无法通过 Firefox 运行 OWASP 的 peruggia 软件吗?

无法通过 Firefox 运行 OWASP 的 peruggia 软件吗?

我正在尝试运行peruggia ,但找不到成功运行它的方法。我lighthttp在 Linux 上安装了它,但是当我install.php使用 Firefox运行它时localhost/install.php,我只得到一个没有任何详细信息的屏幕,这里是 截屏lighthttp conf 文件(lighttpd.conf)是:

server.modules = (
    "mod_indexfile",
    "mod_access",
    "mod_alias",
    "mod_redirect",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
    "mod_compress",
    "mod_dirlisting",
    "mod_staticfile",
)

我正在运行ubuntu内核5.4.0和 Firefox 85.0 ,我想php.ini配置正确。佩鲁贾conf.php

<?php

//MySQL
$mysql_host =       "localhost";
$mysql_user =       "test";
$mysql_pass =       "test";
$mysql_db =         "test";

//General
$title =        "Peruggia";
$version =      "1.2";
$peruggia_root =    "http://127.0.0.1/";
error_reporting(0); // You may or may not want to see these, your choice

//Vulnerabilities (true or false)
//NOTE: disabling some vulnerabilities may render others useless
$guard_pers_xss =   true; //Block persistent cross site scripting
$guard_refl_xss =   true; //Block reflected cross site scripting
//$guard_csrf =     true; //Block cross site request forgery 
//$guard_sesfix =   true; //Block session fixation //Blocker not yet implemented
$guard_sqli =       false; //Block SQL injection
$guard_auth_sqli =  true; //Block authentication bypass SQL injection
$guard_lfi =        true; //Block local file inclusions
$guard_rfi =        true; //Block remote file inclusions
$guard_fuv =        true; //Block file upload vulnerabilities
$fu_types = array(  //Allowed file upload types (mime types)
    "image/gif",
    "image/jpeg",
    "image/pjpeg",
);
?>

ls/var/www/html列出 peruggia 文件的内容:

about.html  background.png  conf.php  images  includes  index.php  install.php  logo.png  style.css

那么我怎样才能运行佩鲁贾?

相关内容