Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Vložit
- čas přidán 14. 07. 2024
- 0:00 - Salutations
3:18 - Overview of lesson
6:41 - Enumerating with Burp Suite and manual spidering
14:55 - Challenge 1: Find the scoreboard
18:33 - Challenge 2 - Find a confidential statement
20:00 - Challenge 3 - Redirects tier 1
22:54 - Challenge 4 - Repetitive registration (DRY principal)
26:42 - UI Bypassing HTML forms
33:13 - Challenge 5 - 0 stars (UI Bypassing)
35:59 - Challenge 6 - Error handling
39:58 - XSS Overview
49:10 - Challenge 7 - XSS Tier 1 (DOM XSS)
55:17 - Challenge 8 - Read the privacy policy
56:00 - Challenge 9 - XSS Tier 0 (Reflected XSS)
58:09 - XSS defenses
❓Info❓
___________________________________________
Hire me: tcm-sec.com
Contact (professional inquiries only, please): info@thecybermentor.com
📱Social Media📱
___________________________________________
Website: thecybermentor.com
Twitter: / thecybermentor
Twitch: / thecybermentor
Discord: / discord
LinkedIn: / heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor - Věda a technologie
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
This is the type of information I've been searching for. Thank you!
My head is on overload. Awesome video.
cant wait for the 100k subs than the 1 mil :) great stuff as always!
Keep up the great work!!!
You are doing God's work !!!! Great stream
Thank you!
That was so amazing when u said Salam Walikum
وعليكم السلام
Thank you For this
Love you!!
Respect earned!!!!
Thanks, bro learnt a lot from you.
You're welcome.
Thank you!!! :)
Than you! MVP.
Niceeeeeeeee! Ty.
Miss the Livestream, but still this is Awesome....
Thanks
Great video, as always. BTW, can you post the link to the DOM based XSS website?
Great content Senpai !! Please I have a question concerning the Repetitive registration (DRY principal) challenge :
How is it possible for a "mean" hacker to use this flaw to exploit the web app because it didn't seem to me that it is a big of a deal especially that the "Confirm Password Field " is no longer used in the newest web app
Thanks alot !
I actually like listening to the Q&A...
I guess I'll just go watch it on twitch :(
The video was constantly skipping frames, so it was mostly audio.
Building on this would really help ..thank you!
I started like everyone starts...you know by searching on google....😂😂😂🤣🤣🤣🤣
Secure flag doesn't allow the cookie to be transmitted over HTTP. What you're describing is the HTTPOnly flag. Anyway, thanks for the video, keep up the good work!
Yep. Clarified this mistake in the beginning of the next episode :). Thank you!
@@TCMSecurityAcademy didn't start with episode 3 yet! :)
option for scanning a particular site is only in pro version..i have the community version ..what to do?
About long links especially when you can bitly or tiny urlify it today, true?
you are the best my friend.. You are good person.. Really.. I want something from you. Can you teach us C Language for Network Penetration Testing.. again thnx for everything , because you give us education and free.. YOU ARE THE BEST MY FRIEND 🙏😊
If only I knew C :(
@@TCMSecurityAcademy okey , if you want to teach other language for network hacking.. We can wait 😄🙌
Nice stream , can you make video to bypass " i found xss in site.com but i face problem the code between double quots"" and filter encode any html and url encoding
i wish i could subscribe you for the second time
Scan in burp is a pro version feature
Is the 'Scan' option shown at 12:51 still available in Burp Suite Community Edition? It's always grayed out for me on Burp Suite Community Edition v2020.2
The "Scan" option is payed version only.
@@JohnSmith-my5hb Thanks! In the video he selects that "Scan" option in the free edition (12:51). Was the scan option recently removed from the Community Edition?
@@fabiog He clearly said at (7.04) now this burp suite in my pro edition, (pro) means its a paid version of burp suite
@51.42 you say "It never hit the server". Would you please explain how do you infer that it never hit the server?
Thank you.
Client based vs server based. A DOM is client side.
Hey i installed juice box using docker now i am not able to get the request in burp proxy need help , it is running on port 3000
/*fabulous */
How to build Websites? Acedemind, Traversy Media, Florin Pop etc. :)
guys im not really sure what is this but the video is 1h 2min, but in the playlist the video is showing as 1h 32min for some reason
can start doing bug bounty after this course?????? pls reply and thank you so much for these videos !!!
Depends on your approach methods too , though this is fantastic video , your own methodologies to approach might differ , and bug bounty requires also your own set of ideas .... vigorous practice along wid this video will make it.... all the best
:)
video on AWS security testing
hey if anyone have PortSwigger CA certificate file or if u have download link please send me. i'm unable to download
Shalom 🙏
There is no scan option in free version!!
32:40 ->>
check your discord invite link
Uhhh I think your upload failed lol. It's the very end of your lesson unless this was supposed to be a quick q & a unless my YT app is breaking. It's only giving me the last 9 minutes of the stream
Just CZcams issues on the initial conversion!
Lol you speak hebrew? Shalom ahi
Nope! Only shaloms :)