Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video: As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it. Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video. I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it. Again great content. Please keep them coming.❤
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
Good morning "Mas", thank you very much for the video. I am from Indonesia feel very grateful for the video, I would like to ask, Is there a roadmap next, for someone who has just jumped into Bug Bounty? The first step to understanding IDOR, maybe the next you can tell. Thank you "Mas". Greetings from me in Central Java Island, Indonesia. (Name is pseudonymous only)
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku. Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
a good program to hunt for IDORs It has to have authenticated testing and you have to be able to get multiple different accounts. taking notes is mandatory for this type of testing 19:05 first we need to identify how the application is pulling larger data sets and identifying the user. 1:03:48 left
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too. Can you update your discord invite link, it's actually expired, and I'm not able to join your server :) Thanks!
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this. I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](http://i.ytimg.com/vi/jTdqM2aO4Ys/mqdefault.jpg)
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](/img/tr.png)
Finally someone shares real life experience in bug bounty and actually shows how real world works. Thank you
Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video:
As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it.
Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video.
I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting,
Great video man! This is substantial knowledge. Awesome! Other creators don't share things like this due to the fact they make more competition in bug bounty.
allot of their excuses I have heard is its not allowed to do live bug bounty tests not sure how thats true
Sharing knowledge builds a strong community, but very few have such wisdom.
That and they won’t burn recon live I’d do live recon with u if u wanted to invite me.
Yes, there is a ban on publishing the bug bounty process, but the creator's explanation is great for beginners like me. It helps to step up, when others are asked how to report a valid bug, even if it's a duplicate, person simply replies "watch youtube"
that was incredible, thanks for sharing, please keep up the good work legend.
Great Content man, Can you please do a detailed video on XSS. Like how do you actually find it in the real life, how to start testing process, when do you stop testing, which req is most vulnerable like text/html . I have this doubt in my mind that i am not good at finding it.
Again great content. Please keep them coming.❤
Please do more vids like this, on specific bug types from beginner to advanced this is gold.
interesting to see how others do this, thanks!
How long have I been waiting for someone to actually test on a live application!! So educative, more of these pls!!
Thank you sir. You are my best youtuber
this video is very motivating thanks man ...
Bro pls make a course for http request smuggling I want to learn this vulnerability
bro i am not from usa, i am from india,and i tried to access the singapore website but it shows that i dont have access so I used the vpn and changed to virginia and created 2 accounts, but the burp proxy and vpn are clashing and i am not able to intercept through burp, any advice bro ?
i love the video and how you explain everything and go down paths even tho you most likely know its wrong you test until its confirmed really helps a new guy like me learn the methodology keep up the good work!!!
This is the best educational bug bounty video on youtube!
Hi, great video, it really help us to see how you hunt for bug. Can't wait to see your live hacking video. Could be great to have a second part and see you hunt for other vulnerability.
Good morning "Mas", thank you very much for the video.
I am from Indonesia feel very grateful for the video, I would like to ask,
Is there a roadmap next, for someone who has just jumped into Bug Bounty?
The first step to understanding IDOR, maybe the next you can tell.
Thank you "Mas".
Greetings from me in Central Java Island, Indonesia.
(Name is pseudonymous only)
Halo bang, ane juga dari jateng pekalongan wjwk
@@setanalaz kuliah ya?
@@blackbird436 no sir, still learning to jump into bug bounty from current job. belajar dmn lagi ya bang ada info kaga?
@@setanalaz bootcamp banyak, cuma kebanyakan make lab, jadi kurang worth it menurutku.
Belum kalau ketemu cookie seasion dan parameter id di sembunyiin bukan tulisan id.
finally someone sharing how to hunt in real life rather than giving tips thanks sir
Awesome content love these in-depth videos
can't find better video like this on the youtube , Really a leader u are to beginners.. Please keep on uploading with different vulnerabilities so that our knowledge keeps increasing.😇
This is the best educational bug bounty video on youtube!
You are SO awesome for lending your expertise to walk through your methodology on a live program! Thank you!!!
Please make a video on how to do idor testing with Autorize
i love the way of how you're taking notes man and that really enlightens me.. maybe i should do the same when bug hunting and setting up pointers.. you have my full respect brother!
13:50 bro was definitely angry about the question
a good program to hunt for IDORs
It has to have authenticated testing and you have to be able to get multiple different accounts.
taking notes is mandatory for this type of testing
19:05 first we need to identify how the application is pulling larger data sets and identifying the user.
1:03:48 left
When person understands what he is doing, its always good to listen to him. Great video.. keep a good work
Go Navy beat Army
Thank you so much i really learned from you, i also learned how to be patient with captcha like which is an amazing skill ngl
Thank you for the video. Extremely useful!🤗🤩 The link to join the group in Discord is not working
Hey ars0n I love your content, for a semi-beginner intermediate bug bounty hunter this is just great for getting to a professional level. I'm just so passionate about this too.
Can you update your discord invite link, it's actually expired, and I'm not able to join your server :)
Thanks!
Great video. One of the best if you pay attention
please guys more likes on this video.
man you are amazing, keep up the great work.
You have the Holy Grail of certs! So glad you're on our side!! 😁
This is fantastic for beginner's
This mfer is a fucking legend
Once again a great Tutorial! Thank you so much for that explanations! I'm really interested in your subdomain enumeration, maybe you could show us that in a future video :)
Thanks for the video =)
Really Doing a great job 👍💪
Teşekkürler.
Good one this🤞🏾
Tallent i like you.
Amazing Video
really hate captcha
Min 1:06:29 you missed one traffic light. You are a robot. I know it!!!! :D
Good video bro. It is gold.
Getting into IDOR's and ACV's now... nais tutorial.. cheers
Best yt video about idor
Finally someone explaining with real website. I was looking for this..This was very easy to follow as a beginner in bug bounty hunting.
This is gold!
Starting now
Ty
Great content
Thank you so much for sharing your knowledge!
Love your videos!
thx lord
Wouldnt it be possible to swap the payload and see at what point the change occurs? Or maybe not payload, token, idk im very new to all this.
I mean are they valid if you just swap them or does it know that the token belongs to a different session or something?
Thanks bro. I am just starting. These live hunting videos are really really helpful. ♥♥
Thanks a LOT man 🎉🎉🎉 ❤❤❤
This is just great! Thanks for the live hacking, that's super useful for me.
Love the videos. Question for you. I am looking at starting bug hunting however, my laptop does not have the resources available to create VM's. Can VMs created in the cloud (AWS) bue used for bug hunting? thank you.
great video! thank you for the depth and explanations in this video. i think i’m finally starting to get it!
i have faith , that u and God will help me in this journey of bug bounty
at 1:01:30 keeping auth token beside we can try to change the email of current account inside jwt to see if we can get the credit card of another user? can't we do that or not? somone?
Thank you very much for these awesome videos. Every time I watch your videos I'm learning a lot of things.
thank you for coming with such great videos
Another great video, thanks man i really enjoy your videos :-)
This is so much better than course videos with super unrealistic flaws
The majority of logical flaws are inherently simple, regardless of the number of cases examined. It is essential to conduct a comprehensive testing process and analyze the website from scratch in order to accurately assess its integrity. This approach ensures transparency and truthfulness in the evaluation
Thank you for your generous sharing. There are truly no hidden aspects to this.
I was going to sleep it's 1:46 am then pop up came , now i can't sleep, i have to watch it cause i m obsessed with your content ❤😍
You are king! Great realistic content - the best!
very helpfull information, thank you mate
wow i finally understand how guys found bug :)
Bro I was literally just researching this
Love the whole video please keep teaching us
Thanks for bringing us these videos, showing the methodology, it really helps a lot!
讲的太好了
Hello very good video ....i just have a question how to bypass errors like the bad request that u ve got and how to when to quit digging in same mechanishm and know that there is no bug here ...thank you
Thank you!! You probably won't be able to bypass errors when you get them. The error usually means that the control is working properly. Keep in mind that IDORs are not injections, they are simply testing if the app is working how it should. You don't need to bypass anything, there is enough complexity in these applications that there always new places to test. There's no general rule to know when to stop testing, it's really about understanding the application. You need to know how the app is designed to function, then you try to make it break those rules.
discord link is expired can you renew it
just beginning to watch this and i can tell its going to be worth it
Thanks for bringing us these videos
can't wait for 2nd part amazing man alot of thanks
When will you upload part 2?
The video flows very well from start to finish 👏
Thank you for sharing this knowledge with us. As someone who is new to this, videos like this are golden in helping understand the how and why.
Love ur content! Please go for part 2!
whats your h1 handle?
This is so helpful. thank you
good Explanation 🔥🔥🔥🔥
Sir Next part 2 video
Please Need Dom Xss Video
Thank you!
nice video, keep doing
Subscribed!!!!
Can't wait for part 2 😊
Great explanation
really helpfull
1:03
❤❤
Greate Video @rs0n ❤