Download and install XAMPP with PHP 5.3 or higher. Current version as of 3/24/2011 has PHP 5.3. Drop this projects files (the entire mutillidae folder) into the htdocs directory of XAMMP (or XAMPP lite if you prefer). Assuming the mutillidae main folder is named "mutillidae" and the mutillidae main folder is located in the htdocs directory, the URL for the project will be http://localhost/mutillidae. Once installed, edit the php.ini file per the instructions on the home page. The home page is what loads when URL http://localhost/mutillidae is entered.
Mutillidae: Quickstart guide to installing NOWASP Mutillidae on Windows with XAMPP: https://www.youtube.com/watch?v=1hF0Q6ihvjc
NOWASP Mutillidae: How to install and configure Burp-Suite with Firefox: https://www.youtube.com/watch?v=Fj0n17Jtnzw
NOWASP Mutillidae: How to remove PHP errors after installing Mutillidae on Windows XAMPP: https://www.youtube.com/watch?v=kDo52RySRME
NOWASP Mutillidae: Installing latest Mutillidae on Samurai WTF version 2: https://www.youtube.com/watch?v=y-Cz3YRNc9U
KY ISSA Conference: Introduction to NOWASP Mutillidae Web Pen Testing Environment: https://www.youtube.com/watch?v=CYsiNYeAS6U
Is there a way to update Mutilledae to the latest version inside of Metasploitable2? I tried this:
1. renamed the original /var/www/mutillidae folder to mutillidae-orig
2. copied the new files into /var/www/mutillidae
Now I am getting this error:
**Warning: require_once(owasp-esapi-php/src/ESAPI.php) : failed to open stream: No such file or directory in /var/www/mutillidae/index.php on line 11
Fatal error: require_once() : Failed opening required 'owasp-esapi-php/src/ESAPI.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/mutillidae/index.php on line 11**
I am sort of new to linux, but this seems to me that the new version of Mutillidae I just downloaded might be assuming a different linux distrobution than Metasploitable2 is on (because of where it is looking for files). Am I on the right track here? Is there a relatively straightforward fix for this?
Any help would be appreciated!
I changed line 11 'ESAPI' to 'esapi' in /var/www/mutillidae/owasp-esapi-php/src/esapi.php to get past the first error. Now it says
Security configuration file does not exist.
Fatal error: Call to a member function xpath() on a non-object in /var/www/mutillidae/owasp-esapi-php/src/reference/DefaultSecurityConfiguration.php on line 225