Book Image

Learning Python Web Penetration Testing

By : Christian Martorella
Book Image

Learning Python Web Penetration Testing

By: Christian Martorella

Overview of this book

Web penetration testing is the use of tools and code to attack a website or web app in order to assess its vulnerability to external threats. While there are an increasing number of sophisticated, ready-made tools to scan systems for vulnerabilities, the use of Python allows you to write system-specific scripts, or alter and extend existing testing tools to find, exploit, and record as many security weaknesses as possible. Learning Python Web Penetration Testing will walk you through the web application penetration testing methodology, showing you how to write your own tools with Python for each activity throughout the process. The book begins by emphasizing the importance of knowing how to write your own tools with Python for web application penetration testing. You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and interpret the response and its headers. As you make your way through the book, you will write a web crawler using Python and the Scrappy library. The book will also help you to develop a tool to perform brute force attacks in different parts of the web application. You will then discover more on detecting and exploiting SQL injection vulnerabilities. By the end of this book, you will have successfully created an HTTP proxy based on the mitmproxy tool.

Related Content you might be interested in

Current Title:

Small book image
Learning Python Web Penetration Testing
Christian Martorella
Jun, 2018 | 138 pages
Small book image
Web Penetration Testing with Kali Linux
Gilberto NajeraGutierrez | Juned Ahmed Ansari
Feb, 2018 | 426 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Table of Contents (9 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Understanding the web application penetration testing process
Typical web application toolkit
Testing environment
Summary
2
Interacting with Web Applications
Interacting with Web Applications
HTTP protocol basics
Anatomy of an HTTP request
Interacting with a web app using the requests library
Analyzing HTTP responses
Summary
3
Web Crawling with Scrapy – Mapping the Application
Web Crawling with Scrapy – Mapping the Application
Web application mapping
Creating our own crawler/spider with Scrapy
Making our crawler recursive
Scraping interesting stuff
Summary
4
Resources Discovery
Resources Discovery
What is resource discovery?
Building our first BruteForcer
Analysing the results
Adding more information
Taking screenshots of the findings
Summary
5
Password Testing
Password Testing
How password attacks work
Our first password BruteForcer
Adding support for digest authentication
Form-based authentication
Summary
6
Detecting and Exploiting SQL Injection Vulnerabilities
Detecting and Exploiting SQL Injection Vulnerabilities
Introduction to SQL injection
Detecting SQL injection issues
Exploiting a SQL injection to extract data
Advanced SQLi exploiting
Summary
7
Intercepting HTTP Requests
Intercepting HTTP Requests
HTTP proxy anatomy
Introduction to mitmproxy
Manipulating HTTP requests
Automating SQLi in mitmproxy
Summary
8
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Other Books You May Enjoy

If you enjoyed this book, you may be interested in these other books by Packt:

Web Penetration Testing with Kali Linux - Third Edition
Gilberto Najera-Gutierrez, Juned Ahmed Ansari

ISBN: 978-1-78862-337-7

  • Learn how to set up your lab with Kali Linux
  • Understand the core concepts of web penetration testing
  • Get to know the tools and techniques you need to use with Kali Linux
  • Identify the difference between hacking a web application and network hacking
  • Expose vulnerabilities present in web servers and their applications using server-side attacks
  • Understand the different techniques used to identify the flavor of web applications
  • See standard attacks such as exploiting cross-site request forgery and cross-site scripting flaws
  • Get an overview of the art of client-side attacks
  • Explore automated attacks such as fuzzing web applications

Python Penetration Testing...

Previous Section
End of Section 1
Next Section