Easy IDOR hunting with Autorize? (GIVEAWAY)
Вставка
- Опубліковано 15 чер 2024
- I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner.
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment on this video with an answer to: What bug or type of hacking do you want to know more about? And the text: #bountypls
1x Lifetime Membership to www.bugbountyhunter.com/
5x 1 month memberships PentesterLab Pro
5x 2 months Try Hack Me Premium
10x InsiderPhD Swag Pack
Great video, Katie! Loved it as always.
My favourite bug bounty tools are burp suite, all tomnomnom's tools, amass and the ones I developed on my own! (LazyFuzzZ, Wordlist Weaver, Fu-JS) #bbhammer
Awesome video, as always!
Favourite tool - Burp Suite - even if the only features it had were the proxy history and Repeater, it'd still be amazing.
##bbhammer
Thanks Kate! I want to know more about SSRF and businesss logic.#bountypls And my favourite bug bounty tool is absolutely BurpSuite!!! #bbhammer
Thanks for doing so much for the community ❤️
It'll be great to have more videos about DOM based vulnerabilities #bountypls
Thanks for the video! The tool that I use the most is fuff, cause of it's speed and simplicity. Burp is another indispensable tool as well! #bbhammer
amazing, this could be probably one of the biggest information that i have ever been given
Great video Katie, my favourite tool is Amass & Wireshark; would love to see more videos on Business logic flaws & XXE flaws.
#bountypls
Wowww Thanks katie 🔥🔥🔥🔥it really encourages people more thanks for video
nice video i've watched quite a few of em. clear well rehearsed script.. this video actually tries to show us something. well rounded video.
i wish more of your videos showed us how to actually do this stuff like this video. you do great on the speaking side of teaching tho, need more hands on tho.
Thanks for all your videos Katie!❤ I got my first bug from your IDOR video. My favorite tool is burp! #bbhammer
Bounty ???
I want more videos explaining bugs with dem websites not just presentations. Thank You, Katie. #bountypls #bbhammer
Thanks for this great knowledge. I am currently learning IDOR and I've been able to use autorize and I got "enforced" in some areas. What next am I to do next. How do I exploit this for bug bounty?
Thanks for doing amazing video katie. My fav bug bounty tool is burp ofcourse. I'm looking forward more automation videos like this..#bbhammer
Really nice tip on how to use tool effectively !!
Started learning following your recon videos. My go to tool for now is Burpsuite community edition. #bbhammer
Started following you Katie and I am blown by the content u and
other fellow u tubers are providing by the way my favourite BB tools are - Burp Pro,Rustscan,amass and nuclei
#Bbhammer
Thanks for the video, have been using this tool for a while now. This is my favourite tool: Autorize allows to check most of the access Logic tests. #bbhammer
You are really a great teacher.
I am following your videos and learning a lot. Thank you so much!
*Burp* is my favorite tool
#bbhammer
Thank you for your great Videos! My favorite Bug bount tool is burp for sure! So much functionality in one tool! #bbhammer
Thanks for all your videos Katie , My favorite tool is burp #bbhammer .
Hey Katie, as always, awesome video! My favorite bug bounty tool is Burp, for sure! #bbhammer
Thanks so much sharing!
Thanks :) my favourite bug bounty tool are Amass and FFUF #bbhammer
Thank you Katie for this amazing video. My favourite bug bounty tool is Burpsuite. #bbhammer
Thank you very much for the video! My favourite toos is Burp Suite, it is so powerful and you can do so many things. #bbhammer
Please never stop creating content like these😍..It would be helpfull if you would increase your volume as i felt the audio is lower than other youtube videos..My favourite tool is BurpSuite #bbhammer
You are precious for the community! pls go more in depth on chaining vulnerabilities! #bountypls
Thank you for all your videos! My favourite tool is amass and burpsuite. #bbhammer. It'll be good to see more videos on subdomain takeover with an example. #bountypls
Great video as always. I would love to have more videos about XSS & chaining of bugs. #bountypls
Great video as always. Would love to see videos based on chaining of bugs #bountypls
Awesome video as usual. As for the types of bugs/hacking I want to learn about…SSRFs, broken access controls, business logic, and APIs! #bountypls
My favourite bug bounty tool is ffuf combined with burp. I can bypass the speed limit of Intruder during fuzzing using -replay-proxy in ffuf which gives me the benifit of higher fuzzing speeds of ffuf and all the packets are captured in burp proxy too due to -replay-proxy flag set in ffuf.
#bbhammer
You videos are both no bs info and free which is great for broke student like me. Well my favorite tool is Burpsuite #bbhammer
And I think I will give Autorize a try.
Thanks for the video. Information part is starting at 3:49
I would love to see more videos on recon methadology for beginners . #bountypls
You are my favorite bug bounty channel
Thank you Katie. I'd love to know more about Burp. #bountypls
Hey Katie, glad you are back again. Could you please make a detailed video on NOSQL injection attacks. My favourite tool is httpx by projectdiscovery due to it offering so many cool features.
Have a great day. #bountypls #bbhammer
Great video, good resource!!
