Это видео недоступно.
Сожалеем об этом.
SSRF Bypass by DNS Rebinding | Bug bounty poc
HTML-код
- Опубликовано: 3 апр 2024
- Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
In this video i am going to show you ssrf new technique that help you in bug bounty hunting this technique called dns rebinding and its advance technique for bypassing ssrf if you find this in any bug bounty platform just report it and earn good bounty..and if any review team from youtube watching this please dont restrict this video this is only for education purpose only few people make this type of content so please..Thank you all
I swear bro is the most underrated in terms of the information he's giving out. Appreciate every video bro, I'm going to study/watch as many as I can.
my pleasure to hear this man ❤️☺️😇
@@lostseccBUT AN EXPLANATION IN EVERY STEP YOU ARE TAKING IN THE VIDEO WILL MAKE IT ALOT BETTER
i explain in my.telegram channel must join it..
@@lostsecc Hello what wsl are you using and what theme?
wsl2 kali ohmyposh theme
Always remember focus on one target spend u time until u get something dont hunt on multiple target u will loose tge focus stay focus .
Happy hunting 🎉🎉🎉
Hello lostsec,
Good to see this video,
I appreciate till now no one shared live video's .
Please make idor and information disclosure video also.
sure all comming soon..
Mate, I have been watching your videos for a while now, and I feel like everything you show is applicable straight away. Thanks for such great content
❤️🤗
Welcome back bro ⚡️ keep going you’re the best ♥️ Allah protect you 🤩💙,
#thebestyoutuber😍⚡️,
love you brother 🥺❤️
Hello bro, because of you I just got my first private program invite today, thanks so much for all you do
its my pleasure bro ☺️❤️😇 keep going..
Man, your lessons are the best i ever found! Thanks!!
thnq brother ❤️
Bro waiting for bmw website bug hunting pls upload as soon as possible bro
comming soon..
Amazing, i stunned by seeing.. this is how dns rebinding works
❤️
I'm looking forward to it ❤
Brother always keep going like this😊. I'm always supporting you ❤❤❤❤
my pleasure brother ❤️😇
बहुत बढ़िया काम बॉस.🎉❤
बॉस क्या आप HTTP अनुरोध हेडर का उपयोग करके WAF प्रॉक्सी आदि के पीछे मूल आईपी खोजने के लिए उन्नत तकनीक साझा कर सकते हैं? उपलब्ध तरकीबें और स्क्रिप्ट मूल आईपी का पता लगाने में विफल रहे हैं।
धन्यवाद।🎉❤
Bro I saw you got the strike in this Video as Iike yours nevee give up personality I inspired a lot from it. Thnx broo❤❤
love u brother you guys are only the reason i dont want to give up ❤️
@@lostsecc 🙌keep it !🙌❤️❤️❤️
Awesome video as always mang!
❤️😇
sick terminal! (I liked ur old skulls one better tho), can u share a video on how to achieve it?
sure
I appreciate you brother.... please keep sharing
❤️
I wish I had as much knowledge as you do. You're legendary! Could you please share where you learned all of this? Which course? Or you can give me some guidance from where I should start?
bro please make more videos I found you just 3 days ago and I love your content please please please pleasssse make more videos... ❤️🥇
sure working on that mass hunting...
You‘re videos as a beginner are Gold man! Keep up the good work. What Browser do u use ?
And it seems u using Windows But how you get a linux Terminal?
its wsl2 kali
@@lostsecc i‘m new to your Channel. What would you recommend to start with when your Intention is to do BugBounties Like you ?
learn all.oswp top ten bugs and start from portswigger labs
better as always keep it up
❤️
I love your content bro, what pc do you use or wich pc or laptop do you recommend for bug bounty
just find some laptop with good storage & 8gb ram, then run linux
msi gf63 thin
killing it!
❤️😇
السلام عليكم فديو اكثر من رائع لقد افدني كثيرا
my pleasure 🤗❤️😇
Hi bro ! Good video and good finding GG.
Can you make a special video for only aws related vulnerabilities like : SSRF to AWS Metadata Access, S3 Buckets, just initial access related vulnerabilities in general. Thanks bro ❤
sure due to some policy of bug bounty these things cant share but when i find in public site i will share
@@lostsecc thanks bro love your work ❤️
Can you search for vulnerabilities in the termux terminal to start with the bonty bug?
