Realy You Are Awesome Rohit sir I just researched a lot and lot but i didnt know many thing When i saw ur video realy I impressed 😍 I reported 100 of reports but all will be duplicated but this time i work hard using ur video concepts and make bug bounty Once again thankyou for uploading daily videos. When i wake up morning i just check your channel for new content video !🥰🥰 Regards, Surya
That was superb....sir. But I want know the methods like sqli ssti and others vulnerability ...how you found when you hunt. Please sir share with us your methods for different kind of vulnerability. Advance thank you...and wish you all the best.
At 5:28 you mentioned that you directly used .txt file given waybackurls. So basically, 1) Do we have to use data from waybackurls directly or 2) We have to use grep "=" and egrep to remove noise and then use the generated file for further processing ?
What to do after getting alert(XSS); pop-up because pop-up with cookies 🍪 or document.domain(); pop-up is not suitable to receive bug bounty rewards. Please guide how to escalate reflected XSS to higher levels to earn bounties on hackerOne BugCrowd intigrity etc. Thanks 😊 🤝❤️💫💐😘🥰🌺💥💯👍
There are many parameters which are been added in public tools, but having your params from each web application gives you slighter advantage then others ;)
Sir one doubt, when we remove after = values what if there are more parameter after = like page=1&id=2. I think only first = parameter will exist and all other will remove !
Very well explained ! You made XSS hunting simpler. Thanks There's one problem when i cat my target result and pipe it with Kxss the output is different for me, like this :- param classification is reflected and allows ' on www.target.com.ss:443/?classification=1234 param campaigncode is reflected and allows ' on www.target.com.ss/learning/?campaigncode=target_banner_09&sc_trk=tar-courses-link so, how can i delete the sentence/string "param classification is reflected and allows ' on " ? Please Help
I tried to download Dalfox through all the methods, to no avail. Lol. I was trying before even seeing this video. KXSS I found out about earlier today from another TH-camr. Hehe.
Sed and qsreplace both works differently. sed is stream editor and will replace stuff anywhere in a string. whereas qsreplace will only replace for parameters. Eg - iloverohitsyoutubevideos.com/search=lotsoflove Here qsreplace will replace lotsoflove with FUZZ, sed can replace rohits to shifa.
@@HacktifyCyberSecurity Yes I agree, but here the use case was the same for the first sed command you used, to modify the parameters and remove stuff after that "=". So just thought qsreplace seems like a cleaner option :)
Install go lang then use this command GO111MODULE=on go get -u github.com/tomnomnom/hacks/kxss Then go to your go installation folder Example Cd go/src/github.com/tomnomnom/hacks/kxss go build main.go A file name kxss will be build Now copy this to your go installation directory Example Sudo cp kxss /usr/bin It should now be available directly for use Or if you are not root user then simply copy this kxss file to your Go/bin/ folder Enjoy 😎
Best Seller Bug Bounty Hunting & Penetration Testing Courses - learn.hacktify.in
i want to buy your course please add netbanking option
Thank you for this videos
The title of this video really matches with the content you have shown. Thumbs up.
Best video for XSS automation I have ever seen
Thank you ✌✌✌✌✌✌✌
Excellent way of explaining the automation....Great job sir....
Honestly saying, this is such a good way. Thanks a lot for demonstrating this. :)
Realy You Are Awesome Rohit sir
I just researched a lot and lot but i didnt know many thing When i saw ur video realy I impressed 😍 I reported 100 of reports but all will be duplicated but this time i work hard using ur video concepts and make bug bounty Once again thankyou for uploading daily videos. When i wake up morning i just check your channel for new content video !🥰🥰
Regards,
Surya
Greetings,
Where is the last video as you mentioned the beginning.
Thank for this great content
Is it ok if I use gau tool instead of waybackcurls.
That was superb....sir.
But I want know the methods like sqli ssti and others vulnerability ...how you found when you hunt.
Please sir share with us your methods for different kind of vulnerability.
Advance thank you...and wish you all the best.
Keep watching, will upload more such videos
At 5:28 you mentioned that you directly used .txt file given waybackurls.
So basically,
1) Do we have to use data from waybackurls directly or
2) We have to use grep "=" and egrep to remove noise and then use the generated file for further processing ?
You can use the file from waybackurls.txt and supply the script to it to filter results based on =
I really like your video..From Pakistan.
What if the url has multiple params? And one of the param is vulnerable?
hey my kxss is not running i have deleted and download it again but still not working any solution
Today I find gem 💎 thanks bhaiya
Nice video sir, great work , tomnomnom giving to us good scripts , waiting for ur xss patterns. I love sed tool in this videos
Screen shot the payload and use www.onlineocr.net/ to copy text from screen shot 😜
Awsome video sir🔥please make video for automation of other attacks also like OR, LFI, SSRF , SQLi..
how to add color UI in dalfox??
Some program urls when passed as input to kxss doesn't give any o/p..how to proceed further in that scenario??
XSSHunter doesn't work anymore, but there's an express version. That didn't work for me either.
Thanks. How to collect all XSS payloads from bugcrowd HTB Hacker1 to mass attack to upload shell file, RCE and rooting web servers. Thanks
Can please make video on CORS tips and tricks
Noted, It will be uploaded soon.
