Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python: Penetration Testing for Developers

You're reading from   Python: Penetration Testing for Developers Execute effective tests to identify software vulnerabilities

Arrow left icon
Product type Course
Published in Oct 2016
Publisher Packt
ISBN-13 9781787128187
Length 650 pages
Edition 1st Edition
Languages
Arrow right icon
Authors (6):
Arrow left icon
Christopher Duffy Christopher Duffy
Author Profile Icon Christopher Duffy
Christopher Duffy
Mohit Raj Mohit Raj
Author Profile Icon Mohit Raj
Mohit Raj
Dave Mound Dave Mound
Author Profile Icon Dave Mound
Dave Mound
Terry Ip Terry Ip
Author Profile Icon Terry Ip
Terry Ip
Cameron Buchanan Cameron Buchanan
Author Profile Icon Cameron Buchanan
Cameron Buchanan
Andrew Mabbitt Andrew Mabbitt
Author Profile Icon Andrew Mabbitt
Andrew Mabbitt
+2 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (32) Chapters Close

Python: Penetration Testing for Developers
Python: Penetration Testing for Developers
Credits
Preface
1. Understanding the Penetration Testing Methodology 2. The Basics of Python Scripting FREE CHAPTER 3. Identifying Targets with Nmap, Scapy, and Python 4. Executing Credential Attacks with Python 5. Exploiting Services with Python 6. Assessing Web Applications with Python 7. Cracking the Perimeter with Python 8. Exploit Development with Python, Metasploit, and Immunity 9. Automating Reports and Tasks with Python 10. Adding Permanency to Python Tools 11. Python with Penetration Testing and Networking 12. Scanning Pentesting 13. Sniffing and Penetration Testing 14. Wireless Pentesting 15. Foot Printing of a Web Server and a Web Application 16. Client-side and DDoS Attacks 17. Pentesting of SQLI and XSS 18. Gathering Open Source Intelligence 19. Enumeration 20. Vulnerability Identification 21. SQL Injection 22. Web Header Manipulation 23. Image Analysis and Manipulation 24. Encryption and Encoding 25. Payloads and Shells 26. Reporting Bibliography
Index

Header-based Cross-site scripting


Until now, we have focused on sending payloads through URLs and parameters, the two obvious methods of performing attacks. However, there are numerous rich and fertile sources of vulnerabilities that often lay untouched. One of these will be covered in depth in Chapter 6, Image Analysis and Manipulation, for which we can give an intro now. Logs are often kept of specific headers of users that are accessing web pages. It can be a worthwhile activity performing checks against these logs by performing XSS attacks in headers.

We will be creating a script that submits XSS attack strings to all available headers and cycles through several possible XSS attacks. We will provide a short list of payloads, grab all the headers, and submit them sequentially.

Getting ready

Identify the URL that you wish to test. See the end of this example for a PHP web page that the script can be used against in order to test the validity of the scripts.

How to do it…

Once you've identified...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image