Monthly Archives: April 2016

Note on Python virtual env

Installing Python virtual env

sudo apt-get install python3.4-venv

Set a Project with Python virtualenv, venv is a pathname

python3 -m venv venv

Activate the virtualenv 

source venv/bin/activate

deactivate the virtualenv

deactivate

Download the .gitignore and Git init

wget https://raw.githubusercontent.com/github/gitignore/master/Python.gitignore -O .gitignore
git init

Export the dependencies

pip3 freeze > requirements.txt

Restore the requirements file

pip3 install -r requirements.txt

Configure Pycharm
Pycharm

PHPStorm debugging on Ubuntu with x-debug

There are plenty of tutorial for configure PHP in Ubuntu. However, it seems there is lacking of a complete guide for PHP Development in Ubuntu, especially for Debugging.

A debugger is definitely the best friend of a developer.

This post will contains the following three parts.

1. Enabling the userdir module in Ubuntu
2. Configure PHPStorm to upload to a local directory
3. Enabling XDebug in Apache2

1. Enabling the userdir module in Ubuntu

a. Enable the userdir module

root@jimmy-ubuntu:/etc/apache2/mods-available# a2enmod userdir

b. Enable PHP in the userdir by modifying /etc/apache2/mods-available/php5.ini. By default, userdir is just for placing static files. This is blocked explicitly in php5.ini. So, we have to comment it out. 

#<IfModule mod_userdir.c>
#    <Directory /home/*/public_html>
#        php_admin_flag engine Off
#    </Directory>
#</IfModule>

c. Test with phpinfo.php in /home/jimmy/public_html

phpinfo();

d. Use browser to browse http://localhost/~jimmy/phpinfo.php

2. Configure PHPStorm to upload to a local directory

PhpStormUploadtoUserDir

3. Enabling XDebug in Apache2

a. First, we need to install and enable XDebug in Ubuntu

sudo apt-get install php5-xdebug
sudo php5enmod xdebug

b. Modify /etc/php5/apache2/conf.d/20-xdebug.ini to include the following. 

zend_extension=xdebug.so
xdebug.remote_enable=1
xdebug.remote_handler="dbgp"
xdebug.remote_host="localhost"
xdebug.remote_mode="req"
xdebug.remote_port=9000
xdebug.idekey="PHPSTORM"

c. Restart Apache2

d. In PHPStorm, we need to enable the listening port. By default, it is listening to port 9000.

PHPXDebugPort

e. Next, we need to set the Cookie in the page, XDebug is enabled by the existence of cookie. Use browser developer console to run the following line. 

javascript:(function() {document.cookie='XDEBUG_SESSION='+'PHPSTORM'+';path=/;';})()

f. Add a break point in your PHP Code, run the browser. It should break at your break point.

WebGoat – A Security Tutorial

WebGoat is a project by OWASP that uses as lessons for developers to understand common security loop hole.

There is two ways of running that. The first one is simply downloading the bundled WAR file, and it can be run with this command

java -jar webgoat-container-7.0.1-war-exec.jar

The other way is checking out the source code, and run with your favorite IDE. In my case I use IntelliJ

Basically the folder structure is as followed. 

WebGoatWS
- WebGoat
- - webgoat-container 
- WebGoat-Lessons

Both WebGoat and WebGoat-Lessons are git repository. They require Maven to run. To run it locally, We need to download the WebGoat and WebGoat-Lessons. 

mkdir WebGoatWS
cd WebGoatWS
git clone https://github.com/WebGoat/WebGoat.git
git clone https://github.com/WebGoat/WebGoat-Lessons.git

And then create a Workspace in IntelliJ in WebGoatWS level.

After that, we have to create three maven profile. The equivalent in command line is as followed

cd WebGoat 
mvn install

cd WebGoat-Lessons 
mvn install

After compiling both projects, we need to copy the lessons JARs from WebGoat-Lessons to WebGoat

cp WebGoat-Lesson/target/plugins/*.jar WebGoat/webgoat-container/src/main/webapp/plugin_lessons/

Finally, the app can be started with the following command. 

cd WebGoat/webgoat-container
mvn tomcat7:run-war

We can access the App with http://localhost:8080/WebGoat/