Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Learning Python Web Penetration Testing

You're reading from Learning Python Web Penetration Testing Automate web penetration testing activities using Python

Product type Paperback

Published in Jun 2018

Publisher Packt

ISBN-13 9781789533972

Length 138 pages

Edition 1st Edition

Languages

Python

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Christian Martorella

View More author details

Table of Contents (14) Chapters

Title Page

Copyright and Credits

Packt Upsell

Contributor

Preface

1. Introduction to Web Application Penetration Testing FREE CHAPTER

2. Interacting with Web Applications

3. Web Crawling with Scrapy – Mapping the Application

4. Resources Discovery

5. Password Testing

6. Detecting and Exploiting SQL Injection Vulnerabilities

7. Intercepting HTTP Requests

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Our first password BruteForcer

In this section, we're going to look at what basic authentication is, how it works, and then we're going to create our first password BruteForcer for this method. Finally, we're going to test the script against our victim web application.

Basic authentication

Basic authentication is one of the simplest techniques for enforcing access control to web application resources. It is implemented by adding special HTTP headers which is insecure by design, as the credentials are being sent encoded with the Base64 method. Encoded means that it can be reversed easily. For example, we can see what a basic authentication header looks like:

The encoded string can be decoded and we found that the password being sent is equal to admin123.

Usually, when you see a string that ends in equals, it could be a base64 encoding string.

Creating the password cracker

Let's create our password cracker:

Let's go back to the Atom editor and open the back2basics.py file. In Section-5, we can see...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Authors (1)

Christian Martorella

Christian Martorella

Christian Martorella has been working in the field of information security for the last 18 years and is currently leading the product security team for Skyscanner. Earlier, he was the principal program manager in the Skype product security team at Microsoft. His current focus is security engineering and automation. He has contributed to open source security testing tools such as Wfuzz, theHarvester, and Metagoofil, all included in Kali, the penetration testing Linux distribution.

See other products by Christian Martorella

Other recommended products

Related to this chapter

Python Penetration Testing Essentials

Python Penetration Testing Essentials

This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1.

May 2018 7h 40m

Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration test and be sure of the results.

Feb 2019 12h 12m

Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

Bug Bounty hunting is a new method which companies use to test their applications. There is no dedicated methodology in place right now to help researchers upskill themselves and become bug bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem. The book allows readers to train themselves as bug bounty hunters to excel in the field of application security.

Hands-On Web Penetration Testing with Metasploit

Hands-On Web Penetration Testing with Metasploit

Metasploit is one of the best frameworks used for enumeration and exploitation of vulnerabilities. This book will not only give you a practical understanding of Metasploit but will also cover some less known modules and auxiliaries for pentesting Web Applications.

May 2020 18h 8m

SQL Injection Strategies

SQL Injection Strategies

Web Application Security is a relevant aspect nowadays. Many operations and transactions happen every day on the Worldwide Web, often relying on Databases. SQL Injection Strategies will both show you SQL injection in action, alongside defensive measures. The book also deals with SQL Injection scenarios in the IoT and mobile environments

Mastering Python for Networking and Security

Mastering Python for Networking and Security

Nowadays, configuring a network and automating security protocols are quite difficult to implement. However, using Python makes it easy to automate this whole process. This book explains the process of using Python for building networks, detecting network errors, and performing different security protocols using Python Scripting.

Sep 2018 14h 12m

Learning Python Networking

Learning Python Networking

Python is a popular programming language used for performing network automation in an easy-to-implement way. This book is an update to Learning Python Networking, and delves into the concepts of Python network programming and its importance in today's world.

Mar 2019 16h 20m

Web Penetration Testing with Kali Linux

Web Penetration Testing with Kali Linux

This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.

Feb 2018 14h 12m

Kali Linux Intrusion and Exploitation Cookbook

Kali Linux Intrusion and Exploitation Cookbook

Born from it predecessor, Kali Linux 2.0 is the most popular Linux distribution designed for security professionals who build defensive strategies around their systems with an offensive mindset. This book aims at introducing you to the most common and not -so- common pre-installed penetration testing tools and create custom complex images in the form of easy to follow recipes. Right Information gathering, vulnerability assessment & penetration testing for Web, wired and wireless Network this book will help you get grips on exploiting vulnerabilities in your system and fix those security anomalies in no time.

Apr 2017 17h 4m

Python Web Scraping

Python Web Scraping

This book is the ultimate guide to using latest features of Python 3.x to scrape data from websites. Learn right from extracting data from static web pages to creating class-based scrapers with Scrapy libraries. This book will also help you build crawlers and determine how to scrape data from JavaScript dependent website using PyQt and Selenium. You will also explore testing websites with scrapers, remote scraping, best practices, working with images and many more.

May 2017 7h 20m

Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook

Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.

Aug 2018 13h 28m

Practical Web Penetration Testing

Practical Web Penetration Testing

Web Applications are the core of any business today, and the need for specialized Application Security experts is increasing these days. Using this book, you will be able to learn Application Security testing and understand how to analyze a web application, conduct a web intrusion test, and a network infrastructure test.

Jun 2018 9h 48m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m