Easy IDOR hunting with Autorize? (GIVEAWAY)
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner.
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment on this video with an answer to: What bug or type of hacking do you want to know more about? And the text: #bountypls
1x Lifetime Membership to www.bugbountyhunter.com/
5x 1 month memberships PentesterLab Pro
5x 2 months Try Hack Me Premium
10x InsiderPhD Swag Pack
![[LIVE] : ONE ลุมพินี 73 วันนี้!! คู่เอก "วรพล vs พันฤทธิ์"](http://i.ytimg.com/vi/rrOljlqse3A/mqdefault.jpg)
Great video, Katie! Loved it as always.
My favourite bug bounty tools are burp suite, all tomnomnom's tools, amass and the ones I developed on my own! (LazyFuzzZ, Wordlist Weaver, Fu-JS) #bbhammer
amazing, this could be probably one of the biggest information that i have ever been given
Thanks so much sharing!
Really nice tip on how to use tool effectively !!
Wowww Thanks katie 🔥🔥🔥🔥it really encourages people more thanks for video
Thanks for doing so much for the community ❤️
It'll be great to have more videos about DOM based vulnerabilities #bountypls
Awesome video, as always!
Favourite tool - Burp Suite - even if the only features it had were the proxy history and Repeater, it'd still be amazing.
##bbhammer
Thanks for all your videos Katie!❤ I got my first bug from your IDOR video. My favorite tool is burp! #bbhammer
Bounty ???
Great video, good resource!!
You are my favorite bug bounty channel
Thanks for doing amazing video katie. My fav bug bounty tool is burp ofcourse. I'm looking forward more automation videos like this..#bbhammer
Thanks for the video! The tool that I use the most is fuff, cause of it's speed and simplicity. Burp is another indispensable tool as well! #bbhammer
Thanks for this video Katie
nice video i've watched quite a few of em. clear well rehearsed script.. this video actually tries to show us something. well rounded video.
i wish more of your videos showed us how to actually do this stuff like this video. you do great on the speaking side of teaching tho, need more hands on tho.
Hey Katie, as always, awesome video! My favorite bug bounty tool is Burp, for sure! #bbhammer
You videos are both no bs info and free which is great for broke student like me. Well my favorite tool is Burpsuite #bbhammer
And I think I will give Autorize a try.
Thank you for the video
Great video Katie, my favourite tool is Amass & Wireshark; would love to see more videos on Business logic flaws & XXE flaws.
#bountypls
Thanks Kate! I want to know more about SSRF and businesss logic.#bountypls And my favourite bug bounty tool is absolutely BurpSuite!!! #bbhammer
You are really a great teacher.
I am following your videos and learning a lot. Thank you so much!
*Burp* is my favorite tool
#bbhammer
Thanks for all your videos Katie , My favorite tool is burp #bbhammer .
Thanks for this channel
I want more videos explaining bugs with dem websites not just presentations. Thank You, Katie. #bountypls #bbhammer
thank you so much
Thank you for your great Videos! My favorite Bug bount tool is burp for sure! So much functionality in one tool! #bbhammer
why you're so late katie. i was waiting for this video for so long
Started following you Katie and I am blown by the content u and
other fellow u tubers are providing by the way my favourite BB tools are - Burp Pro,Rustscan,amass and nuclei
#Bbhammer
Thank you Katie for this amazing video. My favourite bug bounty tool is Burpsuite. #bbhammer
Started learning following your recon videos. My go to tool for now is Burpsuite community edition. #bbhammer
Thank you very much for the video! My favourite toos is Burp Suite, it is so powerful and you can do so many things. #bbhammer
Thanks :) my favourite bug bounty tool are Amass and FFUF #bbhammer
great video
Thanks for the video, have been using this tool for a while now. This is my favourite tool: Autorize allows to check most of the access Logic tests. #bbhammer
Thanks for the video. Information part is starting at 3:49
Burp and ffuf is my favorite tool
You are precious for the community! pls go more in depth on chaining vulnerabilities! #bountypls
Thanks for this great knowledge. I am currently learning IDOR and I've been able to use autorize and I got "enforced" in some areas. What next am I to do next. How do I exploit this for bug bounty?
Thanks as always Katie. My fav tool is Burp definitely. #bbhammer
Awesome video, I love to use Amass and burp suite!! #bbhammer
My favourite bugbounty tools are FFuF, Dirsearch, and Burpsuite with this extentions such as autorize #bbhammer
... And also obsidian #bbhammer
Thank you Katie. I'd love to know more about Burp. #bountypls
Great video as always. Would love to see videos based on chaining of bugs #bountypls
Great video as always. I would love to have more videos about XSS & chaining of bugs. #bountypls
My favourite tool is of course burp suite #bbhammer You are great Katie!
Please never stop creating content like these😍..It would be helpfull if you would increase your volume as i felt the audio is lower than other youtube videos..My favourite tool is BurpSuite #bbhammer
Thanks for this one its more than awesome.
