Відео

Thank you very much, I have only one question, in real case scenario most websites do not allow changing the request for GET to POST, However we need this to send the attack request which is the POST and the normal request which is the GET, so how we can do this if the websites prevent the request method changing? can we do the attack using two POST requests (attack & normal)?

Thanks man again !!

Thanks man for sharing with us !!!

By far the best channel I've seen for these lab walkthroughs.

thank you

This is nice and well explained video. But i have a question aboit cors here. If you have any social media i could chat yoy up

Bro, thank you very match to your content !!

why are we able to do a get request with a body on the smuggled request? when i tried to do a normal request with a body it gets a 403 forbidden error

Hey, when I send all the A's I get "request path too long" any help? I did everything exactly as shown in the video multiple times

I had a different and better solution but because of exploit server, it didnt work.

Thank youuu!! Very good explanation!

thanks

thnaks

I don't understand unkeyed vs keyed can you help explain?

Can someone confirm if this lab is still solvable? I am trying to complete it I cannot. The scripts from the browser work. From the exploit server, this does not seem to be the case.

my first video when i entered HTTP Request Smuggling

Thank you so much It's still works in 2024!

hey mahn please help me here,i have been trying to do this lab and following your steps without any diviation but i still cant solve the lab, what could be the issue???????

Great explanation and walkthrough. I solved this without BURP collaborator but came looking for more info afterwards as I felt more like I'd winged it, the explanation for that particular lab felt very vague. If I hadn't already wrestled with that exploit server in other labs I think I'd have quit on this one!

Perfect explanation!!!!

It won't work !?

Simple and clear

if only you did videos for race conditions like you did for web cache poisoning and request smuggling!!! that's the best videos on the subject out there with a clear step by step methodology!!!

i think they fixed the %2f payload

Why does changing the host but having the right data after / change an onsite redirect to a offsite redirect when we can't chose any value for after /?

at 7:00 it's trippy that we can send data in the body of the get request because if we try to do the same thing as a normal request it's denied

Hi @jarno Timmermans I want to express my appreciation for your engaging and insightful teaching style. Your approach makes complex concepts easy to understand. If possible, We would love to see you cover more of the major web vulnerabilities. It has been a while since we last heard from you, and we look forward to your future contributions.

Another Good demo buddy but the scripts works good in browser and proxy but not in my exploit server..

Hey mate, I done this lab but in a diff way that U donde. I have a quick question bc im doing something wrong but why did you use 2 wrong paths to poison the queu?

Thaaaanks! Just subscribed

Thanks for the videos! questions:How does creating a function with alert() get the functionality it has? also how do I get devtools to be in scope with angularjs(using chrome)?

Thanks buddy.. its realy very useful.. and can i know where it you get from that detect and check things.. i need like this for all technques..

When you paste the code it will have an extra odds spaces which cause error

🔥🔥🔥🔥🔥🔥

I found desync on a site that uses http 1.1 and it redirects to https 2.0 site , can this be exploited, is it a bug ?

Thank again

La mejor explicacion de todo youtube, no queda otra que suscribirse a estos tutoriales tan increibles de burpsuite

when i try to solve the lab, i didn't add Connection: Keep-Alive header and add group 2 req but i still solve this like the previous lab (TE-CL)

how can you make a graph for this attack, could you tell me which website or app did you use?

so helpful thank you

Thank You🙂

Awesome explanations. I'm a bit dissappointed that portswigger does not make such good explanations and also there missing some stuff that you are explaining. Are your slides somewhere available for example as cheat sheet? This would be really helpfull.

Do you have a hotkey to send request within repeater?

What a professional explanation!

Thanks Jarno ! For some mysterious reasons, the only part I am having a problem with is getting that static file appended to my smuggle request. I tried sending multiple SMG req around the 27sec mark, but I never succeeded in poisoning the cache keys. Not sure what Im doing wrong here 🥲 Edit: I identified what I was doing wrong. The TE header and the Content Type headers were both missing from my smuggled request. I am a dofus. 🤡 Also, make sure to allow redirections.

i have a question. how do you trigger the alert(1) for a single user using the cache buster. so that when you open the web page you see alert(1) for just your session. because i tried poisoning the homepage and the callback geolocate at once through send "request in parallel". and i used thesame cache buster(origin header) for both homepage and the geolocate. and it didn't work. for a real pentest/bug hunting scenario poisoning the cache for everyone would be considered unethical. i hope you understand my question. because for your videos on other labs you were able to trigger the alert with your cache buster and confirming the attack for just your session, before poisoning the cache for everyone . so in this case how do we trigger the alert for our session without poisoning the cache for everyone that visits the homepage.

Hey @netletic , Why we used post 404 and not get 404. if we do get 404 then it will work only if we pass CL to it in smuggled request.

love your videos. I have question why view exploit does not pop up alert on exploit server? I know it is not text/html content-type. But how can I pop-up alert?

Jarno, you really have a knack for breaking down complicated steps into something easier to digest. The effort you put in shows, and the quality is top-notch! Most content creators out there solely click around or paraphrase the solution out loud without much explanation, but you stand out by breaking everything down piece by piece. Your understanding of the topic really shines through. I hope you will continue adding content, you save me hours of headache !

Why do we need the sequence after the smuggled request for it to work this time? In the CL.0 labs it wasn't necessary