You clearly missed the all point of CSRF. , CSRF means the attacker tricked the victim (the one with the cookie/session) to do something eval, like changing the password, usually by sending a link or inside hidden without the victim even noticed. It's NOT an eval "different site" who *sent a request on your behalf* . The request eventually comes from the victim, that's the point of CSRF. unlike session/cookie hijacking.
Hello Hussein, I'm really glad i found your channel. While i was watching some of your vids, a question popped up in my head. Can you make a vid that specifies how many users can a webserver handel and what happens when we are using websockets for example...will the load on server drop?
Slav Biachev thanks Slav! Good question!! There is no known limit to how much a server can handle. What you start to notice is slower and slower response time, connection drops .. this is based on how much memory and cpu your server has and based on the workload of each request. It is a good idea for a video 👍 kind of fall on the p99 p95
Hussein brother your contents are really really helpful and I think priceless considering availability of the contents like you are creating in youtube. But as a well wisher and being a much junior than I want to tell you that please say things in more straightcut or specific way please dont make contents bigger just explaining unnecessary sentences or ways.. these sentences create your contents bigger and make sometimes really hateful/intolerable or you can make a short script. Please dont sound some cartoonish way. Please take my words like from a well wisher. please dont take me wrong. Dont speak aa uu or with cartoonish sound just speak straight please please please
SSRF can only happen when the server relies on a piece of header/payload in the request that contain information about URL or sub path that the server need to visit on the backend.
I was just dealing with this today! Perfect timing!
You clearly missed the all point of CSRF. , CSRF means the attacker tricked the victim (the one with the cookie/session) to do something eval, like changing the password, usually by sending a link or inside hidden without the victim even noticed. It's NOT an eval "different site" who *sent a request on your behalf* . The request eventually comes from the victim, that's the point of CSRF. unlike session/cookie hijacking.
I love your teaching style. thank you hussein.
Such a good explanation. This just got the channel a sub.
Prepping for an interview. Helpful. Thank you!
Nicely explained!
Great Content . To the point. Thanks
Great Explaining, Thank you for this incredible video!
Thank you for this video content. I've learned a lot 😊
Good explanation. Thanks
Super video! I applauded for CA$2.00 👏
Thanks!! 🙏
Hello Hussein, I'm really glad i found your channel. While i was watching some of your vids, a question popped up in my head. Can you make a vid that specifies how many users can a webserver handel and what happens when we are using websockets for example...will the load on server drop?
Slav Biachev thanks Slav! Good question!! There is no known limit to how much a server can handle. What you start to notice is slower and slower response time, connection drops .. this is based on how much memory and cpu your server has and based on the workload of each request. It is a good idea for a video 👍 kind of fall on the p99 p95
Hussein brother your contents are really really helpful and I think priceless considering availability of the contents like you are creating in youtube. But as a well wisher and being a much junior than I want to tell you that please say things in more straightcut or specific way please dont make contents bigger just explaining unnecessary sentences or ways.. these sentences create your contents bigger and make sometimes really hateful/intolerable or you can make a short script. Please dont sound some cartoonish way. Please take my words like from a well wisher. please dont take me wrong. Dont speak aa uu or with cartoonish sound just speak straight please please please
In ssrf What if i change some header and was able to visit/get data from api server... Will it still be considered as ssrf ?
SSRF can only happen when the server relies on a piece of header/payload in the request that contain information about URL or sub path that the server need to visit on the backend.
❤️
get a stylus bro
Hi