Это видео недоступно.
Сожалеем об этом.
HACKING OAuth 2.0 FOR BEGINNERS!
HTML-код
- Опубликовано: 8 авг 2020
- I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.
SIGN UP ON Intigriti:
go.intigriti.com/farah
BUY ME A COFFEE:
www.buymeacoffee.com/farahhawa
TIME STAMPS:
00:00:45 - What is OAuth 2.0?
00:01:05 - Uses of OAuth 2.0
00:01:30 - Entities in OAuth 2.0
00:02:09 - Types of Flows of OAuth 2.0
00:02:30 - Authorization Code Grant Flow
00:04:11 - Implicit Grant Flow
00:05:11 - Practical Exploitation
00:05:36 - Reusing Access Tokens
00:07:05 - redirect_uri Not Validated
00:08:52 - CSRF
SOCIAL MEDIA:
Follow me on Twitter: / farah_hawaa
Follow me on Instagram: / farah_hawaa
Connect with me on LinkedIn: / farah-hawa-a012b8162
OAuth 2.0 LAB:
github.com/koenbuyens/Vulnera...
OAuth 2.0 RESOURCES:
www.digitalocean.com/communit...
tools.ietf.org/html/rfc6749
auth0.com/docs/api-auth/which...
alexbilbie.com/guide-to-oauth...
• LevelUp 0x02 - Hacking...
Video editor: www.fiverr.com/pixelstudios1
amazing, this could be probably one of the biggest information that i have ever been given..the way how you explain is an amazing..we need such playlist more and more in upcoming days
Farah you are doing great! Very informative video. You taught so many things in just 10minutes.
You are good with knowledge and theoretical stuff, your videos gets me into reals basics of topics
Aweeome . Just awesome . For noobs like me who are just starting in bug bounty . This is the place where we can learn basics in depth. Thanks .
Please keep posting more such practical videos .
Your videos are amazing. Simply to understand and very explicative.
Beautifully explained hope to get more knowledge from you girl.More power to you
Great work Farah !!!
once again simple and good explanation.
Have been having issues comprehending Oauth, this video is a problem solver thanks farah ❤️
You’re welcome 😊
I learned something today.💯
Thanks.
Very good video, presentation is understanding quiet easily.
Yaw Farah This Is Just Awesome, Brief And Useful That's Why I Love What You Are Doing, Keep It Up And Stay Safe .
Great job. Thanks man. Now I am clear.
Awesome.. loved the way you teach the concepts and the labs!! Keep it up!
People were getting jealous of Bugcrowd sponsoring ...now Intigriti has sponsored ...and soon Hackerone will ...to hell with them 😂😂...keep up the good work 👍🔥
No one jealous. all are belong in hacker world.
@@graycybermonk3068 HAHA STOP KIDDING BUDDY
thank you so much dear for such a wonderful explanation
Shez doing a great job on youtube cuz to get sponsors within just
Thanks for the tutorials
Really a good video!
Excellent work :)
Awesome work :D
Spot on!!. Simply amazing. Thanks for sharing :)
awesome video, keep it up. you earned a sub !
Thanks for the sub!
Nice work thanks for this video
nice explanation. Thank you
Nice video, thanks you so much
Hi Farah can you please tell the impact of the csrf one and reuse of token and also there severity category?
Btw nice video
Thank you for this video! Is it possible for you to do a tutorial on how to create a live web server similar to the one you showed in this video that captures vulnerabilities like the OAuth access token?
Very much appreciated
Excellent, and very good command over Knowledge
Much Appreicated . :)
Awesome ...!!
Hi Farah, Do you take session on the bypass techniques for Saml, Oauth ,oidc..I am very much interested.
Great Teaching Style. Loved Your Contents.🤗
Thank you Farah. Very useful explanation and amazing demos. Keep up the great work.
How old are you? Don't think you are out of school yet. But, amazing grasp of the subject. Kudos!!
Bhai yeh kittiiiee Awesome hai.. 😍😘
😘❤️❤️🔥🔥
Good for beginner like me 👍 .... Please make an advanced level video also
Wow 10k congrats your channel has grown so fast earlier this year I had like 1 or 2k subs
great explain sister
Great work Farah!
Thank you!
can you make a video on your journey of how you became a hacker
i want to learn to do all of this stuff but really don't know where to start with .please make a video on it.
and if you can refer to any video on youtube .i mean for learning.
Make more videos please I love them and I want to be just like you
Sooper videos
Can you make a video on your cyber security journey ??
...............................................................
Video is good👍👍
So if i want to get details of a user on client side of the application using an ajax call and display those same details to the user then it is an authorisation code grant example right?
awesome explanation as always :)
Make an video on best course for beginners in ethical hacking
Such a nice explanation 👍
are GAJAB lots of love dear stay safe but kabhi video thoda hindi meh bhi bana dena toh aapke susbcribers bhi jada jldi grow karenge hope u got it my point and thanks for this video.
by
@MR CYBERTRON YT
excellent 🤗
Farah this helps me a lot but can u plzz make a vedio on subdomain takeover
ruclips.net/video/67chVkq3g0M/видео.html
Excellent work. Very informative. But please don't use music. 👍
Plzz make a videp about recon
Can you Please upload more about oAuth Vulnerability
In websites with more detail.
