Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
Vložit
- čas přidán 27. 07. 2024
- Learn web application penetration testing from beginner to advanced. This course is perfect for people who are interested in cybersecurity or ethical hacking.
⭐️Resources⭐️
🔗Burp Suite: portswigger.net/burp
🔗WAFW00F: github.com/EnableSecurity/waf...
🔗OWASP SAP: www.zaproxy.org/
🔗Metasploit: github.com/rapid7/metasploit-...
🔗Kali Linux: www.kali.org/downloads/
🔗OWASP Juice Shop www.owasp.org/index.php/OWASP...
🔗Damn Vulnerable Web Application (DVWA): www.dvwa.co.uk/
🔗 HackerSploit Website: hsploit.com/
⭐️Course Contents⭐️
⌨️(0:00:00) Setting Up Burp Suite
⌨️(0:08:07) Spidering & DVWA
⌨️(0:19:04) Brute Force Attacks With Burp Suite
⌨️(0:32:55) Target Scope And Spidering
⌨️(0:46:32) Discovering Hidden Files With ZAP
⌨️(1:04:24) Web Application Firewall Detection with WAFW00F
⌨️(1:12:28) DirBuster
⌨️(1:25:27) XSS(Reflected, Stored & DOM)
⌨️(1:41:22) CSRF (Cross Site Request Forgery)
⌨️(2:02:42) Cookie Collection & Reverse Engineering
⌨️(2:14:17) HTTP Attributes (Cookie Stealing)
⌨️(2:27:48) SQL Injection
Course created by HackerSploit. Check out the HackerSploit CZcams channel: / hackersploit
--
Learn to code for free and get a developer job: www.freecodecamp.org
Read hundreds of articles on programming: medium.freecodecamp.org
I am overwhelmed by the value this channel offers
this channel is a goldmine of knowledge
Same here.
This is from hackersploit, search it up
I'm watching this nearly after 2 years
but it is still much more informative 👍
This is so helpful. Thanks a ton!
NOTE:
Anyone who is having trouble with connecting metasploitable with browser in kali
1) go to the metasploitable network settings in your hypervisor( virtual machine monitor or VMM) like virtual box
2) change to the adapter from NAT to Bridge
thats all
like so more people can see it
Though bridge gives an easier option to setting the network..but I would prefer you use host network ..it does the same but it has an added advantage..it doesn’t expose your vms to other people on the internet only your host can access them…bridge exposes your vms to other people on the network
Thinks bro u are great ❤️
@@nathanielahaohello, I’m stuck, can we communicate please?
no i dont think opening metasploitable as bridged is safe for your home network
3 years later and you're still getting views and comments bro. I absolutely love your content. Helps me out a great deal as a beginner in pentesting. Love the subject a great deal
Yes
yes your right
That's how CZcams works
Please i heard in the video you have a special course about web application penetration testing with ZAp not burp suite. As Zap is being touted as a very massive tool, you can hardly find detailed resources on it. Everyone seems to be talking about Burp suite especially the pro version. So please if you could kindly direct me to the course, I would mostly appreciate it
Thank you a lot for the content, I appreciate a lot you taking the time to pass your knowledge forward
Thank you very much
hackerlouis05 on Instagram is the best when it comes to hacking
He's services are fast and legit and he doesn't charge much
sorry to be so offtopic but does anybody know of a tool to log back into an Instagram account??
I was stupid lost my login password. I would appreciate any assistance you can give me
This guy is not only knowledgeable and a good teacher... he's extremely funny too....
Amazing I learn a lot from this video thanks for sharing this knowledge with us on CZcams.
This is really amazing to hear hackersploit voice.
Wonderful explanation
All doubts cleared and feel confident.
Sick cant wait to dive into this!
love this guy no nonsense tutorials thanks bro
loving it, very helpful
I love this org and youtube channel
Thank you Tesfay. Such a great video for study purpose.
i like your tutorials ...continue please.
Excellent teaching man it's very easy to understand ♥️
L
This covers the material clearly and thoroughly. Thanks!
You rock!! Good stuff right here!!!!!
Super helpful content...Thanks so much!
how great you are man! i salute you. you make me believe!
Great video in which you have really given a lot of effort to explain everything in detail.
I have a question about the DirBuster is there a way to get a list from a cloud instead of a local computer?
regards
-- Danny
So nice explanation sir it's really nice the world's best teacher
In the business for a while and was just curious. Well explained and presented. Cheers.
