This was very useful, even if not really clear in the beginning how you got these requests in burp, but figured it out (burp has a preconfigured built in browser which I used) I am a web developer and trying to secure my webapps.
Thanks a lot for this video. you are such a lifesaver. Can you make a video where we can start on a company's website that is on a bug bounty platform. So that we can get an idea of how to start on.
Kron98 Yes for sure, I was actually using OBS but I think it over optimised and gave me a low quality video, I tried to re-record but didn’t like the take as much, oh well next video will be HD for sure :)
Here you go: portswigger.net/support/burp-suite-upstream-proxy-servers it’s called an upstream proxy, the link shows you how to set it up, but burp can forward requests through another proxy, so requests go you -> burp -> proxy
Do you have any suggestions for beginners like me from where to start to really find your first bug, as of I can see there are no bugs to find for beginners, it's really difficult for a beginner to find it. Because most of the platform are giving private programs to the experienced ones. So for a beginner from non tech background what would be your suggestion to learn and where he/she should start.
Don't assume that every bug has already been found, the more experienced bug hunters automate a lot and that leaves plenty of bugs that require more work, such as IDORs or Business Logic. I found my first bug at a live hacking event where I was competing with some of the best bug hunters in the world, not to mention the target's public program. To learn I think there's only one way, hack things, start bug hunting as soon as you're comfortable (using Burp or know a few bug classes), hell start when you're not comfortable. You will learn so much en route to finding your first bug than you ever will from months of video watching or article reading. Obviously, there's a lot to learn, but you don't need to learn everything and there's no critical knowledge mass you need to reach to start. Immerse yourself into the community, join communities, get to know people, watch videos, follow people on twitter etc.
@@InsiderPhD thank you.. 😊 One more question... which bounty program is best for beginners, which is the most easiest bug in 2020 ? I meant which bug do I need to concentrate thoroughly !!!
@@notramin APIs are really great, OWASP has just produced the OWASP API top 10 owasp.org/www-project-api-security/ so learning those bugs and looking at mobile apps w/ APIs I think is a great start for beginners
I am clicking "Add §" to set intruder to place our payload in that place. So every item from our list will be in that position when intruder runs. So if our list is: "yellow, green, blue" and we have "colour=§my col§", it sends 3 requests "colour=yellow", "colour=green", "colour=blue"
wait, so you can start poking around any website or do i need to search for something else? im confused since no one tells you what u can and what u cant sniff. Shits like starting drugs but you confuse them with flour.
your proxy server i.e. burp suite is running on localhost on port 8080 by default ... so unless you direct all your traffic through your proxy server, it won't be able to capture those traffics .... hence our browser is set to direct all those traffic through localhost where our burp server is running ... hope this helps :D
@@pawanprjl hey man thank you..burp suite is quite intimidating for noobs So we can directly say that the burpsuite is running on our local host and and if I did some bruteforce attack on some website then it will not going to execute the actual attack on the main server but on the localhost only?
@@shreyabanerjee1684 no the attack will be executed on actual server of website, its just that burp suite is the path through which you are sending packets, and you can view those packets through burp and modify it .... its like you are sending a parcel to a friend through a parcel company, but parcel company can view and modify what you send to your friend and what your friend sends you back.
@@pawanprjl hey so this means I can only test those website which gives the permission to do testing ..other than that it will be illegal! So can you tell me any method so that I can test any website and it will not be illegal afterall! Are you a cybersecurity enthusiast?
@@shreyabanerjee1684 you can get involved in bug bounty programs where you will find a lot of sites who are welcoming hackers to check on their security ... or before performing any testing, you can ask permission for testing with owner of the site, and if you are granted with permission, you can carry on with that.
you are like a revolution to me you are teaching everything on point just keep uploading
A great intro, thank you! :)
Keep adding content like that It really helps a lot waiting for next video
This was very useful, even if not really clear in the beginning how you got these requests in burp, but figured it out (burp has a preconfigured built in browser which I used)
I am a web developer and trying to secure my webapps.
I'm glad someone else is starting to making videos for this keep it up!
Most useful video I've found so far. Thank you. Could we watch you find a bug this way from start to finish?
best tutorial ever
Thanks a lot for this video. you are such a lifesaver. Can you make a video where we can start on a company's website that is on a bug bounty platform. So that we can get an idea of how to start on.
Nice One!! Thanks for helping us. I appreciate your work.
Although I do have a request, please upgrade the video quality.
Don’t worry I am re-recording this video very very soon! And will have an updated quality
@@InsiderPhD Okay, I will be waiting for that. Once again Thank you.
Wow! Astonishing Start, more than a help to the universe it a blessing... But i need a favor...
Please reply me.
Awesome content! May I suggest HD for the next video? OBS helps with that easily.
Kron98 Yes for sure, I was actually using OBS but I think it over optimised and gave me a low quality video, I tried to re-record but didn’t like the take as much, oh well next video will be HD for sure :)
It is free and super easy. Let me know if I can help!
going to say the same but anyway Thank you!!
