In this video, we will introduce mitmproxy and explain why it was chosen to learn about HTTP proxy in Python.
- View Offline
- [Instructor] Hi, and welcome to section seven video two.…In the previous video we learned about what is an HTTP proxy…and what the different types of proxies we can find are.…In this video we're going to take a look at why we choose…mitmproxy to work with, how to use the basic HTTP proxy…feature in mitmproxy, and a brief introduction to…mitmproxy inline scripts.…Mitmproxy is an interactive console program…that allows traffic flows to be intercepted, inspected,…modified, and replayed.…
After researching for this section I decided…that the easiest and most complete way to learn about…HTTP proxies in Python is using mitmproxy.…Any other attempt would be more complex…and limited in the future than mitmproxy.…Mitmproxy is developed in Python and allows the users…to extend it via their inline scripts.…It supports SSL out of the box, unlike other alternatives…out there that support only HTTP.…Let's see how mitmproxy works in a simple example.…
If we go to the terminal and type mitmproxy…we get an mitmproxy console listening at port 8080.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests