Very informative video Katie, you answered a lot of the questions rattling around in my head. I hope you don't mind me saying, you are getting a real pro at these videos now. Congrats!
You're welcome! I think a lot of people get intimidated by seeing JSON/XML and don't really know what to do, so I wanted to make this so people can really get into API hacking with me! Especially with future videos covering APIs!
InsiderPhD totally!! I know with me, API’s are really intimidating and it’s definitely a weak point in my websec knowledge! So these videos are a great help
@@InsiderPhD Hey, I have a question. So what if I can change the content type to application/xml, and it accepts it, but when I try a blind xxe to get a url, the request originates from my ip address. I got it to send a request, but instead of server side, it's from my ip address. Does that mean it's not vulnerable? I've tried other payloads but they don't work.
By Learning From You , You Will See One Day i Will Tag You in a Tweet , thank you very much i am learning alot about API hacking From your videos and Corey J Ball's Book , Lot Of Love and Respect , God Bless You
I did a poll and some of the discussions resolved around feeling intimidated by APIs and JSON, I wanted to get a video out there just in case esp as I’m doing a ton of videos on API hacking!
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
There is always one question on my mind iwhat is the difference between API endpoint and directory same ? : dumb qustn i guess, I cannot think of differences :(
No stupid questions here! An endpoint is like a URL that does something so UA-cam.com/watch?v=whatever resolves into a video but UA-cam.com/watch doesn’t do anything so that’s not an endpoint A directory actually stores stuff, so think the files for the videos UA-cam, but you usually need a direct link unless you can see into the folder. Hope that helps!
You see it a lot in mobile apps, but keep an eye out for app that automatically refresh like yahoo mail or apps with a lot of client activity, APIs are great places to find JSON
We need a video on XXE! Excellent explanation ma'am!
Very informative video Katie, you answered a lot of the questions rattling around in my head. I hope you don't mind me saying, you are getting a real pro at these videos now. Congrats!
😊😊😊😊😊😊 thank you I’m really trying to improve everything I can
Hey Katie! Thanks for this video! This is not a very popular topic so I really appreciate it!!!!
You're welcome! I think a lot of people get intimidated by seeing JSON/XML and don't really know what to do, so I wanted to make this so people can really get into API hacking with me! Especially with future videos covering APIs!
InsiderPhD totally!! I know with me, API’s are really intimidating and it’s definitely a weak point in my websec knowledge! So these videos are a great help
Love your videos .... please do NOT stop..... ❤🎉🎉🎉🎉🎉🎉🎉🎉
you are definitely right, if there is lods of json , i mostly thing its system things and just ignore it
JSON... just what I needed
Another great video! Yes - please create an XXE video :)
Thanks a lot, this was really helpful!
those are really helpful for the newcomers...thanks for this
Crocodile Brackets !! haha subscribed
Voting for XXE video.
Your vote has been noted!
@@InsiderPhD Hey, I have a question. So what if I can change the content type to application/xml, and it accepts it, but when I try a blind xxe to get a url, the request originates from my ip address. I got it to send a request, but instead of server side, it's from my ip address. Does that mean it's not vulnerable? I've tried other payloads but they don't work.
Thanks for sharing. That's really some cool information in the video.:)
11:22 It is a graphql response with Json data ....
By Learning From You , You Will See One Day i Will Tag You in a Tweet , thank you very much i am learning alot about API hacking From your videos and Corey J Ball's Book , Lot Of Love and Respect , God Bless You
is JSON really intimidating ? I love to see JSON responses
I did a poll and some of the discussions resolved around feeling intimidated by APIs and JSON, I wanted to get a video out there just in case esp as I’m doing a ton of videos on API hacking!
Yes make video on XXE
Note: GDPR applies to all programs that have European Users..
Nice Video , Thanks
Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!
I’m not familiar with it! The only platform I do have experience with is Pentesterlab and I do recommend that one with a *. I’ll ask around and see!
@@InsiderPhD on the 20th of this month, they'll be having s seminar about their new Cyber Security course, I'll stay tuned. Thanks for your help.
Thanks 😊
No problem 😊
Is that JSON from your university API from pervious videos?
Yup! I worked hard on that damn thing so I’m going to expand it! It has a few new vulns for a blind XSS now :D!
Send me a @ on twitter for your prize :)
@@InsiderPhD it's @yaboi_kryp2o
❤️
😍😍😍
There is always one question on my mind iwhat is the difference between API endpoint and directory same ? : dumb qustn i guess, I cannot think of differences :(
No stupid questions here!
An endpoint is like a URL that does something so UA-cam.com/watch?v=whatever resolves into a video but UA-cam.com/watch doesn’t do anything so that’s not an endpoint
A directory actually stores stuff, so think the files for the videos UA-cam, but you usually need a direct link unless you can see into the folder.
Hope that helps!
@@InsiderPhD Haha thank you !! this cleared me !! your video motivates me to learn more and more :!!
Do you need to go to college to do bug bounty
No, but I think university is useful for other reasons, to meet people, be exposed to lots of different careers and to broaden your horizons!
InsiderPhD thank you I’m doing a course & I was worried if I need to go to school too & I wasted my time
3 rd!!
You'll get first soon ;)
Nice voice
How to see json data in real world application
You see it a lot in mobile apps, but keep an eye out for app that automatically refresh like yahoo mail or apps with a lot of client activity, APIs are great places to find JSON
Hello Mam,
I have seen your videos but I don't have laptop how can I find through mobile phone.
Can you please help me.
Thanks😄