In this video, we will add the detection of redirections and generate more information about the responses, such as the time it takes the response and the MD5 hash of the content.
- [Christian Martorella] Hi,…and welcome to video four of section four.…In this video, we'll continue adding features…to our brute forcer in order to improve the detection…and facilitate filtering.…First, we're going to add the code that will detect…if there was a redirection.…Then, we're going to add the time it took…for the request response transaction…and the MD5 hash of the response.…Finally, we're going to test the improved script.…Currently, the requests library returns a 200 status code…for resources that follow the redirection.…
As it is returning the status code from the last resource…in the redirection chain.…If we want to know if there was a redirection,…we need to check the history of requests.…Let's go back to the Atom editor and open the file…forzaBruta-3.py.…We need to add this code in order…to improve the redirection detection.…After line 48, after we get the request response.…This code will check if there was a redirection…and it will update the code with the first redirection code.…
For the request time, we can do the following:…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests