When conducting an analysis of big web applications, having a screenshot of the discovered resources could be very handy. We need to add this capability by taking a screenshot of all the resources that return a 200 status code.
- [Instructor] Hi and welcome to the last video…of this section.…In this short video we're going to learn…how we can take a screen shot automatically…from our brute forcer.…In this video we're going to see why…taking pictures could be useful…in which libraries we need to add…to be able to add this capability to our script.…Finally we're going to run the new brute forcer…and take some pictures.…What do we want to achieve in this video?…Basically we want to take a screen shot…of every resource that returns a 200 code.…
This will help us to speed up the analysis…of our big apps or when testing multiple apps…in a short period of time.…For this I choose selenium web driver…for Python and Phantom JS.…Selenium web driver is a tool used…to automate web browsers pragmatically,…mainly for software testing purposes.…Selenium web driver will drive Phantom JS,…which is a headless browser and we'll have…access to Phantom JS capabilities in Python.…
In this case the screen shot function.…But we can also access the dom,…which will be very useful for testing dom injections.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests