My Hacking Setup and How to Use It (Firefox/Burp Community)
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- This is probably one of the most common question I get asked about Bug Bounty, right next to "do you take mentors" and "how to find a bug". There are a ton of 3rd party awesome community tools that can take your pen testing and hacking to the next level, but it's important to not rush to try out new tools when you're still learning the basics. With that in mind I take you around the basic toolkit I use and show you some of the fundamental tools that help me get bounties!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they’ll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your level, there’s a place for you in the crowd. You can sign up with my link here: bugcrowd.com/user/sign_up.
- Social Media -
Discord: insiderphd.dev/discord
Patreon: / insiderphd
Twitter: / insiderphd
- Timestamps -
0:00 Introduction
4:13 Firefox Extensions
7:14 Setting up Firefox
12:23 Burp Guide
22:51 Using Burp for fuzzing
27:54 Outro
No matter how often I review the fundamentals, I always discover something new. Your videos are fantastic, and I eagerly anticipate learning more from next week's video.
Wow, thanks! That means a lot 🥹
Thank you very much - it is very kind of you to take the time to share this, it’s very calm and backed up with experience!
I've been studying the art of Ethical Hacking for several years now. I think one problem I have is that I jump around a lot. Watching this video, it occurred to me that settling in on one thing and try to master it should be my next step. I'm familiar with quite a number of tools but I think I'm going to focus in on Burp Suite and stay at it and hopefully take my understanding to the next level.
You are definitely not alone keep an eye out for a video in the next few weeks I’m putting together more of a “study plan” for bug bounty
Also I love your username how many people have accused you of hacking with a name like that ;)
@@InsiderPhD looking forward to it already
You have been studying hacking for several years and never found bug before?
@@mathavonravi686 I've been involved more in the penetration testing side of things.
Short, crisp and to the point. Doing what @InsiderPHD does best. Namastey, from Nepal!
Owah, that took such a long time for this video to come. Praying for your well being, so we can get such wonderful education non-stop. Take care ma'am.
Keep updating 😊😊😊❤ Love from India ❤️
Will do, thank you so much !
Thank you so much
Thanks Kathy, great video as usual. Quick question, why don't you use embedded browser which is more convenient, and no FoxyProxy required?
A few reasons, but mainly is it gives me flexibility to use other tools like OWASP ZAP, also sometimes the updater breaks and it crashes but that might be my installation. When I teach my irl students I do get them to use the built in browser though because it is super conviennent and avoids the steps of setting up certificates. Honestly though you do you, however you want to setup your stuff
12:50 I would love to see your video on Frida, how to bypass SSL Pinning and other stuff
Nice! A new one! ❤🥰🤝🔥
Welcome Back after a break 😇. Hope you are all beter now
Thank you! It was a little unexpected being in hospital for a few days but I am back in action 🙌
@@InsiderPhD more power to you
Thanks very much ❤
Hello thanks for the video. Do we need to download burpsuite in a virtual machine or just on the regular windows or Mac machine
I just use a regular windows or Mac, I don't see the advantage of Kali for example.
I have a super random question, what's that yellow dot on top right of your screen? Is that an indiciation that your screen is recording or something?
Yup it’s a Mac thing and a good reminder to myself, I keep telling myself I should edit it out or something but never do
finally the video is here...thanks mam..hope i earn my bounty soon
Good luck!
do I need any specific OS here or just windows10 is enough? thanks!
HEY YOU IAM FROM INDIA YOU ARE HELPING A LOT TO CYBERSECURITY STUDENTS PLEASE COME BACK WITH BOUNTY HUNTING TUTORIAL IN SIMPLE WAY WE WANT OLD YOU LOVE FROM INDIA 😇😇😇
Thank you so much plz i have qst i finish HTML im in javaScriot should i keep learn your course without language or it's ok ?
this my roadmap ( HTML - JS - PHP - MySQL) Make small website with username and password input to understand how things work ? what u think and thank you
Keep on HTML and JS honestly though if you know hacking is your end goal trying out Burp on a real website and working out how the browser is turning your actions into visuals as soon as you feel confident is key, but I am putting together a “study guide” of sorts with a roadmap, Im not sure when it’ll be ready for release
One thing I may have missed, should i be using a VM to do this or can I use my own host OS
Host OS is just fine I never use a VM :)
Hi, which OS would you recommend? @@InsiderPhD
I've seen a lot of bug hunters working with Firefox instead of Chrome, are there any specific reasons or is it just a coincidence and matter of personal choice? Thank you.
While my main web browser is Safari because I am an OSX/iOS ecosystem gal, I use chrome for when websites don’t like Safari so using Firefox, one puts me in hacking mode giving me a “space” and 2 only has hacking on it so I’m not capturing traffic I don’t care about, plus seeing my longer time hacking targets makes me feel motivated to just spend a few mins passively hunting and seeing if I see any new features to get an easy win on
@@InsiderPhD Thanks for the clarification. Hopefully I can get my first bounty on h1 and bugcrowd soon and officially call myself a big hunter. Hehe
is this series gona teach about sql injections , xss and all??
Yup! It’s going to be a looping series we’ll cover SQL injections in the later part of the series when we talk about improving consistency and impact of your bugs
How far can you go without having to buy the pro version?
I tested it out and I received $2k of bounties without pro, I struggled with an SSRF though and caved because the results from interactsh weren't clear, the SSRF was actually a really neat bug that I'll have to tell the story of one day!
@@InsiderPhD Thank you
maam in 1password there is no option of hacking only private and shared is there what to do
You just need to make it as a new vault in 1password!
finally ❤
Why are you not there in the video like the first two ones
when's the next video coming? are you doing ok with your health? Stay safe and healthy for your student's sake, please.
I can't find the chatgpt extension in this tutorial
Gotcha github.com/aress31/burpgpt
Bang
Are you related to Dr. A. Fear...,( historian.)?
Am not I'm afraid!
I honestly request you to make two tutorials a week or make the tutorial to 1+ hour>...
Hi InsiderPHD, uhm....why are all your tutorials free? Like we have to pay for content like this so why is yours free?🥺😭
Bugcrowd’s support :) so make sure you sign up and tell them how awesome it is 😂
@@InsiderPhD bet! not sure if i have a bugcrowd account but this NOOB is signing up.💌
Thank you so much