Make your applications attack-proof by penetration testing with Python. Learn how to customize and write your own tests with Python.
(bright music) (mouse click) - [Instructor] Welcome to learning Python Web Penetration Testing, by Christian Martorella. Video course by Packt Publishing. I am Paul Bailey, the voice over artist for this course. Christian has been working in security testing for more than 10 years, now. He is the author of multiple penetration testing tools such as Wfuzz, Metagoogil, theHarvester, and Webslayer.
All of them included in Backtrack and Kali. He has presented security research in many conferences, like the OWASP summits, OWASP London and Barcelona, BlackHat Arsenal, and O-S-I-R-A. He has also delivered penetration tests for Fortune 500 companies, utilities, banks and governments. In this course, we're going to learn the penetration testing process, and see how to write our own tools for different web application penetration phases.
This course will provide you with a skillset necessary for creating your own penetration testing tools, and to modify existing security and hacking tools to suit your own purposes. You will leverage the simplicity of Python and available libraries to build your own web application security testing tools. The goal of this course is to show you how you can use Python to automate most of the web applications penetration testing activities. Before starting to write our own tools, we need to first understand what is the penetration testing methodology and the different phases that need be performed, which will be our focus in our first section.
Also, in this section we will introduce the testing environment created for this training based on a virtual machine and a vulnerable web application. Then we're going to review the HTTP protocol and the basics of HTTP requests and responses in section two. Here, we're going to learn to communicate with web applications using Python, and Requests library, which will be the core foundation of our tools. In section three, we're going to map the content of the application to understand how it is composed and to identify the entry points that we need to test.
Also, we're going to see how to harvest data from the web application that can be used later in our tests. In order to do so, we're going to create a web crawler using the Python library scrapy. We're also going to work on the www. packtpub.com website to map resources and harvest interesting information. Now we know how to map a web application using a crawler but most of the applications have hidden resources.
These resources are accessible for all the users or are not linked at all. Luckily, we can use brute forcing technique to discover directories, files, or parameters in order to find vulnerabilities or interesting information to use further in our tests. In section four, we're going to write a tool to perform brute force attacks in different parts of the HTTP requests, URL, headers and body. We're going to use as a target, the vulnerable web application created for this course.
Now we're going to review the different approaches to password cracking, and we're going to write a tool to brute force different types of authentication, such as basic authentication, NTLM, and form based. We're going to work against the vulnerable web application. In section six, we're going to learn how to detect and exploit SQL injection vulnerabilities. Most modern applications interact with a database and the majority is still using SQL language.
If an application has a SQL injection vulnerability, it could allow attackers to bypass authentication, extract data, and even take control of the underlying OS. We're going to write a script to detect and exploit a simple SQL Eye to detect SQL injections, and then we're going to add data extraction functionalities, and finally we're going to run OS commands through SQL Eye. One of the most important tools in web application testing is the HTTP proxy.
This tool allows us to intercept the communications between a browser and a server, giving us the opportunity to manipulate the content of the request. This is very useful, as it allows us to access the raw HTTP request. In our final section, we're going to write plugins for MITM proxy, in order to intercept, log and modify HTTP requests. And finally, we're going to create a plugin that will let us test for SQL injection in every URL that has parameters.
The only prerequisite for this course is to have basic programming or scripting experience, which will facilitate to understand the examples quickly. In terms of environment, you only need to download the virtual machine that contains the vulnerable target web application and the Python environment with all the libraries necessary. To run Virtual Machine, you will need to install VirtualBox from www.virtualbox.org I hope you now have a complete grip of what's to come, and you're as excited as I am.
So then, let's get started on this wonderful journey.
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests