We have seen how mitmproxy works and learnt how to create inline scripts to extend the proxy and manipulate communication. We have learnt to add a vulnerability scanner function to the HTTP proxy to assist us during web application penetration tests.
We provided you with the basic knowledge and skills to help you in the future when creating your own custom tools. If you are starting your journey as a pentester, this will give you a solid foundation on which to build your custom tools for every situation, and will allow you to modify and extend existing tools.
Now that you know the basics, you can continue your journey, improving your skills and putting them into practice. In order to do so, I recommend the following resources:
- OWASP WebGoat (https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project). This is a training course provided on the form of a VM. This training focuses on the OWASP top 10 vulnerabilities.
- Pentester Lab (https://www.pentesterlab.com/) provides vulnerable applications that can be used to test and understand vulnerabilities. Also, you can test your skills in other vulnerable apps, like the ones you can find in the project.
- OWASP-WADP (https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project), a collection of vulnerable apps to provide environments close to reality.
And that is it. Thank you very much for choosing this book, and I hope you have enjoyed learning about web application testing with Python.