Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video: As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it. Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video. I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
I dont think i have ever left a comment on a youtube video, but i just wanted to reach out and thank you for this! the way you sit and explain the little details is just amazing. Its almost like you can hear me mumbing to myself "wtf does that mean" lmao Definitely gained me as a subscriber!
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
a good program to hunt for IDORs It has to have authenticated testing and you have to be able to get multiple different accounts. taking notes is mandatory for this type of testing 19:05 first we need to identify how the application is pulling larger data sets and identifying the user. 1:03:48 left
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it. Again great content. Please keep them coming.❤
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to RUclips when the vulns has been resolved?. this must be very interesting.
Good morning "Mas", thank you very much for the video. I am from Indonesia feel very grateful for the video, I would like to ask, Is there a roadmap next, for someone who has just jumped into Bug Bounty? The first step to understanding IDOR, maybe the next you can tell. Thank you "Mas". Greetings from me in Central Java Island, Indonesia. (Name is pseudonymous only)
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku. Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this. I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
@@rs0n_live In the time between my message and your response, I found and submitted two IDOR bugs thanks to you man. Heres hoping they're valid. Thank you.
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too. Can you update your discord invite link, it's actually expired, and I'm not able to join your server :) Thanks!
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](http://i.ytimg.com/vi/jTdqM2aO4Ys/mqdefault.jpg)
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](/img/tr.png)
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting,
Finally someone shares real life experience in bug bounty and actually shows how real world works. Thank you
Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video:
As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it.
Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video.
I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
This is the best educational bug bounty video on youtube!
finally someone sharing how to hunt in real life rather than giving tips thanks sir
How long have I been waiting for someone to actually test on a live application!! So educative, more of these pls!!
I dont think i have ever left a comment on a youtube video, but i just wanted to reach out and thank you for this! the way you sit and explain the little details is just amazing. Its almost like you can hear me mumbing to myself "wtf does that mean" lmao
Definitely gained me as a subscriber!
This is the best educational bug bounty video on youtube!
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
You have the Holy Grail of certs! So glad you're on our side!! 😁
This is so much better than course videos with super unrealistic flaws
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting.
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
allot of their excuses I have heard is its not allowed to do live bug bounty tests not sure how thats true
Sharing knowledge builds a strong community, but very few have such wisdom.
That and they won’t burn recon live I’d do live recon with u if u wanted to invite me.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
You are SO awesome for lending your expertise to walk through your methodology on a live program! Thank you!!!
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
When person understands what he is doing, its always good to listen to him. Great video.. keep a good work
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Thank you for your generous sharing. There are truly no hidden aspects to this.
Please do more vids like this, on specific bug types from beginner to advanced this is gold.
Thank you so much i really learned from you, i also learned how to be patient with captcha like which is an amazing skill ngl
Awesome content love these in-depth videos
just beginning to watch this and i can tell its going to be worth it
Thank you for sharing this knowledge with us. As someone who is new to this, videos like this are golden in helping understand the how and why.
a good program to hunt for IDORs
It has to have authenticated testing and you have to be able to get multiple different accounts.
taking notes is mandatory for this type of testing
19:05 first we need to identify how the application is pulling larger data sets and identifying the user.
1:03:48 left
that was great ❤
can't wait for further lives ❤
thank you for coming with such great videos
I was going to sleep it's 1:46 am then pop up came , now i can't sleep, i have to watch it cause i m obsessed with your content ❤😍
i have faith , that u and God will help me in this journey of bug bounty
Best yt video about idor
Thanks bro. I am just starting. These live hunting videos are really really helpful. ♥♥
Thank you very much for these awesome videos. Every time I watch your videos I'm learning a lot of things.
Great video. One of the best if you pay attention
Getting into IDOR's and ACV's now... nais tutorial.. cheers
You are king! Great realistic content - the best!
Thanks for bringing us these videos, showing the methodology, it really helps a lot!
great video! thank you for the depth and explanations in this video. i think i’m finally starting to get it!
that was incredible, thanks for sharing, please keep up the good work legend.
best explanation Bro!!! loved your methodology...
Thank you so much for sharing your knowledge!
Love your videos!
can't wait for 2nd part amazing man alot of thanks
interesting to see how others do this, thanks!
Thanks for bringing us these videos
man you are amazing, keep up the great work.
Love the whole video please keep teaching us
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it.
Again great content. Please keep them coming.❤
This is fantastic for beginner's
Can't wait for part 2 😊
This is gold!
Thanks man, good material, we don't have anything similar in Spanish
Absolutely great content ✨
Thank you sir. You are my best youtuber
this video is very motivating thanks man ...
wow i finally understand how guys found bug :)
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Min 1:06:29 you missed one traffic light. You are a robot. I know it!!!! :D
Good video bro. It is gold.
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
Great explanation
Love ur content! Please go for part 2!
Another great video, thanks man i really enjoy your videos :-)
Great content
Really Doing a great job 👍💪
Thanks a LOT man 🎉🎉🎉 ❤❤❤
This is just great! Thanks for the live hacking, that's super useful for me.
good Explanation 🔥🔥🔥🔥
Ty
very helpfull information, thank you mate
Good one this🤞🏾
This is so helpful. thank you
Thank you!
讲的太好了
Amazing Video
Thanks for the video =)
13:50 bro was definitely angry about the question
Teşekkürler.
thank you..very valuable knowledge. Can you record a video of the activity when doing IDOR and it is successful then upload the video to RUclips when the vulns has been resolved?. this must be very interesting.
Bro pls make a course for http request smuggling I want to learn this vulnerability
Please make a video on how to do idor testing with Autorize
thx lord
Bro I was literally just researching this
Good morning "Mas", thank you very much for the video.
I am from Indonesia feel very grateful for the video, I would like to ask,
Is there a roadmap next, for someone who has just jumped into Bug Bounty?
The first step to understanding IDOR, maybe the next you can tell.
Thank you "Mas".
Greetings from me in Central Java Island, Indonesia.
(Name is pseudonymous only)
Halo bang, ane juga dari jateng pekalongan wjwk
@@setanalaz kuliah ya?
@@blackbird436 no sir, still learning to jump into bug bounty from current job. belajar dmn lagi ya bang ada info kaga?
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku.
Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
Starting now
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
nice video, keep doing
Subscribed!!!!
Thank you for the video. Extremely useful!🤗🤩 The link to join the group in Discord is not working
really helpfull
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this.
I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
This mfer is a fucking legend
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
please guys more likes on this video.
When will you upload part 2?
❤❤
Go Navy beat Army
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
rs0n... did you Photoshop your arm in your thumbnail...?
No, but I was flexing as hard as I could and sucking in my stomach a bit 😆
@@rs0n_live In the time between my message and your response, I found and submitted two IDOR bugs thanks to you man. Heres hoping they're valid.
Thank you.
@@rs0n_live Big MOOSCLES
Sir Next part 2 video
Please Need Dom Xss Video
discord link is expired can you renew it
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too.
Can you update your discord invite link, it's actually expired, and I'm not able to join your server :)
Thanks!