Hi man! Your content is really good. Thank you for your efforts. I just have a questions, Do you really fuzz using those huge wordlists on bug bounty targets? then how do you manage the waf blocks and un-intention dos on target? Are program team have no issue if you flood their logs with fuzzing? Have you got any abuse notice for doing so from your ISP? If you use rate limiting, then how much and how much threads generally? Please guide on this issue.
Hey, thanks for checking by and appreciate the feedback. As I mentioned, I use smaller wordlists initially, and then transition to bigger wordlists. If program policy specifies about specific threads/requests per host, I will use same ammount on ffuf. It usually dont say that you can use, for example 5req/s in parrelel to different hosts, so you could fuzz multiple hosts at once. To bypass some basic WAF blocks, I recommend checking my WAF bypass playlist as I will be adding more content there soon.
Awesome 👌 Boss ❤🎉🔑💸💉✅️💵🚀💲❤️🔥✔️💰💲🌎📹👉👌💵 Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Please push more advance content 🤗
Gold fr 💖
Hi man!
Your content is really good. Thank you for your efforts.
I just have a questions, Do you really fuzz using those huge wordlists on bug bounty targets? then how do you manage the waf blocks and un-intention dos on target? Are program team have no issue if you flood their logs with fuzzing? Have you got any abuse notice for doing so from your ISP?
If you use rate limiting, then how much and how much threads generally?
Please guide on this issue.
Hey, thanks for checking by and appreciate the feedback. As I mentioned, I use smaller wordlists initially, and then transition to bigger wordlists. If program policy specifies about specific threads/requests per host, I will use same ammount on ffuf. It usually dont say that you can use, for example 5req/s in parrelel to different hosts, so you could fuzz multiple hosts at once.
To bypass some basic WAF blocks, I recommend checking my WAF bypass playlist as I will be adding more content there soon.
To summarize, recommend finding origin IP, switching headers, IP or country. I use VPN in the case the server blocks me.
if anybody dindt asked, how are you brother are you good and its awesome video keep going 🔥
All good! Thanks 😁
AWESOME ott3rly . big support from meeeee!!!
Thank you! Cheers!
Great buddy 💯
Thanks ✌️
Awesome 👌 Boss ❤🎉🔑💸💉✅️💵🚀💲❤️🔥✔️💰💲🌎📹👉👌💵
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Noted
@@Ott3rly Thank you Boss...
Why not have some content on how to find BACs ?
I guess I've needed to have some content that was missing on YT first. I have plans for this in the future, for sure ;)
🤞🏾
make with axiom
Don't need axiom for this, in most of cases ;)
Thomas Ruth Moore Laura Thompson Timothy
:)