amazing, this could be probably one of the biggest information that i have ever been given ...we need such playlist more and more in upcoming days.i hope i made you understand the things that i wanted to make you understand..the way how you explain is an amazing. again we need such playlist more and more in upcoming days..
Sorry if I could not understood, but so actually when while you using Autorize in Burp and you see that: "(1) Original Request (2) Original Response and (3) Unauthorized Request", those three are equals, you could found an IDOR? Thanks if someone solve my doubt. Awesome video!
IDOR has a few criteria 😊 first of all ofcourse we need an ID somewhere in the request. Second of all IDORs only work on resources you are not supposed to be able to see
Why did you remove the "scope items only" and add it again, I mean the one which is added by default, is it different than the filter you added afterwards?
Couldn't the `/rest/user/authentication-details/` endpoint (at the end of the video) be a false positive because you are signed in as admin and hence getting "Bypassed!" as the original request (Authenticated request) is by the admin?
Great video🤩 but am facing this below issue. I fed Autorize with the cookies of a low privileged user, switched Autorize on and started browsing as an admin just as shown in this video. But Autorize doesn't capture or replay any of the admin requests. Could you please help ?
@@TheXSSrat thanks for the prompt response 😍 i too tried with the same owasp juice shop app so I copied the same cookies and Authorization headers just like you did, still faced the issue. Thanks in advance 🙌🏻
Hey man, what's up? Nice vid again 🔥😁 Unfortunately Burp Pro is out of my budget atm. Do you know of any alternatives to Authorize? I've just read a bit about mitmproxy. Sounds nice to me because you can script arbitrary stuff in Python 😍😜 Have to install and try ZAP as well.
@@TheXSSrat Wow ok, sorry but I must recommend it to you right now lol. Because it just has striked me hard listening to it again after such a long time: ua-cam.com/play/OLAK5uy_kL37tCTrxU8zdYN36W9oBACNQ4rkW09_E.html Sorry if I'm recommending something which might be obvious for you, as said, metal is a genre which I really haven't touched much. But THIS is really good music 👍 Must be a classic of the genre for sure. Make sure to check out the video, too, super funny 😁 ua-cam.com/video/aOnKCcjP8Qs/v-deo.html
I've been using Autorize for a while and in many cases it shows bypass and it is always false positives. And when site is protected - it is really enforced to use someone else's cookies. Using Auth bearer and Cookie from another user in many cases just duplicates actions on both users accounts. App must be really not thought well for this to work - like in juice-shop.
First of all, I agree that for some projects authorize is impossible but I don’t really agree with the fact that it’s useless. I’ve used authorize for many projects including a tough one. I will admit you need to set it up just right and that might take a lot of fiddling but it’s 100% better than nothing 😊 maybe I can help you? Feel free to join our discord
This was the best, dude. Loved it. Gonna try it tonight🔥
Thank you so much man 😍🔥
amazing, this could be probably one of the biggest information that i have ever been given ...we need such playlist more and more in upcoming days.i hope i made you understand the things that i wanted to make you understand..the way how you explain is an amazing. again we need such playlist more and more in upcoming days..
Thank you for your clear explanation! from configuring to explaining output! keep up the good work!
Love the reboot! The bookmarks are a great touch, I am looking forward to your next video!! Thank you
Thank you bro 😍😊🔥 and thank you mikro for the bookmarks 😍🔥
Thank you bro. I really needed this one, been in love with IDOR lately
Thank you bro 😊🔥 recently found a way to chain IDORs
i was waiting for this one to come thanks bro
Thank you so much bro 😊 i dident even want to release this one since I already did so much on authorize
Uncle Rat is Amazing and Insane !! He Stared Bugbounty in January 2020 and He's now Intigriti's Top 40. It's Insane !!! Always
Respect bro 😍😍😍 you’ve been here for so long
thank you so much !!! . great video
Thank you friend!!
Thank you RAT . you are the only RAT which I like 😍
This rat will mess up your hard drive before you know it :3
Sorry if I could not understood, but so actually when while you using Autorize in Burp and you see that: "(1) Original Request (2) Original Response and (3) Unauthorized Request", those three are equals, you could found an IDOR? Thanks if someone solve my doubt.
Awesome video!
thank you amazing hacker
this is what i need, i love you 🤑🔥
Lit asf 🔥🔥🔥🔥🔥🔥
Thank you amazing hacker ☺️☺️😍
How to find exact idor, some cases is flase positive in Authorize. Any tips.
IDOR has a few criteria 😊 first of all ofcourse we need an ID somewhere in the request. Second of all IDORs only work on resources you are not supposed to be able to see
Why did you remove the "scope items only" and add it again, I mean the one which is added by default, is it different than the filter you added afterwards?
So I could add it again haha 😅 was testing stuff before I recorded and I accidentally left it in there
@@TheXSSrat haha okay
Couldn't the `/rest/user/authentication-details/` endpoint (at the end of the video) be a false positive because you are signed in as admin and hence getting "Bypassed!" as the original request (Authenticated request) is by the admin?
dudeeeeeeeeee you're goooooooood
You are awesome.
Thank you so much amazing hacker 😍🔥
Great video🤩 but am facing this below issue.
I fed Autorize with the cookies of a low privileged user, switched Autorize on and started browsing as an admin just as shown in this video. But Autorize doesn't capture or replay any of the admin requests. Could you please help ?
Put in ONLY the headers for authorization like cookies and not all of them 🤗 sometimes a header can duck up authorize
@@TheXSSrat thanks for the prompt response 😍 i too tried with the same owasp juice shop app so I copied the same cookies and Authorization headers just like you did, still faced the issue. Thanks in advance 🙌🏻
Really thanks very useful and amazing video
I'm very late ;)
Haha x)
Awesome. Ths a lot.
My pleasure friend 😍❤️
What is name of burp suite extension
Authorize
Hey man, what's up? Nice vid again 🔥😁
Unfortunately Burp Pro is out of my budget atm. Do you know of any alternatives to Authorize?
I've just read a bit about mitmproxy. Sounds nice to me because you can script arbitrary stuff in Python 😍😜 Have to install and try ZAP as well.
Thankfully that cleared itself out in the chat today 😍
@@TheXSSrat Yes, clarified very nicely 🙂 I think I'll be back soon in the chat, because I might have to recommend to you another metal album 😁
@@TheXSSrat Wow ok, sorry but I must recommend it to you right now lol. Because it just has striked me hard listening to it again after such a long time:
ua-cam.com/play/OLAK5uy_kL37tCTrxU8zdYN36W9oBACNQ4rkW09_E.html
Sorry if I'm recommending something which might be obvious for you, as said, metal is a genre which I really haven't touched much. But THIS is really good music 👍 Must be a classic of the genre for sure.
Make sure to check out the video, too, super funny 😁
ua-cam.com/video/aOnKCcjP8Qs/v-deo.html
good
2k sub will happen soon :)
Omg yes 😍😍😍😍🔥 thank you for noticing
I've been using Autorize for a while and in many cases it shows bypass and it is always false positives. And when site is protected - it is really enforced to use someone else's cookies. Using Auth bearer and Cookie from another user in many cases just duplicates actions on both users accounts. App must be really not thought well for this to work - like in juice-shop.
First of all, I agree that for some projects authorize is impossible but I don’t really agree with the fact that it’s useless. I’ve used authorize for many projects including a tough one. I will admit you need to set it up just right and that might take a lot of fiddling but it’s 100% better than nothing 😊 maybe I can help you? Feel free to join our discord
Coop
Soon bro 😍🔥 join discord