We want to create a brute forcer for basic authentication in order to detect the valid passwords for a given user.
- [Instructor] Hi, and welcome to the second video…of Section 5: creating our first password brute forcer.…In the previous video, we talked about password cracking…along with its different approaches…and we learnt about password policies.…In this video, we're going to create…our first password brute forcer…targeting the basic authentication method.…In this video, we're going to look at…what basic authentication is,…how it works,…and then we're going to create…our first password brute forcer for this method.…
Finally, we're going to test the script…against our victim web application.…Basic authentication is one of the simplest techniques…for enforcing access control to web application resources.…It is implemented by adding a special HTTP headers,…and it's insecure by design,…as the credentials are being sent…encoded with Base64 method.…Encoded means that it can be reversed easily.…For example, we can see…how basic authentication header looks like.…
The encoded string can be decoded,…and we found that the password being sent…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests