Lab Setup!
Lab setup is easy!The entire lab is ready for you to download and run.
First, we need to get to the download and install some software. There are two ways forward:
If you’re planning to launch tools or scripts against the test instance, set up a local OWASP TimeGap Theory lab
If you’re planning to perform light-weight testing using a browser, use the online versio
Local OWASP TimeGap Theory Lab using Docker
Follow the next steps if you are planning to set up a local OWASP TimeGap Theory lab.
Approximate time required: 20 minutes
Budget: $0, no paid software required
Prerequisite: Windows Pro / Mac / Linux computer
Install Docker (the free community edition is okay.)
Have at least two browsers installed
Firefox and Chrome work the best
If you have only one browser, you can use an incognito/private window as the other browser
Download OWASP TimeGap Theory
Download the ZIP and extract https://github.com/OWASP/TimeGap-Theory/archive/master.zip
Or type in the following in your Terminal:
git clone https://github.com/OWASP/TimeGap-Theory.gitRun Docker
Ensure that Docker is running
Run docker -v in your Terminal to check if Docker is up and running. If running, Docker will show you version information.
Open the command prompt/terminal
Change the directory to the OWASP TimeGap Theory directory
Run the following command docker-compose up -d
cd TimeGap-Theory
docker -v
docker-compose up -dIf all works as expected, you should be able to access the following URLs on your browser:
http://localhost/
This is the homepage of your OWASP TimeGap Theory Lab.
The fresh installation of OWASP TimeGap Theory won’t configure the database automatically. Go to TimeGap Theory > WebApp > Admin and click on the Reset Database button to initialize the database.
One of the common issues while setting up the Docker lab is getting an error message from CMD/Terminal - “Couldn't connect to Docker daemon. You might need to start Docker”. This means Docker is not running. You can start Docker by launching the Docker application from the Applications/Start menu.
You can also install cURL if you want to try some advanced automation techniques for exploiting TOCTOU vulnerabilities
If you are using Linux or Mac operating systems, cURL is already installed
If you are using the latest version of Windows, cURL will also be installed
If you are using an older version of Windows, you can download cURL from https://curl.haxx.se/windows/
Online OWASP TimeGap Theory Lab using Heroku
Follow the next steps if you are planning to use the online version of the TimeGap Theory lab.
Approximate time required: 5 minutes
Budget: $0, no paid software required
Login to your Heroku account at https://id.heroku.com/login
Sign up for a free Heroku account if you do not have one already https://signup.heroku.com
You need to do email verification and add payment information (like credit-card) to the Heroku account for verification purposes.
You won’t get charged if you are only running TimeGap-Theory on your Heroku account.
Deploy your TimeGap Theory instance
Navigate to https://github.com/OWASP/TimeGap-Theory
Click on the Deploy to Heroku button
Choose a name for your app
Click on Deploy app button
Once deployed, click on View button
Have at least two browsers installed
Firefox and Chrome work the best
If you have only one browser, you can use an incognito/private window as the other browser
cURL
If you are using Linux or Mac operating systems, cURL is already installed.
If you are using the latest version of Windows, cURL will also be installed.
If you are using an older version of Windows, you can download cURL from https://curl.haxx.se/windows/
And that’s it. You are ready to go.
You should be able to see the homepage of your TimeGap Theory Lab.
The fresh installation of OWASP TimeGap Theory won’t configure the database automatically. Go to TimeGap Theory > WebApp > Admin and click on the Reset Database button to initialize the database.
Last updated