Thank you so much for the shoutout! I'm actually working on some new API videos coming real soon including more recon techniques, understanding JSON, API hacking tools like Postman so stay tuned for even more API goodness!
@@theintrovert894 Why can't u just buy the course.It is a gold mine actually.It should be given for 2000$ for what he is teaching.He gives u more content covering all areas.Why can't u just buy it.Just buy the course.No one going to give you this and mr.cybermentor deserve to get some support.
You are taking out time to make these videos and help people like me to learn more, that's very much great. Thank you very much man and i expect many more videos.
I remember looking at hacker one bounty selection. I'm not gonna read all this so copy and pasted words to voice. Then made list ones that were paying money. Wasted bunch time learning burp suite what nightmare. I take notes get ideas what learn next. Sometimes you have submerge yourself in topic run with idea. I'm deeply involved in self sabotage. Saying nothing ever panned out why should this be any different. One guy had some great advice to himself if he was just starting find your first bug. Good recon all vulnerabilities. Part learning figuring it out yourself
By fuzzing one can get GET /api-2.0/sms/ But your blurred screenshots shows there was something more than that I mean, GET /api-2.0/sms/blurred-content/ Does that mean you won't get any PII data back in response when you just hit: GET /api-2.0/sms/ Just a noob here. Trying to understand. Thanks for read and/or reply.
@@TCMSecurityAcademy I came to know from various people that js files in website contains some juicy content can u tell me a kind of tool which can I used to download all js files without manualy going to burp to see individually
mate, after you found the sms parameter, what did you append to it next , like sms/?(it was blurred in your video) and how did you obtained that parameter after /sms/?
It auto-appended stuff at the end, but it could have been an indicator of the platform, so I blurred it. The method I showed was exactly how it was found.
Wow men, what a shitty actitud from that program!! And this video... super pratical and educational.. Its good to have videos where you real situations examples. Much easier to understand!!
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
Thank you so much for the shoutout! I'm actually working on some new API videos coming real soon including more recon techniques, understanding JSON, API hacking tools like Postman so stay tuned for even more API goodness!
Total side note. This is the first time I've actually ever NEEDED the sponsor of a RUclips video.
Great stuff as usual Heath, just finished the Udemy course, thoroughly enjoyed it.
Did you find any real world bug by using that course info???
@@abdulsamad-as actually yes, it better refined my vulnerability assessment skills I undertake for work, helped me be more efficient.
Can u give me thar course Plzzz❤️
@@theintrovert894 Why can't u just buy the course.It is a gold mine actually.It should be given for 2000$ for what he is teaching.He gives u more content covering all areas.Why can't u just buy it.Just buy the course.No one going to give you this and mr.cybermentor deserve to get some support.
You are taking out time to make these videos and help people like me to learn more, that's very much great. Thank you very much man and i expect many more videos.
burp intruder is just a multithreaded fuzzing script that can be made in pure python . Worth the effort .
Thanks mentor, it's very useful!
You are welcome!
Thank you man for the insiderPHD
That's really F'ed up that company didn't even acknowledge you or say thank you.
I remember looking at hacker one bounty selection. I'm not gonna read all this so copy and pasted words to voice. Then made list ones that were paying money. Wasted bunch time learning burp suite what nightmare. I take notes get ideas what learn next. Sometimes you have submerge yourself in topic run with idea. I'm deeply involved in self sabotage. Saying nothing ever panned out why should this be any different. One guy had some great advice to himself if he was just starting find your first bug. Good recon all vulnerabilities. Part learning figuring it out yourself
Great! Make this your new series: ' Real bug series'. Add real world bug hunting recon streams as well if possible. Or else just some poc videos.
By fuzzing one can get
GET /api-2.0/sms/
But your blurred screenshots shows there was something more than that I mean,
GET /api-2.0/sms/blurred-content/
Does that mean you won't get any PII data back in response when you just hit:
GET /api-2.0/sms/
Just a noob here. Trying to understand. Thanks for read and/or reply.
Like as always, great stuff. Thanks for all the awesome information and resources.
Thanks dude, really informative
Really thanks very much, that's gonna help a lot with API enumeration
Very useful. Thanks!
TCM - you are really my inspiration
Informative video sir😍 tq
Thank you TCM I had 0 idea of api. This helped me a lot
Any tips if u can share to find vulnerable parameters any tool will be a great help currently I use gf pattern with gau .
Ffuf and arjun are good, but I always go back to burp
@@TCMSecurityAcademy thnx
@@TCMSecurityAcademy I came to know from various people that js files in website contains some juicy content can u tell me a kind of tool which can I used to download all js files without manualy going to burp to see individually
one on one sounds aweome!
i need a mentor
Ikr, heath would be such a great mentor to have.
You'll probably find them in the CYBER space
why did d rate limiting not kick u out while fuzzing ?
Too much informative video 👍
Can you give me requirements for application Android pantest
Always love you sir😊....love from India 🇮🇳🇮🇳
Thank you for nice content!
Thanks Mentor awesome content as always 😎😎😎
Thank you brother ❤️
You are truly The Cyber Mentor!!
Thanks for sharing this 🙂
Every time You Nailed with pretty much great resources ! \O/ thenksssssssssss @TheCyberMentor
so are u fuzzing the parameter of `/sms/` path?
Again man you on Fire excellent
TCM♥️🔥🔥
legend as always thank you for the content.
Thanks man, you are the best
Can you please release a course on api pentesting or web application penetration testing
thank you forever bro
Hi Heath,
Can you create some CTF like stuff related to API testing so we can understand more deeply.
That T-shirt should say: Amber is my fuel 😂😂 thanks for your videos man, you're the best
Haha she is my fuel!
Superb
Great
mate, after you found the sms parameter, what did you append to it next , like sms/?(it was blurred in your video) and how did you obtained that parameter after /sms/?
It auto-appended stuff at the end, but it could have been an indicator of the platform, so I blurred it. The method I showed was exactly how it was found.
@@TCMSecurityAcademy Thanks man this helped me a lot.
Great stuff
I couldn't have maintained such calmness if that happened to me ⚡️! Cant stand bad programs tbh
Wait, you do 1:1 ?!?!?! Yes please !!!
Wow men, what a shitty actitud from that program!! And this video... super pratical and educational.. Its good to have videos where you real situations examples. Much easier to understand!!
Like + Comment ofc :)
Longtime no see
Sir after a long time...! Anyways stay safe and give knowledge that safely 😅
.
Support from my side always 🇮🇳🔥
Much love!
Damn, we don't deserve this quality content
I am stil not able to join your discord server
It took you so long to post a video
I'm a busy guy!
How can I get a one-on-one with you?🤔🤔
tcm-sec.com/one-on-one-tutoring/
❤️
sup
👾👾👾
OMG no way do you like listening to Jonathan Young songs ? i would never imagine lol, anyway thanks for the video very helpful !!!
You are love man
Love you more!