Can we do this type of bug hunting in onion sites too?
nope
I'm just looking at the quality content❤
more has to come ❤️😇
Bro hats off to you.. i wanna make career in web app pentesting and currently struggling to my first bug,, hope i will also hunt like you one day🥹🫶🏻
I get inspiration from you every time i watch your video, thanks for motivating me❤️
keep going brother sure u will do just have mindset like trying and exploring new new methods and skills sure u do that...
Bro i wanted to ask that in xss do you always automate and how do you check that if It's not a false positive
check manualy by burpsuite
actually showin us how to approach bug bounty
its so easy all site to you invade? holy bro, all weeks you send a new video
i always explore new things there are many things high level comming all...
This channel is so underrated man, thanks for the videos, i have one question, is it legal to hunt for bugs on websites without permission? even tho you won't be using it for malicious purposes .
not a prbms bro just do and if u find report them..dont do much impact on sites..
@@lostsecc oh i see man, you doing great job , and thank for the content, it gives me motivation ❤️
Nice dude but how is that a bypass? it even works with just specifying loop back address directly without rebinding.
i just show the methodlogy and pick this site for test case..u can try same in other programs..
Brother please make video on how to make or get free vps server please borther big fan and learning from your videos and tg channle..........
sure
Brother can you make a tutorial on how to bypass Web Aapplication Firewalls, I've searched and got many results but none of them work 😢
sure ❤️
U aree underrated but I donot know how to use github till now😊
dont worry i will tech you ❤️🫂
Kab bhiya itna tools try kara na hora
Sab redeem text karta ha
Sab maje sa tool used kar ha ma na kar par ha
Asha kyo ha
Is Bug Bounty your only means of income or do you do something else on the side?
i have many work brother..
hi i have a question when i launch burpsuite from my wsl2 and then press open browser nothing shows up how can i fix this?
you need to install comprtable jdk verison for that burpsuite
@@lostsecc i think my jdk version is compatible is there any way we could private chat so i can provide screenshots
Please make a video about, how to create custom nuclei template with voice.
Could you make a tutorial on how to learn bug bounty? I'm quite interested, by the way, very good videos 😊
join telegram t.me/lostsec
Bro I'm watching all of your videos but I'm curious how to start? I want to learn your skill you have, Please tell me how
in bug hunting you need to focus on webapp most so master owsp top 10 bugs and start from.portswigger labs that will upgrade your skills solve some labs you will sure love it..
@@lostseccsolving all csrf and xss will help me?
whats the name of the application similar to cmd that you're using?
wsl2 kali
Bro You are the best ❤
can you make video on api security?
sure
you have good taste music bro
☺️🤗❤️wait for.upcomming one..
Hi I have a question, do anyone know how to bypass paywalls on articles from around the world?
If so come and explain to me in DM. THANKS
great man
with
great music 🤩
❤️😇
Hey bro im new sub i really liked your content upload more and please tell me some tips and how much total bounty you earned 😅..pls
join my telegram channel there i share all things t.me/lostsec
bro could you make the video .git exposure vulnerability include its exploit to show the impact to get a severity critical
its in information disclosure if u find that by using .git extension or anyother just report it..
@@lostsecc When using an extension dot git sometimes fails because of what?
BRO how to download this terminal in window
download window terminal from microsoft store
do you recommend some path (books / courses etc?) to get these kind of skills?
just solve some.portswigger labs and read hackerone reports ans medium articals on bug hunting and active on twiitter and follow all bug hunters..
Where do you get those websites to perform pentesting? Pd: keep going bro, your work is awesome.
dork or some in bug bounty programs..
Thanks for video❤❤❤❤❤❤
❤️
bro when use your commands it says no such pattern
how to solve that?
you need to add pattren
you always amaze me
❤️
nice
Bro, they are VDP or BBP ?
public i also find this in vdp but i cant show that bcz of policy of programs so..
Bro please mention your process of doing bug Bounty means what tools you use all please my beg req reply fast 😢
i shared in my telegram channel t.me/lostsec
Hi I found subdomain takeover vulnerability on bugcrowd private bugbounty program in responsible disclosure they accepted and resolved but didn't offer any rewards what I do please help me bro
ask them for the bounty sure they pay u
What I do please tell me
Thanks bro
Bro please give me insta id or what's app number I can send the resolved status proof please help me
telegram @lostsec
U the Hero Bro💥💥💥💥💥💯
☺️❤️
hey dude this is kartik again can you make a video on dual boot of windows 10 and linux maybe arch, kali linux any you want plij
dont use dual boot it will give u many prbm after some crash..better to use wsl2 kali light weight and fast
@@lostsecc ohh i see thx for the help
bro such a Great information
😇❤️
Very good, brother ❤🎉
☺️❤️🫂
I found another Bug there. I somehow cant find their program?
its public
@@lostsecc Link?
