as a guy used to Burp community I would have used python to prepare word list all hashed up like that... it takes me forever but it's nice to see the way the smart kids do it.
Could ya use the "intruder" battering ram attack with payload processors... Intruder Works in community edition just rate limited IIRC 🤔 but Zap is dam good too (i prefer their proxy workflow over burp CE).
It will be great if there is comparison between the speed of brute-force with Burp CE, Burp Pro, ZAP and Python script. May be with other languages too ;]
I used this for a pentest last weekend. I only used two websites, and one is quite popular. I got someone's Visa card from the second one. The first one was flagged like it was built to be hacked. I also had to dig deep into their policies to figure out there's no explanation for FaceBook, Stripe, Serio and 4 other APIs doing GET and more destroying any way of making what our company needed compliant to use. They also have no nothing about security for Q1 2022. And I sent them my pentest report, and with the shocking details of being able to literally browse each users database they haven't reached back in 6 days! I usually use this to scan, but I took a deep dive into the extra add-ons while putting Ubuntu on my Microsoft Surface 😂
Hi! I have a question, would it be possible to use pinephone pro instead of nethunter? They say it has root privileges by default, and also comes with linux terminal, but idk if its apt to do the same thing as a rooted android phone
I wana ask you i wish that you respond me very soon .. i opened a session in udemy with cookies and after minites i'd close a session .. but when i would reopened again with same cookies it failed.. how to login again and again?
The first time I security scanned a website with OWASP ZAP, a bunch of data appeared in the "alert" section , The next day when I continued to scan that website, but " alert " item appeared nothing ? Is the data I scanned the first time still saved? how to get it??
is it possible to find the actual source of the API url? For example, if there is an API /POST/SERVE/12345, but it's getting the object from the GCS and serving, how to you see the actual URL?
You have the 3-4 kHz band filtered too hard - much harder than the last Hak5 video you did. Makes it very hard to listen to. As soon as I heard it I knew, but I brought up my audio spectrum analyzer to verify it. There's almost zero energy at those frequencies. Do you know how important this band is for human speech comprehension? I'd like to believe it's a mistake, but more and more RUclips people are doing this, supposedly to try to 'add bass' to your voice. Okay, if you wanna add bass, ADD BASS. Stop nerfing 4 kHz into the ground.
![Twenty One Pilots - “The Line” (from Arcane Season 2) [Official Music Video]](http://i.ytimg.com/vi/E2Rj2gQAyPA/mqdefault.jpg)
as a guy used to Burp community I would have used python to prepare word list all hashed up like that... it takes me forever but it's nice to see the way the smart kids do it.
Could ya use the "intruder" battering ram attack with payload processors... Intruder Works in community edition just rate limited IIRC 🤔 but Zap is dam good too (i prefer their proxy workflow over burp CE).
Lol, I had the same issue with Burp licence! Good timing, thanks.
It will be great if there is comparison between the speed of brute-force with Burp CE, Burp Pro, ZAP and Python script. May be with other languages too ;]
I used this for a pentest last weekend. I only used two websites, and one is quite popular.
I got someone's Visa card from the second one.
The first one was flagged like it was built to be hacked. I also had to dig deep into their policies to figure out there's no explanation for FaceBook, Stripe, Serio and 4 other APIs doing GET and more destroying any way of making what our company needed compliant to use. They also have no nothing about security for Q1 2022. And I sent them my pentest report, and with the shocking details of being able to literally browse each users database they haven't reached back in 6 days!
I usually use this to scan, but I took a deep dive into the extra add-ons while putting Ubuntu on my Microsoft Surface 😂
Great video, please do more of this with ZAP
Thank you for the tutorial and you gave the links to the resources. 👍
nice video ...but where this can be useful? in only bruteforcing ?
Stay consistent bro
Montana represent
Hi! I have a question, would it be possible to use pinephone pro instead of nethunter? They say it has root privileges by default, and also comes with linux terminal, but idk if its apt to do the same thing as a rooted android phone
is this guy the same guy in null byte? Something pretty similar both guys don't blink at all
😂 same guy
I wana ask you i wish that you respond me very soon .. i opened a session in udemy with cookies and after minites i'd close a session .. but when i would reopened again with same cookies it failed.. how to login again and again?
Love this stuff ^^
The first time I security scanned a website with OWASP ZAP, a bunch of data appeared in the "alert" section , The next day when I continued to scan that website, but " alert " item appeared nothing ? Is the data I scanned the first time still saved? how to get it??
Does he even blink ????
Thanks Kody.
is it possible to find the actual source of the API url? For example, if there is an API /POST/SERVE/12345, but it's getting the object from the GCS and serving, how to you see the actual URL?
does this work with gmail ?
how to get rid of this virus cookies?
Great video.
Nice one thank you
Thanks
I love it
Fantastic 🤣👍✔️
Plz make video on bypassing android 12 google account
amazing :o
this method good but my Priority open bullet
Using Owasp Zap on Burpsuits labs lol
First from somalia
You don't start off with a whole bunch of words on the screen your scaring the children
You have the 3-4 kHz band filtered too hard - much harder than the last Hak5 video you did. Makes it very hard to listen to. As soon as I heard it I knew, but I brought up my audio spectrum analyzer to verify it. There's almost zero energy at those frequencies. Do you know how important this band is for human speech comprehension? I'd like to believe it's a mistake, but more and more RUclips people are doing this, supposedly to try to 'add bass' to your voice. Okay, if you wanna add bass, ADD BASS. Stop nerfing 4 kHz into the ground.
Please translate into Arabic.