As someone in the field, would you advice me to take this course? Is there an important gap between the content of this course and real work or is it very close please? (I am a complete beginner in cybersecurity)
@@ThisIsAli_Off i would like to know this too
@@ThisIsAli_Off I don't think you can simply watch 2 hours of video and suddenly become a professional. Especially not with computer given the huge amount of things to learn
@@w花b Yup, this is especially true for cybersecurity. Every time I think I start "mastering" the basics, I discover a totally new topic that I don't know anything about. It can be very intimidating to start cybersec when you see how large the field is and how hard it is.
Thanks Brother .....its very useful to me
I liked the video as soon as I heard his voice.
Awesome content and explanation... Got to know so many things
Complete TOR anonymity tutorials using TAILS, WHONIX and KODACHI linux czcams.com/video/zgvUjto8J6k/video.html
This is really awesome
Thank you so much Sir !!! You're a great Teacher! Be blessed!
omg! this is an awesome video. 3 hours? yep. the longest video i ever seen.
Check out start hacking today
doing this. been wanting this for a long time
Please make another more advance course for begginers in web pentesting
thank you so much for this video, makes everything so clear : thank you!
really helpful video for bigginer
even tho u speak faster but u still one of my best teacher. bless u
I am unable to reset juice shop score..when I start it already has something done ..changed IP .. deleted cookies nothing changes it
This is amazing stuff for beginners. Thank You
"really really really really really really really really really really " "all good stuff"
Hey Hashim! Do I need to learn anything prior for this course? And where can learn it (paid/free). Thanks
@@parmeet8455 depends on your study background.
This is really helpfull video for us kindly upload video for ethical hacking on desktops application thanks
Most Wanted video
Thanks for explaining the difference between the two but I’m new to cyber security I’m wondering which one to do first the pen-testing or vulnerability scanning? Any advise is welcomed as I’m looking for a book camp after I take a couple of online classes
vulnerability scanning bro
So easy to follow thx
nice and recommended indeed bravo work😍
Many thanks for this video. DO you have next video in this series?
You can skip (2.)Spidering as it's not present in the burpsuite anymore. I think there is something to do with some new laws about crawling but the team is working on a new method implemented in Pro and Community editions with no ETA for now thou.
How do I find someone ip using their phone number
Whats the alternative for spidering then? I'm trying to learn copying this guy as a total beginner.
I am running Kali in VirtualBox. It does not have a button to add an exception. Firefox was probably updated in the newer Kali. Does anyone know how to create the exception a different way?
I had the same problem.But I installed parrot os,and the problem is solved
You can use an usb for runnig kali linux in your pc :)
Please during the course, i heard you had a seperate tutorial on the use of ZAp for web applications testing. I ask this because everyone seems to be leaning towards burp suite pro and there are hardly any tutorials out there except yours at least which cover zap in detail for web app pen testing. Please if you would kindly direct me to that tutorial i would appreciate it.
It's saying that the proxy server is refusing the connection on firefox. What should I do now?
is that video from hackersploit channel cause i heard hackersploit tag in the begening
Yes. We were so excited that Hackersploit gave us permission to post this great course.
@@freecodecamp a1
hackerlouis05 on Instagram is the best when it comes to hacking
He's services are fast and legit and he doesn't charge much
Thank you from Melbourne Australia
hi, thanks for the videos. I have a question at bruteforce. When i go to response/render it shows Unable to render response! Why is this happening? any clue anyone?
What happened to the spider tab in burp suite? It doesn't seem to exist in burp suite 2020.
Is this done on a virtual enviroment?
Strong title, great content.
So explanatory. Thanks alot.
But can one of these methods be used to bypass otp verification code...If you could do a video on that
First of thank you for the great video!
I just don't understand why you are using two script at 2:22:40 ?
Take a look in JavaScript and html, you'll get it.
Thank you, hackersploit! 💕
Stop*
Hello, how can i get firewall name and version, tried wawoof, but its giving a wrong name. any other way?
Brilliant, thank you 👍
The first brute force was admin admin. You were rushing through it. Nice job.
Bro can u tell me the best websites for learning hacking
@@Powerfulwordsofbible depends on what type of hacking you want to learn. Reverse engineering, binary exploitation, Web_app security, Networking security, Systems admin security, Bug_Bounty. Programming in languages like C, Bash, Python are also needed.
@@bugr33d0_hunter8 i want to become an ethical hacker
I'm at beginning stage
@@Powerfulwordsofbible you need to learn a couple languages before you should do anything else.