By favourite tool is Amass, fuff and in extensions autorepeater & Param Miner this are lit. #bbhammer
Awesome video as usual. As for the types of bugs/hacking I want to learn about…SSRFs, broken access controls, business logic, and APIs! #bountypls
It'll be good if we get videos on web cache related vulnerabilities also once again thanks for making good contents for the community! #bountypls
Your video is really awesome :)
Always love for Burp Suite tool for damn sure !! #bbhammer
Awesome, will definitely use the burp addon. Fav tool #bbhammer #bountypls
#bbhammer
According to me burpsuite repeater is the best tool for hacking. We can perform any attack with it.
Thanks Kate ❤️ for this giveaway I'm so inspired by you and Aditi Singh and my favourite tool is FFUF love data exposed ❤️ #bbhammer
Thank you for all your videos! My favourite tool is amass and burpsuite. #bbhammer. It'll be good to see more videos on subdomain takeover with an example. #bountypls
Thanks for the videos!!! My favorite tool is burp for sure #bbhammer
my favorite bb tool is Burp, you can just do so much with it! #bbhammer
I would love to see more videos on recon methadology for beginners . #bountypls
Thanks for making content! My favourite bug bounty tool is burpsuite #bbhammer
Fav tool is Burpsuite because it has some automation and also manual testing which is good and it's also beginner friendly tool and many more to learn.... Thank you❤
#bbhammer
Welcome back! I'd love to learn more about SSRF #bountypls
Mobile application security is what I am practicing for a month now. And videos on that topic will be great to learn from. #bountypls
My favourite bug bounty tool is ffuf combined with burp. I can bypass the speed limit of Intruder during fuzzing using -replay-proxy in ffuf which gives me the benifit of higher fuzzing speeds of ffuf and all the packets are captured in burp proxy too due to -replay-proxy flag set in ffuf.
#bbhammer
Burpsuite is my fav
Katie thanks for the video. I would like to learn more about hacking APIs. #bbhammer
Subdomain takeovers would be nice, saw a lot of good reports but never seemed to fully understand them. #bountypls
Burp and Amass is the bread and butter for me. #bbhammer
Mostly there r auth bearer token for APIs which also needs to be add in cookies section?
thankyou,
My favourite bug bounty tool is Burpsuite. #bbhammer
Just found your channel searching for cybersec stuff.
My favorite tool so far is burp.
#bbhammer
Next video idea suggestion: Burp autorepeater
my favorite tool is burp suite, nmap :)) thanks for great contents
#bbhammer
I'd like to see videos on Anti-CSRF bypass, 2FA/MFA bypass or prediction.
Thanks very much for your videos and my favourite tool is burpsuite #bbhammer
I'm having an issue with autorize picking up requests that should be out of scope. Anyone else have this issue? This leads to a lot of extra requests to parse through, which really slows me down
Have only used Burp suite till now so I guess that's my favourite tool as of yet #bbhammer
Fav bug bounty tools - Burp, amass, nuclei, ffuf #bbhammer
Thanks a lot for the vid. My favourite tool is ffuf #bbhammer
Thank you for holding my hands and taking me to this level in cyber security, Be healthy and happy😁
#bountypls
I like to see more vedios on business logic bugs , like taking a public program and understanding the business logic of the functionalities.#bbhammer #bountypls
#bbhammer My favorite tool burp. Thanks for your videos!!!
Thanks Katie my favorite tools is burpsuite #bbhammer
My favorite is always Burp Suite! #bbhammer
my favorite bug bounty tools are amass and burp suite. #bbhammer
Thank you for this video. I would love to know more about cloud security esp AWS. #bountypls
My favorite BugBounty tool has to be Burp Suite #bbhammer
Burp has to be my favourite tool! #bbhammer
Thanks for the video, my favorite tools are burp & amass #bbhammer
Burpsuite, nuclei, Cariddi, Gau, gxss, ffuf and google dorks #bbhammer
@Inderderphd
Have you find idor vulnerability which leads to privilege escalation? Could you please tell me the scenario.
Usually it's permission related - create mutliple accounts with different permission levels, and try and do an admin action as a regular user
Thanks for sharing. Burpsuite of course i am just the beginner #bbhammer
I'd like to learn more about SSRFs, and maybe web cache poisoning, sounds cool. #bountypls
Great 👍 topics I like nuclei thank you for your time and efforts
#bbhammer
Hey Katie, glad you are back again. Could you please make a detailed video on NOSQL injection attacks. My favourite tool is httpx by projectdiscovery due to it offering so many cool features.
Have a great day. #bountypls #bbhammer
Lovely video.......Burp for sure #bbhammer
Thanks Kate ❤ for this giveaway I'm so inspired by you #bountypls #bbhammer
katie, i'm new to bug hunter, i'm still practicing about the web security system, i have joined in ingriti but i don't know what i can and can't do when looking for bugs, can you give a little direction and tips on how to work in intigriti please,,
Awesome content, my favorite tool is gobuster #bbhammer
Burp,Ffuf, Nuclei, Aquatone and Nmap
#betterlatethannever
#bbhammer
Beginner here ;)
My fav to the moment is chrome dev tools ;) #bbhammer thank you Katie for another awesome video ;) and I desperately need this zseanos bbh membership :)
My go-to was always Burpsuite. #bbhammer
Definitely Burp Suite! #bbhammer