- After changing to a different Node.js version it is a good idea to
delete
npm_modules
and re-install all dependencies from scratch withnpm install
- If you are experiencing
Error 128 from some GitHub
repos during
bower install
execution, rungit config --global url."https://".insteadOf git://
and trynpm install
again - If during
npm install
thesqlite3
no binaries can be downloaded for your system, the setup falls back to building from source withnode-gyp
. Check thenode-gyp
installation instructions for additional tools you might need to install (e.g. Python 2.7, GCC, Visual C++ Build Tools etc.) - If
npm install
fails on Ubuntu (e.g. while installing PhantomJS) you might have to install a recent version of Node.js and try again. - If
npm install
runs into aUnexpected end of JSON input
error you might need to clean your NPM cache withnpm cache clean --force
and then try again
- If using Docker Toolbox on Windows make sure that you also enable port
forwarding from Host
127.0.0.1:3000
to0.0.0.0:3000
for TCP for thedefault
VM in VirtualBox.
- Using the Vagrant script (on Windows) might not work while your virus scanner is running. This problem was experienced at least with F-Secure Internet Security.
- If you are missing the Login with Google button, you are running
OWASP Juice Shop under an unrecognized URL. You can still solve the
OAuth related challenge! If you want to manually make the OAuth
integration work to get the full user experience, follow these steps:
- Add your server URL to variable
authorizedRedirectURIs
in/app/js/controllers/LoginController.js
using your URL for both the property name and value. - Setup OAuth in Google https://console.developers.google.com/apis/library by clicking Credentials and afterwards Create credentials.
- Update the
clientId
variable in/app/js/controllers/LoginController.js
to use your new OAuth client id from Google. - Re-deploy your server. You will now have the option to login with Google on the login page.
- Add your server URL to variable
One thing to note: Make sure that you setup the
redirect_uri
to match your app's URL. If you for some reason have to modify theredirect_uri
, this gets cached on Google's end and takes longer than you'll want to wait to reset.
- You may find it easier to find vulnerabilities using a pen test tool. I strongly recommend Zed Attack Proxy which is open source and very powerful, yet beginner friendly.