Thanks Kate ❤️ for this giveaway I'm so inspired by you and Aditi Singh and my favourite tool is FFUF love data exposed ❤️ #bbhammer
Thanks for this video Katie
I'd like to see videos on Anti-CSRF bypass, 2FA/MFA bypass or prediction.
Fav tool is Burpsuite because it has some automation and also manual testing which is good and it's also beginner friendly tool and many more to learn.... Thank you❤
#bbhammer
Burp and ffuf is my favorite tool
Thanks for this one its more than awesome.
By favourite tool is Amass, fuff and in extensions autorepeater & Param Miner this are lit. #bbhammer
My favourite bugbounty tools are FFuF, Dirsearch, and Burpsuite with this extentions such as autorize #bbhammer
... And also obsidian #bbhammer
It'll be good if we get videos on web cache related vulnerabilities also once again thanks for making good contents for the community! #bountypls
Awesome video, I love to use Amass and burp suite!! #bbhammer
Thank you for the video
why you're so late katie. i was waiting for this video for so long
Thanks for making content! My favourite bug bounty tool is burpsuite #bbhammer
Awesome, will definitely use the burp addon. Fav tool #bbhammer #bountypls
Thanks as always Katie. My fav tool is Burp definitely. #bbhammer
my favorite bb tool is Burp, you can just do so much with it! #bbhammer
Mobile application security is what I am practicing for a month now. And videos on that topic will be great to learn from. #bountypls
Mostly there r auth bearer token for APIs which also needs to be add in cookies section?
I like to see more vedios on business logic bugs , like taking a public program and understanding the business logic of the functionalities.#bbhammer #bountypls
thank you so much
thankyou,
My favourite bug bounty tool is Burpsuite. #bbhammer
Thanks for this channel
Fav bug bounty tools - Burp, amass, nuclei, ffuf #bbhammer
I'd like to learn more about SSRFs, and maybe web cache poisoning, sounds cool. #bountypls
Thanks for the videos!!! My favorite tool is burp for sure #bbhammer
Your video is really awesome :)
Always love for Burp Suite tool for damn sure !! #bbhammer
Thanks Katie my favorite tools is burpsuite #bbhammer
katie, i'm new to bug hunter, i'm still practicing about the web security system, i have joined in ingriti but i don't know what i can and can't do when looking for bugs, can you give a little direction and tips on how to work in intigriti please,,
#bbhammer
According to me burpsuite repeater is the best tool for hacking. We can perform any attack with it.
Thanks very much for your videos and my favourite tool is burpsuite #bbhammer
Katie thanks for the video. I would like to learn more about hacking APIs. #bbhammer
Have only used Burp suite till now so I guess that's my favourite tool as of yet #bbhammer
Just found your channel searching for cybersec stuff.
My favorite tool so far is burp.
#bbhammer
Subdomain takeovers would be nice, saw a lot of good reports but never seemed to fully understand them. #bountypls
Burp and Amass is the bread and butter for me. #bbhammer
Thank you for this video. I would love to know more about cloud security esp AWS. #bountypls
@Inderderphd
Have you find idor vulnerability which leads to privilege escalation? Could you please tell me the scenario.
Usually it's permission related - create mutliple accounts with different permission levels, and try and do an admin action as a regular user
my favorite bug bounty tools are amass and burp suite. #bbhammer
My favourite tool is of course burp suite #bbhammer You are great Katie!
Welcome back! I'd love to learn more about SSRF #bountypls
Next video idea suggestion: Burp autorepeater
Thanks a lot for the vid. My favourite tool is ffuf #bbhammer
my favorite tool is burp suite, nmap :)) thanks for great contents
#bbhammer
Thanks Kate ❤ for this giveaway I'm so inspired by you #bountypls #bbhammer
Thanks for sharing. Burpsuite of course i am just the beginner #bbhammer
Well my favorites are FFUF and Dirsearch #bbhammer
Hey, my favourite bb tools are burpsuite, sql map #bbhammer
My favorite is always Burp Suite! #bbhammer
#bbhammer My favorite tool burp. Thanks for your videos!!!
Thanks for the video, my favorite tools are burp & amass #bbhammer
My fav to the moment is chrome dev tools ;) #bbhammer thank you Katie for another awesome video ;) and I desperately need this zseanos bbh membership :)
Thank you for holding my hands and taking me to this level in cyber security, Be healthy and happy😁
#bountypls
My favorite BugBounty tool has to be Burp Suite #bbhammer
Great 👍 topics I like nuclei thank you for your time and efforts
#bbhammer
I'm having an issue with autorize picking up requests that should be out of scope. Anyone else have this issue? This leads to a lot of extra requests to parse through, which really slows me down
Hi
I am following your videos long time.
My favourite tool is Burp-Suite. Thank you. #bbhammer
My go-to was always Burpsuite. #bbhammer
great video
Thank you for the giveaway!!
My favourite tool is burpsuite! because Its so simple and powerfull. #bbhammer
Burpsuite is my fav
My favorite bug bounty tool is nuclei..
#bbhammer
My favorite BugBounty tool is definitely Burp Suite! It's a monster. #bountypls
Vim editor was my favourite bug bounty tool. It automates a lot #bbhammer