4.3. The Juiceshop ApplicationΒΆ

We will start by establishing an RDP session to the Ubuntu 18.04 Client.

  • Start an RDP session to the Ubuntu 18.04 CLient (Components > Ubuntu18.04 Client > ACCESS > XRDP)

    UDF Ubuntu Client RDP
  • When prompted, save the RDP file to your local machine and then open it to connect.

  • At the Ubuntu Login prompt, click on the OK button to continue.

    UDF Ubuntu XRDP


    If the RDP session times out, refer to the User Credentials for the student user password.

  • Open the Firefox browser

  • Click on the Juiceshop bookmark on the browser bar

  • Accept the security risk by clicking Advanced and Accept the Risk and Continue. This is due to the BIGIP using a self-signed certificate.


Here is the vulnerable Juiceshop application. Next, we will try a simple SQL injection attack that will illustrate why WAF protection is necessary.

  • The browser's location bar should look like this:

This will cause the application to dump a list of users in the database to include their hashed passwords. YIKES!



An attacker could easily grab the hashed passwords and decrypt in a free password hash cracker widely available on the internet. We will take steps to protect this insecure application using SSL Orchestrator and WAFaaS.