This site doesn't seem to run any bug bounty program.
yes i shared the methology bcz bcz of bug bounty program policy i cant show that so i used public site to demonstrate it..
@@lostsecc IMHO it is Gray Hat zone that may get the researcher into the trouble. I mean bug hunting without permission.
What bug bounty program do you use im new not sure where to start?
next video will help u in easy way..
Why are you rarely online on Telegram?
nicee to meet you brother ❤️☺️ i left defacing now focus on hunting...
bro i donot understand what is the basics or what sould i learn to start bugbounty and understand ur videos and thx for ur videos fr
in bug hunting you need to focus only on webapp most so master oswp top 10 bugs and best way to start is portswigger labs..
@@lostsecc thanks bro really appreciate ur answer ❤️
Amazing video ❤🎉
☺️❤️
make a video about how to find xss,sql,ssrf etc with origin ip address
sure ❤️
Bro can you share your terminal theme settings
just install ohmyposh themes
Bro next video .
0-click account takeover
Please 🥺 😭
surw
bro can you share your google dork to find target it will be very helpful
sure i send in telegram.join it t.me/lostsec
Ok thanks
Bro create a video for how to modify terminal like you
surw
how do you use linux command line on windows? or did i get it wrong ?
its wls2 kali
@@lostsecc oh thx mate👍
What is name of the tool who found all .php files on website
wayback and gf pattrn
damn , this is absolutely insane
❤️
bro tell can you tell me the endpoint or where I have to look for ssrf vulnerability?
just filter it with gf pattren then test all params that has ssrf
Can you tell me the possible parameters that are likely vulnerable to ssrf
i upload all in my telegram just join it @lostsec
finish the discord server soon🙏🏻
I want to learn this please guide me..
join telegram @lostsec
THIS IS MY FRIENDS COLLEGE 😶🌫💀
👻
Discord wen
What is this used for im curious
ssrf bypass
You are always a legend this tool that intercepted the child what is its name
caido
Thank you my dear brother is it paid or free
free
Bhai voice recording karo
What terminal are you using?
wsl2 kali
@@lostsecc But it is not like what you are using. Is what you are using modified?
I like the terminal you use
Bro you are great ♥
Can you tell me how to use terminal in windows. it's emulator or what?
install wsl2 then kali from.microsoft store and use it in window terminal
@@lostsecc thank you bro
🔥
U having any team or community bro?
join telegram channel t.me/lostsec
@@lostsecc yea sure 🔥❤️
What is your hacker one account?
its private one due to some privacy & i made other demo acc
any alterative to ngrok ?
portmap.io for static ip.forever
@@lostsecc thank you bro
Can you make me a video tool gf from installing to using it?
dm me in telegram.i.will install for u
@@lostsecc okay bro
@@lostsecc Where's the link, bro? You can't read a telegram
Want more broo
sure ❤️
bro new video ?
tommarow or maybe after tommarow working on this ...
@@lostsecc
where r u from bro??
united state of Punjab
You stick with 1 program or you jump to other programs?
dont spend too much time there are lots of subdomains so if it take too much time just shift other wise its waste your time not all time you get lucky so try all possible attack that u learned and if u not find that just shift..
@@lostsecc And you recommend testing APIs like GraphQL?
sure there are many bugs in graphql enpoint you can try idor sql and first check introspection query is enabled if yes then report as well..
@@lostsecc Yes there is introspection enabled, didn't know that i can report that, thanks
O que me impressiona é você usar windows
☺️❤️yeahh
BRO PLS ROADMAP how to be bug bounty
Port swigger
repoert link ??
public
@@lostsecc link ??
Bro pls give me the way to get my first bounty. Plzzz. ehat do i need to study
next video will help you more..and solve portswigger labs as much as possible..
@@lostsecc If i solved that labs can i do bug bounty
@@user-hf9gm3yb9cjust start bro don't think that much
This is illegal right?
test on bbp
@@lostsecc yeah but this is a university website without bbp.