Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: ruclips.net/p/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Intro 00:13 - Identify a suitable cache oracle 01:20 - Add a cache buster 02:13 - When are two requests identical? 03:12 - Why do we add a cache buster? 03:53 - Test the cache buster in Burp 04:37 - Use Param Miner to find X-Forwarded-Host header 05:28 - What is an unkeyed input? 06:18 - Inject the X-Forwarded-Host header
hey @mohsinhafeez, I'd pick a micro web framework in the programming language that you're most comfortable with. For me that's Python so I use Flask. With Flask you can set a route/uri path, and you can return a custom response body and custom response headers pretty easily.
Exactly this was a question i was about to ask.. Iam not a developer and i will have to learn more about flask, much appreciated, be sure i will be back if it doesn't work out.😎. Cheers
Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: ruclips.net/p/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5
Here are the timestamps for this video - ⏱
00:00 - Intro
00:13 - Identify a suitable cache oracle
01:20 - Add a cache buster
02:13 - When are two requests identical?
03:12 - Why do we add a cache buster?
03:53 - Test the cache buster in Burp
04:37 - Use Param Miner to find X-Forwarded-Host header
05:28 - What is an unkeyed input?
06:18 - Inject the X-Forwarded-Host header
Thanks man for sharing with us !!!
Amazing, thank you! Loved that you showed how to use the Parameter Miner extension on pro and community
Amazing explanation, thanks alot, keep going.
I don't understand unkeyed vs keyed can you help explain?
man beautiful video. you are insane.... thank you!!!!!
happy to see this.
Can you finish all labs from this topic please
Thanks
thanks @nguyenthanhcong92! yep I'll be posting videos for all 12 labs on this topic 👍
@@netletic cool, will they be posted all in one day
@nguyenthanhcong92 I'll posting one a week on average I'd say 😬 just posted the second one!
What software you used to make that boxes/windows with the request to explain them on the video? I want to use them too for my channel
Hi, thank you very much or the in depth explanation, while bug hunting, what would you recommend to use as an "exploit server"?
hey @mohsinhafeez, I'd pick a micro web framework in the programming language that you're most comfortable with. For me that's Python so I use Flask. With Flask you can set a route/uri path, and you can return a custom response body and custom response headers pretty easily.
@@netletic thank you! I’ll try this.
Exactly this was a question i was about to ask.. Iam not a developer and i will have to learn more about flask, much appreciated, be sure i will be back if it doesn't work out.😎. Cheers