Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video: As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it. Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video. I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it. Again great content. Please keep them coming.❤
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to TH-cam when the vulns has been resolved?. this must be very interesting.
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this. I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
a good program to hunt for IDORs It has to have authenticated testing and you have to be able to get multiple different accounts. taking notes is mandatory for this type of testing 19:05 first we need to identify how the application is pulling larger data sets and identifying the user. 1:03:48 left
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
Good morning "Mas", thank you very much for the video. I am from Indonesia feel very grateful for the video, I would like to ask, Is there a roadmap next, for someone who has just jumped into Bug Bounty? The first step to understanding IDOR, maybe the next you can tell. Thank you "Mas". Greetings from me in Central Java Island, Indonesia. (Name is pseudonymous only)
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku. Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too. Can you update your discord invite link, it's actually expired, and I'm not able to join your server :) Thanks!
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](http://i.ytimg.com/vi/jTdqM2aO4Ys/mqdefault.jpg)
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](/img/tr.png)
Finally someone shares real life experience in bug bounty and actually shows how real world works. Thank you
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting,
Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video:
As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it.
Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video.
I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
This is the best educational bug bounty video on youtube!
finally someone sharing how to hunt in real life rather than giving tips thanks sir
How long have I been waiting for someone to actually test on a live application!! So educative, more of these pls!!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
allot of their excuses I have heard is its not allowed to do live bug bounty tests not sure how thats true
Sharing knowledge builds a strong community, but very few have such wisdom.
That and they won’t burn recon live I’d do live recon with u if u wanted to invite me.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
This is the best educational bug bounty video on youtube!
When person understands what he is doing, its always good to listen to him. Great video.. keep a good work
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
You are SO awesome for lending your expertise to walk through your methodology on a live program! Thank you!!!
You have the Holy Grail of certs! So glad you're on our side!! 😁
This is so much better than course videos with super unrealistic flaws
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting.
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
Thank you so much i really learned from you, i also learned how to be patient with captcha like which is an amazing skill ngl
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Thank you for your generous sharing. There are truly no hidden aspects to this.
Awesome content love these in-depth videos
Please do more vids like this, on specific bug types from beginner to advanced this is gold.
I was going to sleep it's 1:46 am then pop up came , now i can't sleep, i have to watch it cause i m obsessed with your content ❤😍
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it.
Again great content. Please keep them coming.❤
that was incredible, thanks for sharing, please keep up the good work legend.
Thanks bro. I am just starting. These live hunting videos are really really helpful. ♥♥
Getting into IDOR's and ACV's now... nais tutorial.. cheers
thank you for coming with such great videos
You are king! Great realistic content - the best!
Thank you for sharing this knowledge with us. As someone who is new to this, videos like this are golden in helping understand the how and why.
just beginning to watch this and i can tell its going to be worth it
great video! thank you for the depth and explanations in this video. i think i’m finally starting to get it!
man you are amazing, keep up the great work.
Great video. One of the best if you pay attention
The video flows very well from start to finish 👏
Best yt video about idor
Thank you very much for these awesome videos. Every time I watch your videos I'm learning a lot of things.
Thanks for bringing us these videos, showing the methodology, it really helps a lot!
Thank you so much for sharing your knowledge!
Love your videos!
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
i have faith , that u and God will help me in this journey of bug bounty
Thank you sir. You are my best youtuber
Thanks for bringing us these videos
can't wait for 2nd part amazing man alot of thanks
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
Min 1:06:29 you missed one traffic light. You are a robot. I know it!!!! :D
Good video bro. It is gold.
Love the whole video please keep teaching us
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to TH-cam when the vulns has been resolved?. this must be very interesting.
interesting to see how others do this, thanks!
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
this video is very motivating thanks man ...
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this.
I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
This is fantastic for beginner's
a good program to hunt for IDORs
It has to have authenticated testing and you have to be able to get multiple different accounts.
taking notes is mandatory for this type of testing
19:05 first we need to identify how the application is pulling larger data sets and identifying the user.
1:03:48 left
Can't wait for part 2 😊
This is gold!
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
Another great video, thanks man i really enjoy your videos :-)
Really Doing a great job 👍💪
This is just great! Thanks for the live hacking, that's super useful for me.
Love ur content! Please go for part 2!
wow i finally understand how guys found bug :)
Thanks a LOT man 🎉🎉🎉 ❤❤❤
Great content
Great explanation
Good one this🤞🏾
Good morning "Mas", thank you very much for the video.
I am from Indonesia feel very grateful for the video, I would like to ask,
Is there a roadmap next, for someone who has just jumped into Bug Bounty?
The first step to understanding IDOR, maybe the next you can tell.
Thank you "Mas".
Greetings from me in Central Java Island, Indonesia.
(Name is pseudonymous only)
Halo bang, ane juga dari jateng pekalongan wjwk
@@setanalaz kuliah ya?
@@blackbird436 no sir, still learning to jump into bug bounty from current job. belajar dmn lagi ya bang ada info kaga?
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku.
Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
very helpfull information, thank you mate
Thank you for the video. Extremely useful!🤗🤩 The link to join the group in Discord is not working
Amazing Video
good Explanation 🔥🔥🔥🔥
This is so helpful. thank you
Thanks for the video =)
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
Please make a video on how to do idor testing with Autorize
Bro pls make a course for http request smuggling I want to learn this vulnerability
13:50 bro was definitely angry about the question
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
Thank you!
Bro I was literally just researching this
nice video, keep doing
thx lord
Subscribed!!!!
Teşekkürler.
讲的太好了
Ty
When will you upload part 2?
This mfer is a fucking legend
really helpfull
Starting now
whats your h1 handle?
discord link is expired can you renew it
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too.
Can you update your discord invite link, it's actually expired, and I'm not able to join your server :)
Thanks!
❤❤
Sir Next part 2 video
please guys more likes on this video.
Go Navy beat Army
Please Need Dom Xss Video
Tallent i like you.
1:03
really hate captcha
Greate Video @rs0n ❤