Great job+great content
I really appreciate her work❤
her* Thank you!
@@FarahHawa noted👍
Isn't OAuth is for authorization part only? the 'Sign in with' buttons use OpenID Connect protocol not OAuth. Although nowadays people use these terms interchangeably .
OpenID Connect is a layer that's built on top of OAuth... you can check this here developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
@@FarahHawa Thanks for clarifying
Thanks it's good info for developers as well to improve there application security 🔒🔒🔒 thanks ❤❤❤❤ again.
Love u bro
hello mam. I have encountered that while signing again, the website is sending an OTP to my previous device, not on my number in the new device. I once had an account on that website that was deleted due to inactivity. is it a flaw to be explored?
Hey I learn lot from You !
Can you create how we exploit dom based xss or any dom based issue
Awesome
Hey appreciate your skill & teaching skills.....
I've cleared my 12th, please advise me what should i do to get cyper security
I am getting warning as: Warning: missing space before text for line 14 of jade file "/usr/src/app/views/login.jade"
And not able to authorize the request.
can someone help me with it please :) ?
awesome
Can you help me with resources to study about advanced SQL
Which lab are you using ?
Hi, I am your big follower. I have started new in this bounty. Can you tell what about Automated Scans? Every where I got out of scope this Automated Scans. Please I need some help.
Basically, programs mark automated scans as out-of-scope findings because they create too much noise on the server and result in the discovery of bugs that are known or false positives. It's best to not rely on automated scans for bug bounties.
@@FarahHawa thank for very good reply. Takr my respect. You are like my sister. Really I am appreciate to you and your channel. I started bug bounty. But I am not getting any path how to start. What kind of toolsa I will use? Can you help me little bit. Really I am stuck. Thanks for your reply and respect.
Wow. Such a beauty and skills is just
Where did you find your information? :)
which ubuntu distribution are you using
thx
Great work Farah! So you're from Commerce background how did you come to hacking?
Just wanted to know the specs of your laptop..?? And if you're comfortable,i want to know that..... How you make thumbnails😰😰😰😰😰its looks damn! Cool! :'??
8gb ram, i5 processor. I do have another laptop with better specs but this one does it for me on most days. Thanks, I use Canva to make thumbnails :)
wow. you are just amazing.
what if we replace the state parameter value with other account state value,and the account logged in ?. is it still consider as OAuth missconfiguration?
Yes!
@@FarahHawa Thank you!
what is your ug course?
Love to watch your videos and also learn a lot from your video:)
That's great! Thank you for watching!
Please Make Playlist On Bwapp,Dvwa
Really informativel video Farah 💯
So glad it helped!!
I also want to study but didn't found something better.
nice sister
Awesome 😊😊.Nice video.
I too wanna to become bug bounty hunter.
Which topics should I start to read in web application hackers handbook? and which topics just to leave?
Please answer.
Please make a videos on this.Thank u
Everything up till chapter 13 is mostly relevant
@@FarahHawa how much time do u think for a beginner to a bug hunter by the resources u mentioned in the first videos.
How many years took it for u ?
@@gowthamvyasmalkari4511 you can do it in a few months tbh. I was doing a little bit of coding, reading handbook, labs and blogs everyday. Give 1-2 hours to each resource and you can be done in 2-3 months if you're a fast learner.
@@FarahHawa hi farah u havent hunted a single bug .U will face massive trolling
the best source(it may piad too) learn hacking and related, and where you learn all these things
You should add subtitles
Nice video . You have helped me a lot .
Hi dhidhi . I'm completely a zero level beginner intrested in learning about ethical hacking and I was on search of finding people who could suggest me possible ways of learning things from beginning and I found your profile in linkedin . Please could you suggest me some youtube tutorial for learning hacking from very basic level .
ruclips.net/channel/UCPiN9NPjIer8Do9gUFxKv7A , ruclips.net/channel/UCQN2DsjnYH60SFBIA6IkNwg and ruclips.net/channel/UCCZDt7MuC3Hzs6IH4xODLBw are all great
@@FarahHawa thank you ! So much
Please make hindi vedio
Apne hacking kaha se sikha ??
Well Explained!!! Why do you use ubuntu instead of kali linux??
thank you! I use both, but the lab required Docker and that's set up on my Ubuntu box.
@@FarahHawa ohk nice. Waiting for the next series of vdos. keep 'em coming
Not a fan of the background music Farah. Great video tbh!
Hello, I need your help please
Nice explanation, keep sharing 👌
Can someone explain the impact of reusing access tokens?
👏👏👩💻🧙♀
an awesome detailed written guide here decatechlabs.com/oauth2-explained-and-how-oauth2-works-oauth-in-action
😍😘
☕☕☕☕
Your great in teaching ... Cyber security researcher
Thank you so much!!