We want to create a web application crawler to help us map an application.
- [Instructor] In the previous video we saw…what web application mapping is.…In this video,…we're going to create our first Scrapy project.…We are going to define our objective,…create our spider, and finally,…we are going to run it and see the results.…First, we need to define what we want to accomplish.…In this case, we want to create a crawler…that will extract all the book titles…from www.packtpub.com.…In order to do so, we need to analyze our target.…
If we go to the www.packtpub.com website…and we click inspect on a book title,…we see the source code of that element.…We can see in this case that the book title has this format.…Here, we can see div with a class of book block title…and then the title name.…Keep this in mind or in a notebook, better.…We need this to define what we want to extract…in our crawl process.…
Now, let's get coding.…Let's go back to our virtual machine and open a terminal.…In order to create our crawler, we're going to change…to the example Section-3 directory.…Then, we need to create our project…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests