Setting up Juice Shop is simple, but might be daunting if you're new to Cybersecurity - follow our guide below to get started!
We will be using TryHackMe during the session - it is a great platform for learning ethical hacking, and their Juice Shop room provides some great 'nudges' for exploring the basics of the system
Don't worry, you don't have to pay (although TryHackMe's premium rooms are great!) Just create an account and visit this link (you'll need to login first, otherwise you may be told the room is private)
From here, you need to deploy the machine using the 'Deploy' button - this will create an 'instance' of Juice Shop, hosted on TryHackMe, that you can connect to via the IP address shown on the screen (yours will be different!)
Before you hop onto the machine and start hacking, you'll need to connect to the TryHackMe network! You can use a tool such as OpenVPN to do this, and a guide is available here
In short, all you need to do is download your connection pack (from the same link) and run
sudo openvpn /path/to/YourUsername.ovpn - once it has initialised, you should be able to visit the IP address of your instance in a normal web browser, and start hacking!
We recommend Kali Linux for the above, and for exploring the site itself - it comes with OpenVPN and all the other tools you might need (like Burp Suite) preinstalled. Read our guide to setting it up here! You can, however, do Juice Shop on whatever operating system you like - as long as you can connect to the TryHackMe network, you'll be fine :)
Don't worry if you're not familiar with the Linux commands we used above, or can't get it working - the alternative methods below might be easier!
Alternatively, you can use one of the methods below to create a more stable version of Juice Shop that doesn't run through TryHackMe
The documentation recommends either running the application locally, or to deploy to Heroku (you'll need an account). Both methods are described here in the excellent documentation
We recommend using the 'Deploy to Heroku' method from the guide above - it's even simpler than deploying via TryHackMe, and will create an app that you can navigate to directly in your browser!