With a tiny bit of background out of the way, let's dive in. We're going to attack a web application to pull off the bit-flipping attack. What's nice about this hands-on demonstration is that you'll be left with a really powerful web app hacking lab for your continued study. I bet some of you have worked with the famous Damn Vulnerable Web App before, but recently I've found myself turning to the OWASP project Mutillidae II. I like to host Mutillidae II on the XAMPP server stack as initial setup is fast and easy, and it's a powerful combination; however, if you're comfortable loading it into whatever web server solution you have, go for it.

If you're following my lab, then first download the XAMPP installer, chmod it to make it executable, and then run the installer:

Once this is installed, you can find /opt/lampp on your system. Download the Mutillidae II project ZIP and unzip everything into /opt/lampp/htdocs – that's it. Run ./lampp start and then visit your IP address in a browser. I told you it was easy: