Being the proxy is one of the most useful tools in web app security testing. You will learn how it works, why they are used, and finally, the different types of HTTP proxies available.
- [Instructor] Hi, and welcome to Section 7.…In this section, we're going to learn about HTTP proxies,…and how we can intercept and manipulate HTTP requests.…In this section, we're going to start by learning…what an HTTP proxy is and how it works.…Then, we're going to explore mitmproxy,…which is an HTTP proxy developed in Python.…Then, we're going to write scripts for mitmproxy…that will allow us to manipulate the requests.…And finally, we're going to see…how to analyze and manipulate their responses.…
Let's move on to the first video of Section 7,…where we're going to learn about HTTP proxies.…In this video, we're going to learn:…What is an HTTP proxy?…Why are proxies needed or used?…And, what types of HTTP proxies exist?…Let's move on.…First, let's see, what is an HTTP proxy?…An HTTP proxy is a server that acts as an intermediary…between two communication parties.…
There is no direct communication…between the client and the server.…Instead, the client connects to the proxy…and sends the request to it.…Then the proxy will fetch the resources…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests