I've been struggling over the last couple of days to install the OWASP Webgoat project in Backtrack. I wanted the Web App nicely installed alongside Burp Suite on my USB stick so that I could practice Web Hacking on the go.
I put together some notes as I went along and thought I would post them here in case they're of any use to others.
To install Webgoat under Backtrack you must download the Sun Java 6 JDK through synaptic. Be aware that this will probably break Burp Suite. You'll need to change the way Burp is launched later.
Make sure you set the JAVA_HOME environment variable in the bash.rc file:
Next, download the Webgoat 5.2 zip file and unpack to a directory on the system. I put webgoat under /pentest/web/webgoat/
chmod 755 the webgoat.sh script. There's a problem with this script though; it checks for JDK 1.5 when the war deployment seems to need 1.6. I just commented out the conditional statement near the top of the script, where it checks the version.
From the webgoat directory launch webgoat with the following command:
Stop the server with:
Fix Burp by supplying the fully qualified path to the JRE 1.5:
sh -c "cd /pentest/web/burpsuite;/usr/lib/jvm/java-1.5.0-sun-188.8.131.52/jre/bin/java -jar burpsuite.jar"