep Customer\ Feedback -r . | less -S

Then execute this command:

nano ./frontend/src/assets/i18n/en.json

A long list of files containing "Customer Feedback" appears. Press the SPACEBAR to go to the next page, as necessary, until you see the line outlined in yellow below.

Press Q to exit "less".

Use nano to edit that label and make it "Customer Feedback CHANGED".

Rebuild the app and restart it.

Verify that the change is visible, outlined in yellow in the image below.

Execute these commands to rebuild and start the app:

npm install npm start

At the top left of the "OWASP Juice Shop" page, click the three-bar "hamburger" icon.

The change is visible, as shown in the image below.

Flag SC 100.2: Feedback Message (10 pts)
Stop the app. Edit the file you just changed.
Examine the lines near the change you made.
The flag is covered by a green rectangle in the image below.

References

OWASP Juice Shop Github

Posted 2-26-24