Это видео недоступно.
Сожалеем об этом.
OpenRedirect vulnerability Mass Hunting | Bug bounty poc
HTML-код
- Опубликовано: 7 мар 2024
- in this video i am going to show you how to mass hunt for openredirect vulnerability and report to bounty program to earn bounties.
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
Excellent work bro. I never thought this way
❤️
Jnjkk
I was waiting for your videos..❤❤
my pleasure bro ❤️😇
Amazing!!!!🔥Really need tutorials or videos on bug hunting from you!
sure all comming soon ❤️
did u gonna tell us all the stratigys for bug bounty and exploits finding ?
im having fun see u do that , thats so cool @@lostsecc
Good job bro. ❤ Appreciate @@lostsecc
super content bro i like your stratagie
can you plz telme the whole learning path to learn fully like you
join telegram i will share all @lostsec
love your content bro, hope to be like you someday
my pleasure bro ❤️😇
OP Bro...
❤️
I like your contents. Straight to the point. Where can I get that tool you used to automatically give google dork payloads.
thnq so much bro ❤️ join my telegram i will post all tools and payloads @lostsec
Awesome content bro! With open redirects I’m assuming you can find ways to escalate to a bigger vuln?
yes you can perform xss and ssrf
I see you are using Windows 10 and also opening multiple tabs on terminal..what terminal is that? i guess cmd does not have that feature in windows 10
its window terminal you will found in microsoft store
keep going
Id throw all those in something like dalfox too, maybe even ppmap. I bet those all were made poorly to begin with
dont become independent on tools do manual hunt most of times tool give false postive
Which tools and extension do you use?
its LinkGopher & OpenRedirex
@@lostsecc thanks sir
@@lostsecchey how do i connect to you
@@Nochymusic telegram @lostsec
@@lostsecc cool i just joined your telegram channel👳🏼♀️
You deserve a lot of likes ❤❤✔✔
its means lot for me🥰❤️
lostsec, what you do if you dont find any vulns in a bbp? do you keep going or do you change?
dont stat too much in one site do your best whatever you learn try them..and just moveon to different target dont wsste much time there are thousands of subdomains so just keep going...
@@lostsecc That might be true for this kind of vulnerability findings. But if you want to get paid on hackerone for example you need to spend loads of time trying different kinds of stuff.
aww the song was so cool, i wonder if i learn haking, will this cool songs pop up on my playlist..
join my telegram @lostsec
Bruh what is that terminal in windows ? Wsl ? Powershell ?
wsl2
Available at Microsoft Store ? Does it allow root privilege?
nope
good luck bro 😊
Broo you are my inspiration ❤😎
and you guys are my motivation also ❤️😇
which extension is used to extract
link gopher
Name of the extension getting all urls ?
linkGopher
cool videos, but why don't you use keyboard shortcuts? ctrl+c, ctrl+v, ctrl+a
i use but sometime not bcz of my placement of sitting and i light off most time so keyboard not show that time
how do you find if a website or program has bugs, like i know you had to test it, but do you just go to random and test it one by one by yourself, or you use automation like scrapiing and auto find bugs on website/program?
there are many thing including automation and manual depend on bug ...but first you need to find all subdomains and then filter live host and then extract links and then do automation and also pick one target juicy one and do manual all testing...
@@lostsecc how do i find subdomains? do i have to brute force and match it one by one?
if yes are there any good tools for it?
or are there optimized technique?
subfinder and amass is best for this or you can use online website also like nmapper or sudomain finder..dont worry all content from staring and ending comming..just stay with me bro ..
@@lostsecc yes ofcurse bro, you are one of my reason im starting to like cyber security and it gave me richer knowledge especially cause im in backend area, so you gave me knowledge to make me build more secure software, it looks fun when i watch your videos especially penetrating in web/url area, keep it up, hope the best for you
❤️😇my pleasure to hear this from you ...
no way, are you ethersec?, because i am too :)
Thank you sir !
You can click on the mouse wheel if you want to open the link on a new tabs it's more easier and faster
oh nicee man i did'nt notice it thank you so much brother ❤️🫂
What song is this? Wat version of kerosene is this?
rain version
What terminal do I use on Windows in the video?
search window terminal in microsoft store and install wsl2 in it with kali linux with ohmyposh themes
your google is a little different. you can go to next page or page 1, 2, 3 which i can't. I dont have that option here.
which browser
@@lostsecc google chrome
Great Content ... Lostsec ...
