The main functionality of an HTTP proxy is to intercept and manipulate traffic. In this video, we will note how to do this in mitmproxy.
- [Instructor] Hi and welcome to the third video…of section seven.…In the previous video, we introduced mitmproxy,…a Python HTTP proxy implementation…that we will use to build our own HTTP proxy.…In this video, we're going to learn more…about inline scripts,…and we're going to see an example…on how to intercept the request…and access the different parts of it.…In this video, we're going to start…reviewing the inline script handler,…and learn what parts of the communications we can access.…
Then we're going to write a simple script…that will let us access the URLs requested…and log them in a file.…Finally, we're going to modify the request…by adding an arbitrary parameter to the query string.…In the previous video,…we saw a simple inline script was defined…in order to access the response of the request.…Here, there are other parts of the communication…that mitmproxy lets us access via its handlers.…Start, which is called once the script starts up…before any other events.…
Clientconnect is called when a client initiates…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests