This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful
What a great detailed video.. really loved it! next time i will just forward this video link, whenever anyone asks me about open redirects. You got me subbed and i will wait for more contents from you :)
I wish, but he's too good. I'm not even close to his knowledge/experience level and he's a person I look up to. For now, yes, I'll be focusing on Web, others later.
With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?
How can someone use an open redirect to take over an account? - password tokens are not listed anywhere. how can the hacker find the token? - even if the token is found, there is a HIGH chance it is expired. - even if the token is found, the token is deleted right after the password reset. Also if the hacker has the token, why not directly resetting the password himself?
YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.
MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~
I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....
If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site. (I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting It shows the URL it is redirecting to and with a Fat Warning text
In the given example, the token leak could have been easily prevented by sending the token in the body or header, not as a part of the URL. But yeah, I was wrong, method has nothing to do with it. It's about having the token in the URL.
Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?
From `Referer` header, which contains the address of the previous web page and in the url, there's the token. Only exploitable if the token is not expired or reusable or not used.
I think my site was being targeted... I noticed in AHrefs that I started getting a lot of backlinks structured like "maps.google.bj/url?q=mywebsite dot com"... they were coming all different similar links images.google.bj, google.im/url?q=mywebsite, etc etc... several hundred, at first I wondered if it was a competitor spamming backlinks.. but my questions is how do they get such a URL as maps.google.bj/url?q=mywebsite dot com indexed on google? It appeared to actually boost my metrics on Ahrefs but I think it maybe toxic on google side of metrics? Are you familiar with this? Are they permanent backlinks or are they blips and are gone in no time? So BIZARRE... can't tell if it's an attack or if its boosting metrics.
These are awesome, dude! Happy you see you starting up a show!
Thanks homie :)
fghj
dude Charlie Puth watched your videos
Awesome @John Hammond is here
Sir 🔥✋
This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful
I always wait for that cool ending ♥
I hope for the day where I come back to this video and flawlessly understand everything you said
slowly undersanding
How's it going
any updates?
What a great detailed video.. really loved it!
next time i will just forward this video link, whenever anyone asks me about open redirects.
You got me subbed and i will wait for more contents from you :)
Awesome man! After a long time, I found an awesome video. Please continue to upload such content.
Amazing video dude !! Keep it up. And thanks for the awesome challenge :)
The honour is mine.
This is explained so simple. And i feel like i still saw a video on Chinese.
fghj
underrated comment
Well, the auto subtitles do say Korean
the next liveoverflow ? focus on web exploitation topic should be good i think, keep it up buddy!
I wish, but he's too good. I'm not even close to his knowledge/experience level and he's a person I look up to.
For now, yes, I'll be focusing on Web, others later.
fghj
Subbed Bro keep up the great work and very good quality
One of the best video i seen Open Redirection . Thanks for doing this kinds of videos it will be very usefull for beginers
Very clear explanation with simple graphics. Thanks!
Just found you and I love all these videos. You got some pretty nice digital handwriting and drawing. That flask logo. 👍
I love the drawings lmaoo, good video :0
You've got my sub man! Keep up the good work!
Very informative, and deep for understanding video! I have blow in my thinking about this..) Thanks! Good luck!
Amzing bro keep going u got my sub😍😍
Can I call your Mom, Mom? cause You sounded like, you are my big brother, n you explained everything to me so sweetly
wtf
@@arunraman6630 right like what?
The best quality programing content ever
Ever
Very good explanation! Thank you.
Sir please more videos on different vulnerabilitys
Great video
Amazing channel. Don't stop making videos like this
Very clear and good amazing video.I want to learn more such things from you.
Wow, this channel is underrated !
Your awesome...and your video to good..bro
Why this channel is so amazing 😌
Great content here is your sub
Great vedio... explained everything so simply 😍 Keep on going... you earned my respect 😀
I didn't find video like this. Keep it up
Ok, this was awesome! Nice Tut
I like how chill he is
keeeeeep going maaaaan .. u are perfect
With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?
Even if it is displayed I don't see why you couldn't just use a custom domain name that includes the name of the website you're exploiting.
Well Explained, Tq. And BGM , loved it.
Love your videos! Thanks!!
Love your vids👍
How can someone use an open redirect to take over an account?
- password tokens are not listed anywhere. how can the hacker find the token?
- even if the token is found, there is a HIGH chance it is expired.
- even if the token is found, the token is deleted right after the password reset.
Also if the hacker has the token, why not directly resetting the password himself?
Also, I've just discovered this channel, and it's a gem!
Your contents are valuable for self-learners
Very good explanation, you are awesome.
Thaaaaanks
And thus, a legend was born
Thank you for making great content!
Well explained! ❤️
YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.
A really good one! Thank you!
nice explanation, got subs from us :)
Ur rocking dude
Love u 😘
I love the music at beginning
Please your videos going, they are amazing
I discover ur channel now, cool man!
MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~
Awesome videos.
Awesome..
nice work!!!
PwnFunction: What could possibly go wrong?
Me: Everything.
This is really informative
awesome content bro
I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....
Wait what happened after
Absolutely brilliant
Cooooooooool channel. but plz place those browser window green, yellow and red buttons on the left :)
see 2:20, I'm just following what I have XD
@@PwnFunction damn you're right! right... got it??? ahhahahahaha
@@PwnFunction i'll pay more attention next time XD
you explain this so clearly and so well. good work!
Can you change the auto-generated subtitles for this video from Korean to English?
Just got my equipments to start hunting thanks alot
If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site.
(I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting
It shows the URL it is redirecting to and with a Fat Warning text
( this is for user generated content, for internal redirects I use backend anyways without NEXT or so parameter )
That’s one way to fix it, yeah. Might be a little annoying for the user, but it does work.
quality content ....... awesome
Good content and explanation!:)
Awesome video!
Also, it's better to send tokens via POST method rather than GET. That could solve the issue, but still very well demonstrated. 👍
Why do you claim so?
In the given example, the token leak could have been easily prevented by sending the token in the body or header, not as a part of the URL. But yeah, I was wrong, method has nothing to do with it. It's about having the token in the URL.
Great vedio! But where can I find the english caption?
btw I like your drawing XD
So, I guess it's important to resolve the URL before checking against it.
fantastic videos wow
Awesome content
Awesome
How an attacker change url parameters on a website into desired url
I try to simulate the code in the end of the video and trigger XSS, but i can not trigger XSS. Could anyone help me ?
what do you use to create these videos ?
You are awesome...
please answer to me, what is the name of this app?
Great content
I was just watching through your video again, but needed subtitles... "Korean (auto generated)"?! That confused me for a second! :)
RUclips works in mysterious ways.
Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?
Can you please tell me the name of your terminal fonts?
i like the way how you said INTERNET EXPLORER whahahaha
Oh boy. I'm totally guilty of this one.
Is your intro a wireshark packet? XP
What program did you use for the drawings?
Adobe Animate.
@@PwnFunction ❤️
So beautiful
Good video! the flickering when some (wrong) drawing is removed is really annoying though.
It's awesome
Please put the english subtitles
Just found like 10 open redirects on a site and it's other domains. will try to escalate those 😉
How we can get token as it is seCret token ?
From `Referer` header, which contains the address of the previous web page and in the url, there's the token. Only exploitable if the token is not expired or reusable or not used.
1:00 Luckily PHP removes all the newlines in the header() argument or else it could be much more interesting :D
Someone knows which theme the editor use in vscode?
God , i didn't understand anything. but i will😎
Bro put videos regularly
make more vids about web hacking... nice job
idk anything of those topics. i like your video style tho.
You are saying me to find a bug in a language I don't know and I still think I don't understand it bcz I'm dumb xD.
Paramiter?
Parameter.
I think my site was being targeted... I noticed in AHrefs that I started getting a lot of backlinks structured like "maps.google.bj/url?q=mywebsite dot com"... they were coming all different similar links images.google.bj, google.im/url?q=mywebsite, etc etc... several hundred, at first I wondered if it was a competitor spamming backlinks.. but my questions is how do they get such a URL as maps.google.bj/url?q=mywebsite dot com indexed on google? It appeared to actually boost my metrics on Ahrefs but I think it maybe toxic on google side of metrics? Are you familiar with this? Are they permanent backlinks or are they blips and are gone in no time? So BIZARRE... can't tell if it's an attack or if its boosting metrics.