This is a deliberately vulnerable web application for the purposes of practicing penetration testing.
- Open a command prompt in the ClientApp directory and run: yarn install (npm has proven to be unreliable in this project, so use yarn instead)
- If you want to use something other than SQL Express localdb for the database, then set the DefaultConnection in: appsettings.Development.json
- In Visual Studio, open Package Console Manager and run: Update-Database
- Open a command prompt in the ClientApp directory and run: yarn start
- Open a command prompt in the VulnDotNetCore directory (where the .csproj file is) and run: dotnet watch run
- In a browser go to: localhost:5000
To use this with FireFox, I had to set network.websocket.allowInsecureFromHTTPS = true in about:config. But you should remember to set this back to false once you have finished testing. Alternatively, you can create your own SSL certificate.