@@HacktifyCyberSecurity thank you💚
What to do after getting alert(XSS); pop-up because pop-up with cookies 🍪 or document.domain(); pop-up is not suitable to receive bug bounty rewards. Please guide how to escalate reflected XSS to higher levels to earn bounties on hackerOne BugCrowd intigrity etc. Thanks 😊 🤝❤️💫💐😘🥰🌺💥💯👍
Thanks for the information,
BTW you mentioned about a list at 19:38, I think we already have tool for that and its Open Source too :)
There are many parameters which are been added in public tools, but having your params from each web application gives you slighter advantage then others ;)
sir can you teach all this amazing techniques in your paid courses of bug hunting
Yes we teach more such techniques.
Check at learn.hacktify.in
Hey quick question, my output from kxss looks alot different than yours, just wondeirng what commit of kxss your using?
Very useful video 👍👍👍
my kxss isn't working like yours ?!!!
Im getting different output when we run kxss we are not getting url:
I just downloaded the kxss but how could i run in my kali machine??
bash scripts are messy, but you could try format it a little bit.
Regardless, thanks for the info!
sir, i am facing problem in installing kxss. can u pls tell me how to do. can we use gxss instead of kxss in the command you showed in this video.
bro its not showing me the vulnerable and not vuulnerable tag line
Awesome sir, Love your content.
Superb sir, waiting for patterns 😎😎😀
Nice explanation
To join Hacktify's full Course Visit : learn.hacktify.in
Really enjoy your video
Sir we wait ing log4j vulnerability video
Great video...
You are awesome man
You rock! Best Wishes
how to bypass the html encoding of tags
please tell!!
Learnt something new thank you so much..😁
Thanks sir..
Can you make different way to account takeover bug
Parameter is where?i need sir
Please Make a Video on Explaing how CSP work and How we can Bypass them.
Noted, We will come on this.
How to find stored xss sir
Great work! Where I can find these commands?
Screen shot the payload and use www.onlineocr.net/ to copy text from screen shot 😜
Hello sir have you published your xss pattern file?
Awesome As Always 🙏
Awesome explain , really feel good thumb's up n subscribe for you,
Thank you ❤️✌️
Awesome👍😊
Hey make a video on nuclei
It is in progress, we will come up with video soon.
Okeeee😉
Waiting for it
Sir one doubt, when we remove after = values what if there are more parameter after = like page=1&id=2. I think only first = parameter will exist and all other will remove !
Sir,can you please answer this question?
Use regex
Tried Kxss no output
Does it mean no unfiltered parameters then ?
Thank u.
thank you for sharing. thumbs up
Good stuff
Very well explained ! You made XSS hunting simpler. Thanks
There's one problem when i cat my target result and pipe it with Kxss the output is different for me, like this :-
param classification is reflected and allows ' on www.target.com.ss:443/?classification=1234
param campaigncode is reflected and allows ' on www.target.com.ss/learning/?campaigncode=target_banner_09&sc_trk=tar-courses-link
so, how can i delete the sentence/string "param classification is reflected and allows ' on " ?
Please Help
cut -d' ' -f9 | sed 's/=.*/=/'
Woahh, thanks
I tried to download Dalfox through all the methods, to no avail. Lol. I was trying before even seeing this video. KXSS I found out about earlier today from another TH-camr. Hehe.
I'll try the releases method tomorrow. Lol. Thanks. 💀🤣😎🤝😅
Instead of the confusing sed thing we could directly do it with "qsreplace -a" if I'm not wrong.
Sed and qsreplace both works differently. sed is stream editor and will replace stuff anywhere in a string.
whereas qsreplace will only replace for parameters.
Eg - iloverohitsyoutubevideos.com/search=lotsoflove
Here qsreplace will replace lotsoflove with FUZZ, sed can replace rohits to shifa.
@@HacktifyCyberSecurity Yes I agree, but here the use case was the same for the first sed command you used, to modify the parameters and remove stuff after that "=". So just thought qsreplace seems like a cleaner option :)
Nevermind, got it! My bad :P
Sir plz take some bash scripting
hello i tried kxss its take a lot of time like more than 10 hr and still loading
Yep same here. kxss doesn't work anymore
Sir, i have a confusion on installing KXSS, can you tell the procedure for installing KXSS?
Make sure you have go installed and go path configured. Then follow the steps to install kxss from repo.
Install go lang then use this command
GO111MODULE=on go get -u github.com/tomnomnom/hacks/kxss
Then go to your go installation folder
Example
Cd go/src/github.com/tomnomnom/hacks/kxss
go build main.go
A file name kxss will be build
Now copy this to your go installation directory
Example
Sudo cp kxss /usr/bin
It should now be available directly for use
Or if you are not root user then simply copy this kxss file to your
Go/bin/ folder
Enjoy 😎
sir what happen to today video?????????????????????
Hi, Due to bad health couldn't upload it. It will be uploaded today.
Share waybackurl script bro
Plz share the script
231 th like 😇
www.optimizely.com is out of scope! bad luck