Book Image

Learning Python Web Penetration Testing

By : Christian Martorella
Book Image

Learning Python Web Penetration Testing

By: Christian Martorella

Overview of this book

Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.
Table of Contents (9 chapters)

Building our first BruteForcer

In this section, we're going to build a script that will help us to discover resources using a dictionary. We're going to create a basic BruteForcer. We'll start by defining the objective of the tool and then go over the code for the basic structure of the BruteForcer.

Finally, we'll run it against our test web application using the following steps:

  1. Go back to our editor and open the project folder for section 4 by selecting File | Add Project Folder... | Desktop | Examples | Section-4 | OK.
  2. Then, open the file for forzabruta.py.
  3. In this script, we have the basic structure for our BruteForcer. We have our typical import, and then we have the banner function, which will print the name of the script. The usage function opens to provide help on how to use the script.
  4. Now, let's jump to the start function, which is invoked...