❤️😇Thnq brother
hello bro, im french and I wanted to know if there is a tool to write reports more easily or even automatically ? thx ;)
just use chatgpt it will make best report for you ❤️try once
Tutorial video plz
Bro, which extension did you use to view all domains?
link gopher
Well done, brother🎉
thnq brother❤️😇
Where do you get bug bounty offers like this?
join my telegram you will no @lostsec
@@lostsecc I already joined
Bro which extension and tool you used in recon ?
link gopher & openredirex
@@lostsecc author or source of openredirex tool bro ?
google it@@nonidentified89
where do you get this software bro?
dm me.in telegram i will share @lostsec
Like to learn more on how to bug hunts
join telegram it would be help you t.me/lostsec
bro which google dork were u using?
site:abc.com and redirect= url= etc
All answers lead to more questions
Can u upload shells using this vulnerability?
nope you can try xss ssrf
is this is how bug bounty performed?
just demo
bro witch plugin you use for converting google search to links?
link gopher
How do you make it seem so easy? epic stuff
part 2 tcomming soon with whitelist filter bypass 😉
Hi bro recently watched your videos, i like this your bounty but, i recently started bug bount. Can you help me?
How to select website and normal of bugs names tell me bro....main question how to select domains
just pick your fav one program.and find all.subdomains and eztract urls and then find all bugs in all parameters i will.make soon playlist for this from start recon to end just wait sometime..
@@lostsecc We are looking forward to it bro
Nice one brother
thnq brother ❤️
awesome, i love you
love you three❤️
bro, where you learning this?
self i just explore things in my own style..
holy nice bro@@lostsecc
Amazing video ❤😍
❤️😇
Great video bro❤❤
😇❤️thnq bro
Yo lostsec do you have a github acc where you share these tools because I can't find them in your tg channel
just msg me.in telegram through bot i will share you all tools or i will share in channel soon..
@@lostsecc i did but idk if it worked
@@keyon_renner what not work
@@lostsecc i messaged you on telegram i think its not working
wow bro since when are you hunting
6 month. before i done ceh chfi redhat ccnp and ctf player
did u using vpn or proxy while hacking?
vpn
Which website you are hunting on ?
Russia domains
@@lostsecc i was waiting fir u r video
😇❤️Ahhhh my pleasure
wha is tool & extensions
link gopher & openredirex
Bro which terminal you use?
window terminal
Okay Bro.@@lostsecc
keep up m bro
thnq bro 😇❤️
First of all, thank you my friend, but what harm can this do?
you can redirect victim to malicious site and also perform ssrf and xss and many thing...
@@lostsecc thanks for your reply you have discord or telegram?
Can you please share your google dock search terms thanks
dm me in telegram i will share there all things @lostsec
Gold bro! thanks
❤️☺️
share a big bounty recon ?
github.com/Viralmaniar/BigBountyRecon
where do you report such websites to get money?
there are some bounty platform in that you can submit but for live website other then bounty program you can report it to there company email
xss ke mass hunting ke video sir leke ao
sure ❤️
tools name (extension, etc)
shared in my tg channel t.me/lostsec
Can you teach us that how can we also find bug like you?? plz reply if you can
You videos always motivate me to do so
keep going bro you doing great🧡🧡
sure why not i am uploading soon bug hunting seriess in very essy stepss..you can find bug..
thanks bro and can't wait for you series@@lostsecc
@@lostsecc thanks brother have voice also THANK YOU
Not matter u get bug or not the point is the site target is on the list of bug bounty or not if not on the list well that waste time 😅
due to privacy of bug bounty program i cannot show that so but.hope you have idea on live site.
song name??
kerosene rain edition
nice mann
thnks man ❤️
Bro but mostly websites with domains like ru and tk don't give bounties
yes its just example so you have idea how to find in real target just add there name in site:ab.com
Bruuhhh,
can i get that framework ?
there is person name in twitter just pull put from there
ngl i have no idea what’s going on 😅
just search on google what is openredirect vulnerability
@@lostsecc okay I appreciate it thanks 🙏🏽
update: I understand what this means now
Amo tu trabajo amorsito ❤ I Love U ❤
he said "sweetheart" to lostsec... asf lol
i love you three ❤️☺️
🌝
@@lostseccI love you too much baby, keep up your work 💕
❤️☺️
Extension name bro
link gopher
i dont even understand what was the vul here XDDDD
i give reply to somone just read it
@@lostseccok thanks i found it
Can someone please explain what is going on? ❤😊
open Redirect is security vulnerability in this attacker can change the website url redirection by this they can transfer victim to there own phising or milicious site or they can do xsss and steal there cookie and login to there account aka ATO account takeover & they can spread malware by this when victim visit the link there will be malicious file download on there system that will compromise and damage more thing...
@@lostsecc ooh makes alot of sense, thank you for the answear man
app name or link ??
just search on google opentedirex github
or join channel @lostsec in telegram
did you get bounty?
its live site not bounty program
ok@@lostsecc
bro you got bounty??
its live hunting broo i also done in bounty program
But who cares about open redirects there are so many why report them there useless anyway
that video will help you in real bounty program there you can earn bounty..
join telegram @lostsec
Bro how you report this?? Got 500$ Make video for that..🎉
sure
Jj
Hello lostsecc
🤗
bro i need your instagram your telegram your facebook anything bro i want to be your friend to teach me bro big respect
just dm in telegram @lostsec nice to meet you bro ❤️