Thank you!
Amazing :)
Thanks heaps for your time...
Thank you, Great walk thru Blessings Thanks again
Good quality content
How to set up burp if the target only allows access only via certain ip address (setting up proxy ip and port privided by target website)
Here you go: portswigger.net/support/burp-suite-upstream-proxy-servers it’s called an upstream proxy, the link shows you how to set it up, but burp can forward requests through another proxy, so requests go you -> burp -> proxy
thanks a tonn for these videos.... May God bless you mam
Thank you so much for the video❣
i would like to thank you , for helping. I am new.
Awesome video. Subscribed for more content like this :)
great work
Nice one..But it would be great if it 1080p, as it is very hard to read.
guys i've added a website to the scope but on the sitemap section nothing shows up ?
amazing!
Intruder Repeater Proxy Target
If we change something in the request does it affects the website?
How did you find out that sql is being used there?
why there is no spider in burp suite 2021 ??
i love you 🥰
How to upgrade burp
Disc upgrade doesn't work
Melodic voice 😻❤️
What's ur good name?
Katie?
@@InsiderPhD I am having huge crush on U 😻 such a sweet tone u have..🐻
@@InsiderPhD long live Katie the teddy bear girl 🐻
480p?
camera was low on battery, so a potato had to be used and was nearby.
You started adding sites into scope. But you didn't show how to setup proxy for the browser first. My browsing is not reflected in site map.
I skipped that bit because there are a lot of other tutorials on that part, but thanks for the comment I will make one too :)
@@InsiderPhDBut that was only half of the problem. Certificate! However I found tutorial on burp website how to install certificate.
Do you have any suggestions for beginners like me from where to start to really find your first bug, as of I can see there are no bugs to find for beginners, it's really difficult for a beginner to find it. Because most of the platform are giving private programs to the experienced ones.
So for a beginner from non tech background what would be your suggestion to learn and where he/she should start.
Don't assume that every bug has already been found, the more experienced bug hunters automate a lot and that leaves plenty of bugs that require more work, such as IDORs or Business Logic. I found my first bug at a live hacking event where I was competing with some of the best bug hunters in the world, not to mention the target's public program. To learn I think there's only one way, hack things, start bug hunting as soon as you're comfortable (using Burp or know a few bug classes), hell start when you're not comfortable. You will learn so much en route to finding your first bug than you ever will from months of video watching or article reading. Obviously, there's a lot to learn, but you don't need to learn everything and there's no critical knowledge mass you need to reach to start. Immerse yourself into the community, join communities, get to know people, watch videos, follow people on twitter etc.
@@InsiderPhD thank you.. 😊
One more question... which bounty program is best for beginners, which is the most easiest bug in 2020 ?
I meant which bug do I need to concentrate thoroughly !!!
@@notramin APIs are really great, OWASP has just produced the OWASP API top 10 owasp.org/www-project-api-security/ so learning those bugs and looking at mobile apps w/ APIs I think is a great start for beginners
11:56 I cannot read what she marks there to add the $ What does she want to do?
I am clicking "Add §" to set intruder to place our payload in that place. So every item from our list will be in that position when intruder runs. So if our list is: "yellow, green, blue" and we have "colour=§my col§", it sends 3 requests "colour=yellow", "colour=green", "colour=blue"
I need your help in bug bounty hunting
👍
thnk you a lot
wait, so you can start poking around any website or do i need to search for something else? im confused since no one tells you what u can and what u cant sniff. Shits like starting drugs but you confuse them with flour.
Hey can you tell me why we use 127.0.0.1 as a proxy
I mean what is the role of localhost here ?will all my traffic shifted in my own network?
your proxy server i.e. burp suite is running on localhost on port 8080 by default ... so unless you direct all your traffic through your proxy server, it won't be able to capture those traffics .... hence our browser is set to direct all those traffic through localhost where our burp server is running ... hope this helps :D
@@pawanprjl hey man thank you..burp suite is quite intimidating for noobs
So we can directly say that the burpsuite is running on our local host and and if I did some bruteforce attack on some website then it will not going to execute the actual attack on the main server but on the localhost only?
@@shreyabanerjee1684 no the attack will be executed on actual server of website, its just that burp suite is the path through which you are sending packets, and you can view those packets through burp and modify it .... its like you are sending a parcel to a friend through a parcel company, but parcel company can view and modify what you send to your friend and what your friend sends you back.
@@pawanprjl hey so this means I can only test those website which gives the permission to do testing ..other than that it will be illegal!
So can you tell me any method so that I can test any website and it will not be illegal afterall!
Are you a cybersecurity enthusiast?
@@shreyabanerjee1684 you can get involved in bug bounty programs where you will find a lot of sites who are welcoming hackers to check on their security ... or before performing any testing, you can ask permission for testing with owner of the site, and if you are granted with permission, you can carry on with that.
Yeah who?