You’ll understand the anatomy of an HTTP request in order to make your own tools.
- View Offline
- [Lecturer] In the previous video,…we had a brief introduction of HTTP…and we saw a basic GET request example.…We also saw the different HTTP methods available…that we can use to interact with web applications.…In this video, we're gonna take a look…at the structure of a URL.…The request and response headers…and an example of GET requests using Telnet…to understand how it works at a low level.…I bet you have seen thousands of URLs by now.…
It's now time to stop and think about the URL structure.…Let's see what each part means.…The first part is the protocol in web applications.…The two protocols used are HTTP and HTTPS.…When using HTTP, the port that will be used is 80.…And when using HTTPS, the port will be 443.…The next part is the host we want to contact.…
In red, we can see the resource…or the file location in that server.…In this example, the directory is content…and the resource is section.…Then we have the question mark symbol…that indicates what's to come is the query string.…These are the parameters that will be passed to the section…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests