Browser Rider Installation
From Engineering For Fun
Contents |
Requirements
- PHP5 with Json
- Apache with url_rewriting
- Mysql
- Server must be able to run Smarty
- Targets must enable Javascript in their browsers
Installation
Dump the install.sql into your mysql and configure the lib/configuration.php & the .htaccess files
The default username to access the administration panel is "hacker" and the password is also "hacker"
Editing lib/configuration.php
You need to change those lines to configure the connection to your database:
define('DB_USER', 'user'); define('DB_PASSWORD', 'password'); define('DB_HOST', 'host'); define('DB_NAME', 'database_name');
Then edit the following line to set the url where is located Browser Rider:
define('BASE_URL', 'http://site.com/BrowserRider/');
For example if Browser is installed on the following url http://www.evilsite.com/dir/BrowserRider/ you should edit like that:
define('BASE_URL', 'http://www.evilsite.com/dir/BrowserRider/');
Next is editing the $FALSE_URL_VAR in order to make the url rewriting work, you can skip this step if Browser Rider is located in its original folder in the root folder of your site. Otherwise find this line:
$FALSE_URL_REWRITING_VARS = array('BrowserRider');
You have to add in the array the name of each directories Browser Rider is located in. For example, if Browser Rider is set to this url: http://www.evilsite.com/dir1/dir2/BrowserRider/ You'll have to edit the file like that:
$FALSE_URL_REWRITING_VARS = array('dir1', 'dir2', 'BrowserRider');
If you've changed the original name of the directory where Browser Rider's in, you have to edit this part adequately. For example if Browser Rider is located to the following url: http://www.evilsite.com/dir1/Ownage/
$FALSE_URL_REWRITING_VARS = array('dir1', 'Ownage');
Editing the .htaccess
Browser Rider requires to be hosted on a server that provides url rewriting, it allows the framework to generate different urls each times.
You may need to edit this file in order to make the project work, to do so find the line:
RewriteBase /BrowserRider/
Now as an example let's say the url to Browser Rider is http://www.evilsite.com/dir1/BrowserRider/
You would have to edit the file like that:
RewriteBase /dir1/BrowserRider/
If the url looks like that for example: http://www.evilsite.com/ownage/ the RewriteBase would need to be:
RewriteBase /ownage/
Configurations
Changing the default username and password
To change the default login & password (hacker:hacker), please edit the following line in the file /lib/configuration.php to what you want:
define('USER_LOGIN', 'hacker'); define('USER_PASSWORD', 'hacker');
Url rewriting
Until version 20090125, Browser Rider required url rewriting to be enabled. An alternative is now provided and you can configure if you want this feature or not.
In the configuration.php file, look for the line:
define('URL_REWRITING', 0);
If set to zero (0), the url rewriting feature is disabled, if set to one (1) it is enabled. Please note that url rewriting improves the obfuscation of the tool.
