Some applications use an authentication method called digest authentication, which is stronger and more secure than basic authentication. We want to add support to this method to our script.
- [Teacher] Hi, and welcome to video three of section five.…Where we are going to add support…for Digest authentication to the password bruteforcer…that we created in the previous video.…In this video we're going to start learning…what a Digest authentication is.…Then we're going to modify our password bruteforcer…to support this method.…Finally, we're going to test the new script against…our test web application.…Digest authentication is a more secure option…to basic authentication.…
It uses MD5 to do the hashing of the username…and password plus a nonce.…The nonce is used to prevent replay attacks,…and it is sent by the server…after the user requests a protected resource.…So when the browser would create the response…with this code.…Hash one is equal to MD5 hash…of username realm password.…Hash two is equal to MD5 method…Digest URI.…
Finally, the response is MD5 hash…of HA1…nonce HA2.…Realm value defines a protection space.…If the credentials work for a page in one realm,…it will also work for other pages in that same realm.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests