Tuesday, October 31, 2006

Pantera Web Assessment Studio on Mac OSX

Recently a new web-app testing tool was donated to the OWASP project. This tool, Pantera can be installed on Mac OSX(Intel), using the following instructions:

1.) Download the pyOpenSSL python module from here.

2.) Cd into the directory and run the command python setup.py build.

3.) Install the module, python setup.py install.

4.) Download the MAC OSX binary package of the MySQL database from the mySQL site.

5.) Install MySQL according to these instructions.

6.) Start MySQL by running the follwing commands:
shell> cd /usr/local/mysql
shell> sudo ./bin/mysqld_safe
(ENTER YOUR PASSWORD, IF NECESSARY)
(PRESS CONTROL-Z)
shell> bg
(PRESS CONTROL-D OR ENTER "EXIT" TO EXIT THE SHELL)

7.) Download mysql-python from here.

8.) You will need to modify your pather varible to get the mysql-python package to compile correctly. First run the command, set | grep PATH you should get something resembling PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin now cut and paste that output and append "/usr/local/mysql/bin" to the end so that your resulting command should look something like:
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/usr/local/mysql/bin.

9.) Now run python setup.py build from inside the mysql-python directory. When that completes run python setup.py install.

10.) Next we need to configure the pantera database. Do this by running mysql -u root and then CREATE DATABASE pantera; from the mysql prompt.

11.) **optional, feel free to lockdown the mysql database and assign a password to root at this point. Google and the pantera documentation are your friends for this.

12.) After you have created the database, from inside the pantera directory, run the following command: mysql -u root panteradb < doc/pantera_sql_create_script.txt

13.) Now, you are almost ready to run pantera. However, the panteraPlugins.py file seems to have a syntax error in it. So, use vi to edit the file. Skip down to line 458 and insert a # sign in from of the line reading "remove(c for c in self.plugin_list if c == d)"

14.) Once this is done, edit the panteracfg.xml file to include your database username and password. If you skipped step #11 above, then you just need to modify the db_login to look like: root

15.) Configure firefox to use 127.0.0.1 port 8080 as your proxy, run the command python pantera.py from inside the pantera directory, and point your browser to http://pantera.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)