We need to improve the results of the brute forcer in order to facilitate the discovery of interesting resources. Let's do just this!
- View Offline
- [Lecturer] Hi, and welcome to the…third video of section four.…In this video, we will improve the brute-forcer…we created in the previous video in order to…facilitate the analysis of the results.…In this video, we're going to see how…we can improve the results, we are going to…add those improvements to our code,…and finally we're going to test the code…with our testing web app.…In the previous video, we created a basic brute-forcer,…but we saw that the results were a little basic,…and when we have a lot of results, it won't be easy…to identify the interesting findings.…
So we can add colors depending on the status code.…A good start will be to print in green…all the results which have a status code greater…or equal to 200 and lower than 300.…In red, the results with status codes greater…or equal to 400 and lower than 500.…And finally in blue, the results with the status code…greater or equal than 300 and lower than 400.…
This will help us to quickly identify results.…Our interest will be mainly in the green…and the blue results.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests