This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful
What a great detailed video.. really loved it! next time i will just forward this video link, whenever anyone asks me about open redirects. You got me subbed and i will wait for more contents from you :)
I wish, but he's too good. I'm not even close to his knowledge/experience level and he's a person I look up to. For now, yes, I'll be focusing on Web, others later.
YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.
With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?
I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....
MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~
How can someone use an open redirect to take over an account? - password tokens are not listed anywhere. how can the hacker find the token? - even if the token is found, there is a HIGH chance it is expired. - even if the token is found, the token is deleted right after the password reset. Also if the hacker has the token, why not directly resetting the password himself?
If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site. (I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting It shows the URL it is redirecting to and with a Fat Warning text
In the given example, the token leak could have been easily prevented by sending the token in the body or header, not as a part of the URL. But yeah, I was wrong, method has nothing to do with it. It's about having the token in the URL.
Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?
From `Referer` header, which contains the address of the previous web page and in the url, there's the token. Only exploitable if the token is not expired or reusable or not used.
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
These are awesome, dude! Happy you see you starting up a show!
Thanks homie :)
fghj
dude Charlie Puth watched your videos
Awesome @John Hammond is here
Sir 🔥✋
This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful
I always wait for that cool ending ♥
What a great detailed video.. really loved it!
next time i will just forward this video link, whenever anyone asks me about open redirects.
You got me subbed and i will wait for more contents from you :)
I hope for the day where I come back to this video and flawlessly understand everything you said
slowly undersanding
How's it going
any updates?
Awesome man! After a long time, I found an awesome video. Please continue to upload such content.
Amazing video dude !! Keep it up. And thanks for the awesome challenge :)
The honour is mine.
the next liveoverflow ? focus on web exploitation topic should be good i think, keep it up buddy!
I wish, but he's too good. I'm not even close to his knowledge/experience level and he's a person I look up to.
For now, yes, I'll be focusing on Web, others later.
fghj
This is explained so simple. And i feel like i still saw a video on Chinese.
fghj
underrated comment
Well, the auto subtitles do say Korean
Subbed Bro keep up the great work and very good quality
One of the best video i seen Open Redirection . Thanks for doing this kinds of videos it will be very usefull for beginers
Very clear explanation with simple graphics. Thanks!
Just found you and I love all these videos. You got some pretty nice digital handwriting and drawing. That flask logo. 👍
I love the drawings lmaoo, good video :0
The best quality programing content ever
Ever
Can I call your Mom, Mom? cause You sounded like, you are my big brother, n you explained everything to me so sweetly
wtf
@@arunraman6630 right like what?
Sir please more videos on different vulnerabilitys
Great video
Very good explanation! Thank you.
Amzing bro keep going u got my sub😍😍
Wow, this channel is underrated !
I like how chill he is
Amazing channel. Don't stop making videos like this
Very clear and good amazing video.I want to learn more such things from you.
You've got my sub man! Keep up the good work!
Very informative, and deep for understanding video! I have blow in my thinking about this..) Thanks! Good luck!
Why this channel is so amazing 😌
Your awesome...and your video to good..bro
Your contents are valuable for self-learners
I love the music at beginning
Great content here is your sub
I didn't find video like this. Keep it up
Ok, this was awesome! Nice Tut
Great vedio... explained everything so simply 😍 Keep on going... you earned my respect 😀
And thus, a legend was born
Please your videos going, they are amazing
Well Explained, Tq. And BGM , loved it.
keeeeeep going maaaaan .. u are perfect
Very good explanation, you are awesome.
Thaaaaanks
YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.
PwnFunction: What could possibly go wrong?
Me: Everything.
With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?
Even if it is displayed I don't see why you couldn't just use a custom domain name that includes the name of the website you're exploiting.
I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....
nice explanation, got subs from us :)
Love your vids👍
I discover ur channel now, cool man!
MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~
Thank you for making great content!
Love your videos! Thanks!!
nice work!!!
you explain this so clearly and so well. good work!
Ur rocking dude
Love u 😘
Just got my equipments to start hunting thanks alot
Well explained! ❤️
Cooooooooool channel. but plz place those browser window green, yellow and red buttons on the left :)
see 2:20, I'm just following what I have XD
@@PwnFunction damn you're right! right... got it??? ahhahahahaha
@@PwnFunction i'll pay more attention next time XD
quality content ....... awesome
A really good one! Thank you!
Absolutely brilliant
Awesome..
Awesome content
How can someone use an open redirect to take over an account?
- password tokens are not listed anywhere. how can the hacker find the token?
- even if the token is found, there is a HIGH chance it is expired.
- even if the token is found, the token is deleted right after the password reset.
Also if the hacker has the token, why not directly resetting the password himself?
Also, I've just discovered this channel, and it's a gem!
This is really informative
Awesome videos.
awesome content bro
If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site.
(I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting
It shows the URL it is redirecting to and with a Fat Warning text
( this is for user generated content, for internal redirects I use backend anyways without NEXT or so parameter )
That’s one way to fix it, yeah. Might be a little annoying for the user, but it does work.
fantastic videos wow
Awesome video!
Also, it's better to send tokens via POST method rather than GET. That could solve the issue, but still very well demonstrated. 👍
Why do you claim so?
In the given example, the token leak could have been easily prevented by sending the token in the body or header, not as a part of the URL. But yeah, I was wrong, method has nothing to do with it. It's about having the token in the URL.
Good content and explanation!:)
Awesome
Can you change the auto-generated subtitles for this video from Korean to English?
Oh boy. I'm totally guilty of this one.
btw I like your drawing XD
I was just watching through your video again, but needed subtitles... "Korean (auto generated)"?! That confused me for a second! :)
UA-cam works in mysterious ways.
i like the way how you said INTERNET EXPLORER whahahaha
Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?
Great content
You are awesome...
Good video! the flickering when some (wrong) drawing is removed is really annoying though.
I try to simulate the code in the end of the video and trigger XSS, but i can not trigger XSS. Could anyone help me ?
what do you use to create these videos ?
please answer to me, what is the name of this app?
God , i didn't understand anything. but i will😎
Someone knows which theme the editor use in vscode?
What program did you use for the drawings?
Adobe Animate.
@@PwnFunction ❤️
Can you please tell me the name of your terminal fonts?
It's awesome
So beautiful
1:00 Luckily PHP removes all the newlines in the header() argument or else it could be much more interesting :D
Great vedio! But where can I find the english caption?
Just found like 10 open redirects on a site and it's other domains. will try to escalate those 😉
How we can get token as it is seCret token ?
From `Referer` header, which contains the address of the previous web page and in the url, there's the token. Only exploitable if the token is not expired or reusable or not used.
How an attacker change url parameters on a website into desired url
Is your intro a wireshark packet? XP
So, I guess it's important to resolve the URL before checking against it.
Bro put videos regularly
make more vids about web hacking... nice job
idk anything of those topics. i like your video style tho.
AMAZING FUCKING VIDEO !!!!
Foma Kinyaev
Please put the english subtitles
1337 reference