Learning Python Web Penetration Testing : Automate Web Penetration Testing Activities Using Python.
Chapter 5: Password Testing; How password attacks work; Password cracking; Password policies and account locking; Our first password BruteForcer; Basic authentication; Creating the password cracker; Adding support for digest authentication; What is digest authentication?; Adding digest authenticatio...
Saved in:
| Main Author: | |
|---|---|
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Birmingham :
Packt Publishing Ltd,
2018.
|
| Subjects: | |
| Online Access: |
Full text (MFA users only) |
| ISBN: | 9781789539677 1789539676 9781789533972 178953397X |
| Local Note: | ProQuest Ebook Central |
Table of Contents:
- Cover; Title Page; Copyright and Credits; Packt Upsell; Contributor; Table of Contents; Preface; Chapter 1: Introduction to Web Application Penetration Testing; Understanding the web application penetration testing process; Typical web application toolkit; HTTP Proxy; Crawlers and spiders; Vulnerability scanners; Brute forces/predictable resource locators; Specific task tools; Testing environment; Summary; Chapter 2: Interacting with Web Applications; HTTP protocol basics; What is HTTP and how it works?; Anatomy of an HTTP request; HTTP headers; GET request.
- Interacting with a web app using the requests libraryRequests library; Our first script; Setting headers; Analyzing HTTP responses; HTTP codes; Summary; Chapter 3: Web Crawling with Scrapy
- Mapping the Application; Web application mapping; Creating our own crawler/spider with Scrapy; Starting with Scrapy; Making our crawler recursive; Scraping interesting stuff; Summary; Chapter 4: Resources Discovery; What is resource discovery?; Building our first BruteForcer ; Analysing the results; Adding more information; Entering the hash of the response content; Taking screenshots of the findings.
- Automating the detectionExploiting a SQL injection to extract data; What data can we extract with an SQLi?; Automating basic extractions; Advanced SQLi exploiting; Summary; Chapter 7: Intercepting HTTP Requests; HTTP proxy anatomy; What is an HTTP proxy?; Why do we need a proxy?; Types of HTTP proxy; Introduction to mitmproxy; Why mitmproxy?; Manipulating HTTP requests; Inline scripts; Automating SQLi in mitmproxy; SQLi process; Summary; Other Books You May Enjoy; Index.