Techniques for ethical hacking with Python, 2nd Edition
Mohit
This is a test
This is a test
Buch teilen
230 Seiten
English
ePUB (handyfreundlich)
Über iOS und Android verfügbar
eBook - ePub
Python Penetration Testing Essentials
Techniques for ethical hacking with Python, 2nd Edition
Mohit
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
This book gives you the skills you need to use Python for penetration testing, with the help of detailed code examples. This book has been updated for Python 3.6.3 and Kali Linux 2018.1.About This Book• Detect and avoid various attack types that put the privacy of a system at risk• Leverage Python to build efficient code and eventually build a robust environment• Learn about securing wireless applications and information gathering on a web serverWho This Book Is ForIf you are a Python programmer, a security researcher, or an ethical hacker and are interested in penetration testing with the help of Python, then this book is for you. Even if you are new to the field of ethical hacking, this book can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion.What You Will Learn• The basics of network pentesting including network scanning and sniffing• Wireless, wired attacks, and building traps for attack and torrent detection• Web server footprinting and web application attacks, including the XSS and SQL injection attack• Wireless frames and how to obtain information such as SSID, BSSID, and the channel number from a wireless frame using a Python script• The importance of web server signatures, email gathering, and why knowing the server signature is the first step in hackingIn DetailThis book gives you the skills you need to use Python for penetration testing (pentesting), with the help of detailed code examples.We start by exploring the basics of networking with Python and then proceed to network hacking. Then, you will delve into exploring Python libraries to perform various types of pentesting and ethical hacking techniques. Next, we delve into hacking the application layer, where we start by gathering information from a website. We then move on to concepts related to website hacking—such as parameter tampering, DDoS, XSS, and SQL injection.By reading this book, you will learn different techniques and methodologies that will familiarize you with Python pentesting techniques, how to protect yourself, and how to create automated programs to find the admin console, SQL injection, and XSS attacks.Style and approachThe book starts at a basic level and moves to a higher level of network and web security. The execution and performance of code are both taken into account.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Python Penetration Testing Essentials als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Python Penetration Testing Essentials von Mohit im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Informatique & Programmation en Python. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
When I was pursuing my Master of engineering (M.E) degree, I used to sniff the networks in my friends' hostel with my favorite tool, Cain and Abel. My friends would usually surf e-commerce websites. The next day, when I told them that the shoes they were shopping for were good, they would be amazed. They always wondered how I got this information. Well, this is all due to sniffing the network.
In this chapter, we will study sniffing a network, and will cover the following topics:
The concept of a sniffer
The types of network sniffing
Network sniffing using Python
Packet crafting using Python
The ARP spoofing concept and implementation by Python
Testing security by custom-packet crafting
Introducing a network sniffer
Sniffing is a process of monitoring and capturing all data packets that pass through a given network using software (an application) or a hardware device. Sniffing is usually done by a network administrator. However, an attacker might use a sniffer to capture data, and this data, at times, might contain sensitive information, such as a username and password. Network admins use a switch SPAN port. The switch sends one copy of the traffic to the SPAN port. The admin uses this SPAN port to analyze the traffic. If you are a hacker, you must have used the Wireshark tool. Sniffing can only be done within a subnet. In this chapter, we will learn about sniffing using Python. However, before this, we need to know that there are two sniffing methods. They are as follows:
Passive sniffing
Active sniffing
Passive sniffing
Passive sniffing refers to sniffing from a hub-based network. By placing a packet sniffer on a network in the promiscuous mode, a hacker can capture the packets within a subnet.
Active sniffing
This type of sniffing is conducted on a switch-based network. A switch is smarter than a hub. It sends packets to the computer after checking in a MAC table. Active sniffing is carried out by using ARP spoofing, which will be explained further in the chapter.
Implementing a network sniffer using Python
Before learning about the implementation of a network sniffer, let's learn about a particular struct method:
struct.pack(fmt, v1, v2, ...): This method returns a string that contains the values v1, v2, and so on, packed according to the given format
struct.unpack(fmt, string): This method unpacks the string according to the given format
Let's discuss the code in the following code snippet:
First, import the struct module, and then pack the 1, 2, and 3 integers in the hhl format. The packed values are like machine code. Values are unpacked using the same hhl format; here, h means a short integer and l means a long integer. More details are provided in the subsequent sections.
Consider the situation of the client-server model; let's illustrate it by means of an example.
Run the struct1.py. file. The server-side code is as follows:
The client-side code accepts the message and unpacks it in the given format.
The output for the client-side code is as follows:
C:network>python unstruc.py
☻ ♥ (1, 2, 3)
The output for the server-side code is as follows:
G:PythonNetworkingprogram>python struct1.py connected by ('192.168.0.11', 1417)
Now, you should have a decent idea of how to pack and unpack the data.
Format characters
We have seen the format in the pack and unpack methods. In the following table, we have C-type and Python-type columns. It denotes the conversion between C and Python types. The Standard size column refers to the size of the packed value in bytes:
Format
C type
Python type
Standard size
x
pad byte
no value
c
char
string of length 1
1
b
signed char
integer
1
B
unsigned char
integer
1
?
_Bool
bool
1
h
short
integer
2
H
unsigned short
integer
2
i
int
integer
4
I
unsigned int
integer
4
l
long
integer
4
L
unsigned long
integer
4
q
long long
integer
8
Q
unsigned long long
integer
8
f
float
float
4
d
double
float
8
s
char[]
string
p
char[]
string
P
void *
integer
Let's check what will happen when one value is packed in different formats:
We packed the number 2 in three different formats. From the preceding table, we know that b and B are one byte each, which means that they are the same size. However, h is two bytes.
Now, let's use the long int, which is eight bytes:
>>> struct.pack('q',2)'x02x00x00x00x00x00x00x00'
If we work on a network, ! should be used in the following format. ! is used to avoid the confusion of whether network bytes are little-endian or big-endian. For more information on big-endian and little-endian, you can refer to the Wikipedia page on Endianness:
You can see the difference when using ! in the format.
Before proceeding to sniffing, you should be aware of the following definitions:
PF_PACKET: It operates at the device-driver layer. The pcap library for Linux uses PF_PACKET sockets. To run this, you must be logged in as a root. If you want to send and receive messages at the most basic level, below the internet protocol layer, then you need to use PF_PACKET.
Raw socket: It does not care about the network layer stack and p...
