Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video: As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it. Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video. I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
I dont think i have ever left a comment on a youtube video, but i just wanted to reach out and thank you for this! the way you sit and explain the little details is just amazing. Its almost like you can hear me mumbing to myself "wtf does that mean" lmao Definitely gained me as a subscriber!
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it. Again great content. Please keep them coming.❤
a good program to hunt for IDORs It has to have authenticated testing and you have to be able to get multiple different accounts. taking notes is mandatory for this type of testing 19:05 first we need to identify how the application is pulling larger data sets and identifying the user. 1:03:48 left
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
Good morning "Mas", thank you very much for the video. I am from Indonesia feel very grateful for the video, I would like to ask, Is there a roadmap next, for someone who has just jumped into Bug Bounty? The first step to understanding IDOR, maybe the next you can tell. Thank you "Mas". Greetings from me in Central Java Island, Indonesia. (Name is pseudonymous only)
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku. Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to TH-cam when the vulns has been resolved?. this must be very interesting.
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too. Can you update your discord invite link, it's actually expired, and I'm not able to join your server :) Thanks!
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this. I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](http://i.ytimg.com/vi/jTdqM2aO4Ys/mqdefault.jpg)
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](/img/tr.png)
![[#2024MAMA] ROSÉ (로제), Bruno Mars - APT. | Mnet 241122 방송](http://i.ytimg.com/vi/dgGqD28J6aQ/mqdefault.jpg)
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting,
Finally someone shares real life experience in bug bounty and actually shows how real world works. Thank you
Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video:
As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it.
Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video.
I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
This is the best educational bug bounty video on youtube!
finally someone sharing how to hunt in real life rather than giving tips thanks sir
How long have I been waiting for someone to actually test on a live application!! So educative, more of these pls!!
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
allot of their excuses I have heard is its not allowed to do live bug bounty tests not sure how thats true
Sharing knowledge builds a strong community, but very few have such wisdom.
That and they won’t burn recon live I’d do live recon with u if u wanted to invite me.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
When person understands what he is doing, its always good to listen to him. Great video.. keep a good work
This is the best educational bug bounty video on youtube!
I dont think i have ever left a comment on a youtube video, but i just wanted to reach out and thank you for this! the way you sit and explain the little details is just amazing. Its almost like you can hear me mumbing to myself "wtf does that mean" lmao
Definitely gained me as a subscriber!
You are SO awesome for lending your expertise to walk through your methodology on a live program! Thank you!!!
You have the Holy Grail of certs! So glad you're on our side!! 😁
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting.
This is so much better than course videos with super unrealistic flaws
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Thank you for your generous sharing. There are truly no hidden aspects to this.
Please do more vids like this, on specific bug types from beginner to advanced this is gold.
Thank you so much i really learned from you, i also learned how to be patient with captcha like which is an amazing skill ngl
Awesome content love these in-depth videos
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it.
Again great content. Please keep them coming.❤
i have faith , that u and God will help me in this journey of bug bounty
just beginning to watch this and i can tell its going to be worth it
Thank you for sharing this knowledge with us. As someone who is new to this, videos like this are golden in helping understand the how and why.
I was going to sleep it's 1:46 am then pop up came , now i can't sleep, i have to watch it cause i m obsessed with your content ❤😍
a good program to hunt for IDORs
It has to have authenticated testing and you have to be able to get multiple different accounts.
taking notes is mandatory for this type of testing
19:05 first we need to identify how the application is pulling larger data sets and identifying the user.
1:03:48 left
that was great ❤
can't wait for further lives ❤
Thanks bro. I am just starting. These live hunting videos are really really helpful. ♥♥
thank you for coming with such great videos
Great video. One of the best if you pay attention
Best yt video about idor
Getting into IDOR's and ACV's now... nais tutorial.. cheers
great video! thank you for the depth and explanations in this video. i think i’m finally starting to get it!
best explanation Bro!!! loved your methodology...
Thanks for bringing us these videos, showing the methodology, it really helps a lot!
that was incredible, thanks for sharing, please keep up the good work legend.
Thank you very much for these awesome videos. Every time I watch your videos I'm learning a lot of things.
You are king! Great realistic content - the best!
Thank you so much for sharing your knowledge!
Love your videos!
man you are amazing, keep up the great work.
Thanks man, good material, we don't have anything similar in Spanish
Thanks for bringing us these videos
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
interesting to see how others do this, thanks!
Bro pls make a course for http request smuggling I want to learn this vulnerability
can't wait for 2nd part amazing man alot of thanks
Love the whole video please keep teaching us
Can't wait for part 2 😊
Absolutely great content ✨
This is fantastic for beginner's
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
This is gold!
Good morning "Mas", thank you very much for the video.
I am from Indonesia feel very grateful for the video, I would like to ask,
Is there a roadmap next, for someone who has just jumped into Bug Bounty?
The first step to understanding IDOR, maybe the next you can tell.
Thank you "Mas".
Greetings from me in Central Java Island, Indonesia.
(Name is pseudonymous only)
Halo bang, ane juga dari jateng pekalongan wjwk
@@setanalaz kuliah ya?
@@blackbird436 no sir, still learning to jump into bug bounty from current job. belajar dmn lagi ya bang ada info kaga?
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku.
Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
Thank you sir. You are my best youtuber
this video is very motivating thanks man ...
wow i finally understand how guys found bug :)
Thanks a LOT man 🎉🎉🎉 ❤❤❤
Really Doing a great job 👍💪
Please make a video on how to do idor testing with Autorize
Great content
Min 1:06:29 you missed one traffic light. You are a robot. I know it!!!! :D
Good video bro. It is gold.
Love ur content! Please go for part 2!
Ty
Another great video, thanks man i really enjoy your videos :-)
Great explanation
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to TH-cam when the vulns has been resolved?. this must be very interesting.
This is just great! Thanks for the live hacking, that's super useful for me.
Good one this🤞🏾
讲的太好了
very helpfull information, thank you mate
good Explanation 🔥🔥🔥🔥
Amazing Video
Thank you!
This is so helpful. thank you
Teşekkürler.
Thanks for the video =)
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
Thank you for the video. Extremely useful!🤗🤩 The link to join the group in Discord is not working
13:50 bro was definitely angry about the question
Starting now
Bro I was literally just researching this
thx lord
nice video, keep doing
Subscribed!!!!
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
When will you upload part 2?
really helpfull
This mfer is a fucking legend
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
Sir Next part 2 video
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too.
Can you update your discord invite link, it's actually expired, and I'm not able to join your server :)
Thanks!
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this.
I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
please guys more likes on this video.
Please Need Dom Xss Video
Go Navy beat Army
❤❤
discord link is expired can you renew it
whats your h1 handle?