Burp for Beginners: How to Use Repeater
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- Repeater is the main tool you'll end up using in Burp for bug bounty hunting, in this video, I go through the basics of repeater, show you how to get the most from repeater and give a live demo showing you how to actually hack things with repeater!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
What are you doing this weekend? What burp videos do you want to see? Let me know in a comment! Do you want to support me? Why not buy me a coffee? ko-fi.com/insiderphd
Got questions? I have answers, Tweet at me / insiderphd - บันเทิง
I love your content, Your videos motivate me more and more to continue with bug bounty! Thanks Katie, I like this kind of videos with real targets, Thanks a lot!!!!
I love the way it is explained, and I also love the voice! Love your content!
Amazing content Katie, thank you so much
hi katie, i love your videos, thank you :)
Thank so much Katie for amazing effort
Thank you! Happy to make it :)
Finally!! I was waiting for your video :)
Hope you enjoyed it!
@@InsiderPhD Yep ;)
Thanks for another great video. Hopes to see more Burp videos from you :)
Sooooon! I’m hoping to cover everything in intruder!
Thank you 🙏🏻
Great content! Keep up!
Thanks, will do!
Thanks Katie! I was trying to do the same with gmail but the requests over there are too difficult to interpret. I would like to highlight one thing, your mail won't be sent because there are many values in that request which are changed while sending an email. Solution to this problem is you send two different emails from your account (from browser like a legitimate user), then in Burpsuite you send those email request to comparer (request) and find out the changes between the two requests and do the same in your crafted email in repeater. Add random values of same length where the changes are seen and boom! your email will be sent.
Awesome
Is having in depth knowledge of web development necessary for getting started with bug bounty?
I have no web dev experience, so should I first learn it to understand how JavaScript and stuff works or is it not really necessary?
PS : thanks for all these amazing videos
You don't need to learn how to do web development, in fact not knowing can be an advantage since you might look in places someone with dev experience might skip over! But I will say that it helped me a lot and it meant when I went into hacking I saw it as an extension of deving rather than a new skill. STOK is quite well known for not being a dev and TomNomNom is a dev and they're on the same team!
If you want my opinion, learn how to make a basic web app in a language (python might be a good choice since many tools use it), to get a feel for how it works!
great
Love your videos. Thanks for the videos. I have a question that since you are using the suite on yahoo.com, so is it legal? Can I use burp suite on any website? I mean is it legal to use on unauthorized websites?
thanks and keep sharing your knowledge.
No! I am allowed to hack on Yahoo.com because it runs a public bug bounty program on HackerOne hackerone.com/verizonmedia you should never test a website you're not explicitly allowed to via a bug bounty program or some kind of authorisation directly from a company (eg a pentest)
Thanks Katie . Please don't stop uploading videos for beginners. I am a newbie.
Hey Katie, do you think subdomain takeover is still worth to hunt or it will be very hard to find and just wasting my time? Thanks
People do find their first bugs with subdomain takeovers, but just make sure that the services you're looking at are vulnerable via github.com/EdOverflow/can-i-take-over-xyz this is a good introduction www.hackerone.com/blog/Guide-Subdomain-Takeovers !
i needed this so badly cause i just started in bug bounty
ps- i wanted to know that is cracked burp harmfull to use as i can not afford one
You don't need to use a cracked version! You can just the Community Edition (free one)! The full version isn't necessary when you just start out
@@InsiderPhD thanks for showing path
I appreciate you helping community
Since you already know where ymail endpoints are in the long list of yahoo request captured by burp but what if someone doesn't know about them? How he can find endpoints? For suppose endpoints fo Gmail etc? Any suggestions regarding that?
It comes with practice basically, I have hacked the Yahoo Mail app before so I know what I'm looking for, but usually my approach is:
- Poke at what I want to hack
- Go to burp, see what requests were just sent
- Look for one which has the data my poke had, ignore anything that looks like a tracker/advert
- Use that to filter down my Burp scope
@@InsiderPhD Ok Got it, Thanks :)
@@InsiderPhD Ok Got it, Thanks :)
Katie = Insta Thumbs Up
🙌
You are using burp on windows or any other os
I primarily use OSX to bug hunt so I mainly use the Mac version of Burp