Awesome video Just a small clarification @ 3:08, cookies are sent to the server based on the domain name and not the port. However, protocol is a bit different, it allows HTTP or HTTPS based on the cookie flags and other protocols aren't bound to access the cookies.
The idea here is to think in terms of the USER that you want to hack. If you are trying to use the cookies of a NORMAL user he would be probably accessing using Chrome, Firefox, Safari etc. So it would not be possible to manipulate the Origin Header since that is not the default configuration.
guys i created a system for our project capstone for my school im an IT student i use node js and i use 2 servers one for front (UI) and backend (node js server) now i struggle because of socket io i dont want to overengineer because our time is limited all i want is security
I have a question ... I already have the knowledge on IDOR, CSRF vulnerabilities but I need to practice .. like chess ... I am happy there are softwares I can practice on relating to chess ... because I can test out ..reaarange..apply...try out anything I have learnt ... so saying that .. are there any websites or softwares I can buy that has like 100's of IDOR vulnerabilities that I can use Burp on and practice all night?? Thanks.
Awesome video
Just a small clarification @ 3:08, cookies are sent to the server based on the domain name and not the port. However, protocol is a bit different, it allows HTTP or HTTPS based on the cookie flags and other protocols aren't bound to access the cookies.
You are right, thanks for comment.
@@KacperSzurek My pleasure :)
very insightful. I learn something new every day. Thank you!
Couldn't the attacker just modify the Origin header? Maybe not from the browser, but you could set up a proxy that does it maybe.
The idea here is to think in terms of the USER that you want to hack. If you are trying to use the cookies of a NORMAL user he would be probably accessing using Chrome, Firefox, Safari etc. So it would not be possible to manipulate the Origin Header since that is not the default configuration.
Thanks, man.
Can you please make a video for "How to intercept Thick Client application with Burp Using Invisible Proxy"
guys i created a system for our project capstone for my school im an IT student
i use node js and i use 2 servers one for front (UI) and backend (node js server)
now i struggle because of socket io
i dont want to overengineer because our time is limited all i want is security
I have a question ... I already have the knowledge on IDOR, CSRF vulnerabilities but I need to practice .. like chess ... I am happy there are softwares I can practice on relating to chess ... because I can test out ..reaarange..apply...try out anything I have learnt ... so saying that ..
are there any websites or softwares I can buy that has like 100's of IDOR vulnerabilities that I can use Burp on and practice all night?? Thanks.
Thanks!