8:30 your webcam is top-right, covering whatever you clicked to update the session cookie. I enjoy watching the videos and learning. Thanks for the great content!
I think in this application there is no need to spend the time decrypting the traffic, as he mentions this is theory. You could absolutely argue that in a RL situation where you would be hacking MFA it would be encrypted.
Because he is using a local proxy, it intercepts the browser's traffic before https is applied, I think it's burp actually. The only way to use this attack he is showing is to have control of the client machine or browser on a step before the attack. With a man in the middle it would go everything encrypted. The other thing he said that's not that aqurate is the posibility of bruteforcing the 4 digit code. Anybody with some knowledge of security would block that after some incorrect inputs, like 3 times or so. Usually those cannot be bruteforced unless the page is vulnerable to that (it was designed by a monkey) and it sould be generated by a random secure generator so the posibility to guess that is almost null. I think I went overboard with the explanation, sorry, I think I didnt really like this video.
6:29 the easiest way would be to set the payload type to Numbers, then set the range from 0 to 9999 and the step to 1. Then you set min integer digits and max integer digits to 4 and min fraction digits and max fraction digits to 0.
I can see how "How to Hack MFA" could seem uninteresting to someone who doesn't know what "MFA" means. Maybe putting the written-out text in the title as well would be helpful in this case.
Hi. Great video again. Could you make some of the next one about basic windows AD enum ? It will be nice to know some basic steps what could be useful to check to privesc after you get revshell or any not elevated user account. WinPEAS is good, but some tips for manual enum will be great to know. Thanx a lot. And also thank you for great content 🙂
amazing video, web apps are easy to use and access ... trying brute force on dedicated apps is quite different. I wonder this could work on a chromium addon MFA are really important, sad to know most people dont care about using it
Awesome content and knowledge sharing guy's. 🙌🏻
8:30 your webcam is top-right, covering whatever you clicked to update the session cookie. I enjoy watching the videos and learning. Thanks for the great content!
I'm pretty sure it's a cookie editor plugin from firefox
yes i made a graphic pop up below with an arrow so you can see it :)
You people putting out nugts 🔥 content and information ' thankyou
Hello folks i had question can one brute force a ussd process and if yes which are some of the tools that can be used?
Good example, but why the key is showing in plain text? Isn't communication between the sides encrypted?
I think in this application there is no need to spend the time decrypting the traffic, as he mentions this is theory. You could absolutely argue that in a RL situation where you would be hacking MFA it would be encrypted.
Because he is using a local proxy, it intercepts the browser's traffic before https is applied, I think it's burp actually. The only way to use this attack he is showing is to have control of the client machine or browser on a step before the attack. With a man in the middle it would go everything encrypted.
The other thing he said that's not that aqurate is the posibility of bruteforcing the 4 digit code. Anybody with some knowledge of security would block that after some incorrect inputs, like 3 times or so. Usually those cannot be bruteforced unless the page is vulnerable to that (it was designed by a monkey) and it sould be generated by a random secure generator so the posibility to guess that is almost null.
I think I went overboard with the explanation, sorry, I think I didnt really like this video.
6:29 the easiest way would be to set the payload type to Numbers, then set the range from 0 to 9999 and the step to 1. Then you set min integer digits and max integer digits to 4 and min fraction digits and max fraction digits to 0.
no one:
me: not knowing what MFA is but still watches the vid
That's concerning for your safety if you don't know what MFA
@@_justnick well I do know 2fa
I can see how "How to Hack MFA" could seem uninteresting to someone who doesn't know what "MFA" means. Maybe putting the written-out text in the title as well would be helpful in this case.
Good for you, that's a good way to learn new things.
Would love it with you using Zap to brute force. Community Burp Suite too slow :(
how to 'upload' the session cookie?
How do i evade such attacks , please can someone help me.
Hello big bro
so way smarter than I
I need help my friend Facebook id was hacked long months ago can you help to bring that id back I have many expectations from you broo please help me
6:35 Number range easily done using bash curly brace expansion:
for i in {0000..9999}; do echo $i; done
good theory but dont think it would be bruteforable in real world attacks
please make a video on password rest bypass! :)
Plz make video about red teaming
Hi. Great video again. Could you make some of the next one about basic windows AD enum ? It will be nice to know some basic steps what could be useful to check to privesc after you get revshell or any not elevated user account. WinPEAS is good, but some tips for manual enum will be great to know.
Thanx a lot. And also thank you for great content 🙂
amazing video, web apps are easy to use and access ... trying brute force on dedicated apps is quite different. I wonder this could work on a chromium addon
MFA are really important, sad to know most people dont care about using it
need internship or job, need of the hour
1st view
3rd
2 comment pin please ❤