Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On Penetration Testing with Python Enhance your ethical hacking skills to build automated and intelligent systems

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788990820

Length 502 pages

Edition 1st Edition

Languages

Python

Concepts

Ethical Hacking

Author (1):

Furqan Khan

View More author details

Table of Contents (18) Chapters

Preface

1. Introduction to Python

2. Building Python Scripts FREE CHAPTER

3. Concept Handling

4. Advanced Python Modules

5. Vulnerability Scanner Python - Part 1

6. Vulnerability Scanner Python - Part 2

7. Machine Learning and Cybersecurity

8. Automating Web Application Scanning - Part 1

9. Automated Web Application Scanning - Part 2

10. Building a Custom Crawler

11. Reverse Engineering Linux Applications

12. Reverse Engineering Windows Applications

13. Exploit Development

14. Cyber Threat Intelligence

15. Other Wonders of Python

16. Assessments

17. Other Books You May Enjoy

Leave a review - let other readers know what you think

SSL stripping (missing HSTS header)

SSL stripping, or SSL downgrade, is an attack vector that downgrades an HTTPS connection to HTTP. This attack is carried out by an attacker who is between the victim and the web server and acts as a transparent proxy. It further maintains a HTTP based downstream connection with the victim and a proper HTTPS upstream connection with the server.

An attack is therefore carried out by the combination of ARP poisoning, SSL stripping, and setting up a transparent proxy between the attacker and the victim. Let's say that a victim wants to visit a site called abc.com. By default, abc.com is served by the server on HTTPS as https://www.abc.com, but when the user types the URL in the browser, abc.com, the browser sends the request as http://www.abc.com to the server, which responds with a 302 response and redirects the user to https://www.abc.com...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Furqan Khan

Furqan Khan is a security researcher who loves to innovate in Python, pentesting, ML, AI, and big data ecosystems. With a gold medal at both M.Tech and B.Tech, he started off as a research scientist at NITK, where he developed a web app scanner for the Ministry of IT (India). He then worked as a security researcher with Paladion Networks and Wipro Dubai exploring pentesting/exploitation space where he developed tools such as vulnerability scanner and a threat intelligence platform. Currently, he is working with Du-Telecom Dubai as a pentesting manager. He has published and co-authored white papers and journals with Springer and Elsevier, and has also presented his research and development work at international conferences, including CoCon.

See other products by Furqan Khan