⌨️(0:00:00) Setting Up Burp Suite
⌨️(0:08:07) Spidering & DVWA
⌨️(0:19:04) Brute Force Attacks With Burp Suite
⌨️(0:32:55) Target Scope And Spidering
⌨️(0:46:32) Discovering Hidden Files With ZAP
⌨️(1:04:24) Web Application Firewall Detection with WAFW00F
⌨️(1:12:28) DirBuster
⌨️(1:25:27) XSS(Reflected, Stored & DOM)
⌨️(1:41:22) CSRF (Cross Site Request Forgery)
⌨️(2:02:42) Cookie Collection & Reverse Engineering
⌨️(2:14:17) HTTP Attributes (Cookie Stealing)
⌨️(2:27:48) SQL Injection
thanks
when I set up proxy, I no longer able to use browser. Error: connection not private. How can I get around this to view the video and use burp suite.
@@ammarbinfaisal salamu aleikum brother, good explaination. Thank you!
The best comment! Thanks!!
@@apackalu2718at least he did it for those who don't check description. And it's helpful 😄
why there is no spider branch on latest version of burp suite
"really really really really really really really really really really " "all good stuff"
irregardless
Good day! What's the name of the next you've made ? cause I couldn't find it .
Youre awesome teacher, can you please do a video on how to find the login username and password for a router gateway url? Please and thank you!!
Awasome 😍
after setting up burpsuite it is not showing any http history upon opening burpsuite is said i am using JRE version 11.0.1 progrom may not run properly .....Help?...
Why I am Missing Spider in my version? currently using v2020.7 i don't see the spider tab?
You don't really know what penetration is until one day you find out that there is a back-door on your system that won't let you in!
Hopefully this video will show the way to a better Internet experience!!!
Prerequisites please?
Thanks for this ❤
You need to have pro version of burpsuite right, mine doesnt have few of the important options like spider and all.
Just curious, what are the prerequisites to get into this one?
Understanding of how the internet works and linux maybe some python js html and css
Any prerequisites for this course?
I have 2 questions:
1) What is the purpose of setting the proxy? Why we set the proxy to localhost? Using this proxy I'm not able to reach a web resource.
2) I can't select the checkbox in the App, under the 'Proxy' -> 'Options' -> Running 4:59
Check settings, you can reach everything, proxy is only intercept the request/response
Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
People generally use these proxy servers to make the website thing that this ip address didn't visit their site before.
Nice work
To me the ZAP is more user-friendly sir, becos I follow your other video finding useful information by doing the ZAP spiders
does anyone know what is the url for DVWA??? I know in this video he links it via his IP but i'm not that techy and need to access DVWA using Burp. thanks!
This voice i didn't forget.. :D
I get the idea! 😅
why so nervous? you do a really nice job explaining bro!
do the proxy settings have to be the same as the video above
Is it legal to use your website to learn along the way with the video ? By letting Burpsuite at it ?
I need some CEH-V10 tutorial please..
I am wondering if it is only me who see flashes of image, unknown apps, and curse-like jargons without understanding what is the whole picture and the meanings behind all these??
Yeah i was wondrring the same
@@theself999 youtube alone won't cut it. Get some books and do research on your own. this is just an overview of some tools
@@thanhvinhnguyento7069 Yes indeed.
could one help please, Burp Suite would not open on a new Parrot security 5.3 installation ; also noticed chrome for Linux after freshly installed is behaving the same way and not starting ?
what should one do after this one?
you'r awesome man
How can i do web app testing for any website given?
Hello everyone first
Is the software space or cybersecurity better?
excellent choice, alexis FTW
great way for me to refresh
Thank you, many source used money for acces
What's the difference between network penetration testing and web application penetration testing? Do you need to know both to be a bug bounty hunter?
Network penetration is the network like the database the web app penetrations is the application
list of tools and applications:
dvwa
bwapp
juice shop
owasp zap
dirbuster
Sir can you suggest best bug bounty hunter book please
is it possible for you to create new playlist of cyber security because course is too old and lot have changed
Knowledgeable
When I changes the preferences to local host then I can't access internet in kali Linux due to which I can't send any http request to any site. Any solution?
Shouldn't use kali then yet. Stick to ubuntu for now. Kali is for elites.
I'm going to quite CSGO and start this tutorial from today....
I recommend English lesson first
@@aronpop1447 hahah..
I have a problem where he says manually setting up firefox proxy in 22:00 , it doesn't allow me to visit any site. What can I do to solve it?
i dont know but ill like your comment so that it can get to the right person
@@leafytreegaming4168 Thanks a lot, I found the answer though.
can i know if i do it without virtual machine... do my ip will get blocked? why cant we perform such attacks from our own OS like windows 10 n etc?