OWASP Mutillidae II: Web Pwn in Mass Production
Version: 2.6.48 Security Level: 1 (Client-side Security) Hints: Enabled (1 - 5cr1pt K1dd1e) Not Logged In
Home | Login/Register | Show Popup Hints | Toggle Security | Enforce SSL | Reset DB | View Log | View Captured Data
 
Want to Help?
 
 
 
 
Setting up SSL on Ubuntu
 
Creating a self-signed certificate for localhost
 
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mutillidae-selfsigned.key -out /etc/ssl/certs/mutillidae-selfsigned.crt

	Generating a 2048 bit RSA private key
	.................................................+++
	............+++
	writing new private key to '/etc/ssl/private/mutillidae-selfsigned.key'
	-----
	You are about to be asked to enter information that will be incorporated
	into your certificate request.
	What you are about to enter is what is called a Distinguished Name or a DN.
	There are quite a few fields but you can leave some blank
	For some fields there will be a default value,
	If you enter '.', the field will be left blank.
	-----
	Country Name (2 letter code) [AU]:US
	State or Province Name (full name) [Some-State]:KY
	Locality Name (eg, city) []:Derby City
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mutillidae Inc
	Organizational Unit Name (eg, section) []:
	Common Name (e.g. server FQDN or YOUR name) []:localhost
	Email Address []:
 
Backup the default Apache SSL configuration file
 
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak
 
Edit the default Apache SSL configuration file to reference the newly created certificate files
 
sudo nano /etc/apache2/sites-available/default-ssl.conf

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/mutillidae-selfsigned.crt
                SSLCertificateKeyFile /etc/ssl/private/mutillidae-selfsigned.key
 
Change the owner of the certificate files to Apache (username: www-data)
 
sudo chown www-data:www-data /etc/ssl/certs/mutillidae-selfsigned.crt 
sudo chown www-data:www-data /etc/ssl/private/mutillidae-selfsigned.key
 
Enable the ssl and headers modules in Apache
 
sudo a2enmod ssl
sudo a2enmod headers
 
Enable the SSL site option in Apache
 
sudo a2ensite default-ssl
 
Restart the Apache service
 
sudo service apache2 restart
 
Test the site by browsing to the homepage over HTTPS
 
# Note: Because the certficate is self-signed, it is not trusted. Firefox may show a warning as result
https://localhost/mutillidae/index.php?page=home.php