Configuring Local Web Security Practice Environments
Resolving Database Port Conflicts
When running an integrated server environment like PHPStudy (often referred to as XP in local setups) alongside a pre-existing local MySQL installation, a service conflict typically arises because both services attempt to bind to port 3306. To resolve this without stopping your primary database service, you can reconfigure the integrated environment's MySQL instance to listen on a different port, such as 3307.
To change the port, navigate to the configuration settings within your server management tool and locate the MySQL configuration file (usually my.iniport directive and update the value from 3306 to 3307. Ensure this change is applied to all relevant sections within the configuration file. After saving the changes, restart the MySQL service within the integrated environment.
Configuring Pikachu
After extracting the Pikachu archive into the web root directory (e.g., www), you must update the database connection parameters to reflect the new port configuration.
In the following files, update the connection logic to explicitly include port 3307:
pkxss/index.phppkxss/pkxss_install.phpinc/config.inc.php
Refactor the database connection code as follows:
$dbHost = '127.0.0.1';
$dbUser = 'root';
$dbPass = 'root';
$dbName = 'pikachu';
$dbPort = 3307;
// Update connection calls to use the port
$link = @mysqli_connect($dbHost, $dbUser, $dbPass, $dbName, $dbPort);
if (!$link) {
die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
Once the configuration files are updated, access the platform via your browser at http://127.0.0.1/pikachu/. Click the initialization button to set up the database schema.
Configuring DVWA
Extract DVWA into the web root directory. Begin by renaming the configuration template: navigate to the config folder and rename config.inc.php.dist to config.inc.php.
Open the configuration file and update the reCAPTCHA keys to prevent API errors during setup:
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
Additionally, DVWA requires specific PHP functions to be enabled. Locate the php.ini file for your active PHP version and modify the following directive:
allow_url_include = On
After restarting the web service, navigate to http://127.0.0.1/dvwa/setup.php. Click the Create/Reset Database button to initialize the application. You can then log in using the default credentials (admin/password).
Configuring SQLi-Labs
SQLi-Labs often requires a specific PHP version (e.g., PHP 5.x) to function correctly, while modern local environments may default to PHP 7.x or 8.x. Therefore, create a new site entry in your server management panel and explicitly select a compatible PHP version (e.g., PHP 5.6) for this specific virtual host.
Extract the SQLi-Labs files to the designated web directory. You will need to update the database credentials in the connection configuration file located at sql-connections/db-creds.inc:
Ensure the database user has sufficient privileges to create tables. Access the site via your configured local domain to begin practicing SQL injection techniques.
