You learned how to test basic- and digest-based authentication, but most of the web applications use form-based authentication, which is the famous login form. In this video, you will learn how we can brute force these forms.
- (Voiceover) Hi and welcome to the final video…of this section where we're going to learn…how to brute force form-based authentication…in web applications.…We're going to start learning what…form-based authentication is and then…we're going to modify one of our previous tools…to enable this attack.…Finally, we're going to test the script…against our victim web application and…fine-tune it to improve the result analysis.…Let's start with a quick overview…of form-based authentication.…Form-based authentication is the most common…and widely used method of authentication…in web applications.…
This method is not as standardized as…the previous two methods we learned,…which means that the implementation of this…method will vary.…Basically, the web application will present a form…that will prompt the user…for the username and password.…Then that data will go to the server…where it is going to be evaluated…and if the credentials are valid,…it will provide a valid session cookie to the user,…and it will let the user access the protected resource.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests