Your tutorials are great, please keep posting! I barely comment on youtube, but you deserve the encouragement.
@thehackerish3 жыл бұрын
Oh! Thanks a lot! I am humbled
@R4z0r_arg2 жыл бұрын
Amazing tutorial mate! Thanks! :)
@thesmartguy35234 жыл бұрын
Good tutorial dude 😁 Just a hint for other curious souls - if you are willing to inspect what the JWT token contains, you can visit JWT.io and paste your token and you're good to go.
@thehackerish4 жыл бұрын
Yeah, or use JWT Web Tokens from BurpSuite
@ReligionAndMaterialismDebunked Жыл бұрын
@@thehackerish true.
@novosecurity68234 жыл бұрын
Good videos 😊 keep posting and share your knowledge
@thehackerish4 жыл бұрын
Thanks!
@ReligionAndMaterialismDebunked Жыл бұрын
Thanks a bunch for the sessions plugin recommendation! :3
@dohnjoe49074 жыл бұрын
The videos are great!
@thehackerish4 жыл бұрын
Glad you like it!
@mdatikqurrahman83763 жыл бұрын
awsome. a lot of new information. I appreciate your efforts
@thehackerish3 жыл бұрын
Enjoy!
@rrashi44843 жыл бұрын
Dude! more videos please....
@nogoodhacker69443 жыл бұрын
I've gotta doubt.. I actually used auth bearer and succeeded but couldn't report it since it is out of scope... my doubt is , can i just report if this is actually possible?? wouldn't they ask, "could you explain how you get the auth bearer in the first place"? or would they just reward me?? The video is super-awesome and i realized that i found a bug finally! BTW can you please clear my doubt if you/someone sees this comment?? Thank you very much for sharing your knowledge
@thehackerish3 жыл бұрын
The exploit is not against the Bearer token. The vulnerability is the IDOR where the ID is not checked. Using the JWT token is just a way to automate the discovery of IDORs using two users, hence two JWTs. If you can replay the same request against a resource which doesn't belong to the user, then it is worth reporting. Otherwise, it is not a vulnerability. I hope this helps.
@nogoodhacker69443 жыл бұрын
@@thehackerish yeah, but I was able to replace auth bearer, ❤️
@msalih Жыл бұрын
1- send the original requests to authmatrix 2- set the attacker auth headers and cookies to authmatrix (add user and send cookie ) 3- RUN
@ajaykumark1074 жыл бұрын
I think renaming this video as Using Autorize and Autorepeater would fetch you more views
@thehackerish4 жыл бұрын
Good idea! I will add them
@rohitgupta-es4fd3 жыл бұрын
awsome vedio
@shivangraina96984 жыл бұрын
Does the bug has high impact if a refresh token is used? Also how to prevent it if ur access token gets stolen?
@thehackerish4 жыл бұрын
If you can steal the JWT token, you can also do the same for the refresh token since they are typically stored in the web browser. To prevent that, you need to make sure you don't have XSS, implement CSP for an added security and implement proof-of-posession, which is documented in the JWT standard.
@shivangraina96984 жыл бұрын
@@thehackerish thankyou so much for the video. Great content.
@msalih4 жыл бұрын
awesome
@navinvenkatesan97844 жыл бұрын
Can you put a videos on all best extender and this video until authmatrix is good and after that little bit confusing and please try to explain that on other video
@thehackerish4 жыл бұрын
Sorry for the confusion. Tell me what you didn't understand exactly to see what I can do.
@navinvenkatesan97844 жыл бұрын
@@thehackerish authmatrix itself confusing and the color showing red and green and if you shortly that enough please explain more And please post videos of other best extenders
@ZZ-vz9in3 жыл бұрын
How do hackers hack a web application and encrypt all devices connected to that application? Like what happened with the "FireEye" company ,do u know something about this tutorial? I am very interested to know how this kind of cyber attack happens، And thank you for helpfully videos
@thehackerish3 жыл бұрын
Threat intelligence reports are a great source of knowledge for you. I suggest you read some...from FireEye itself :)
@ZZ-vz9in3 жыл бұрын
Yes, this is true, but there is no detail that I need, I tried to analyze the reports, but I did not get the required knowledge, please, teacher, post a set of lessons on how to do this and thank you again, I look forward to seeing something similar in your channel
@dishant_singh4556 Жыл бұрын
If i am able to use victim's jwt in my account and able to change any info so it will be eligible or not
@thehackerish Жыл бұрын
Nope, the video explains how to find broken access control using two test accounts. If you can use jwt1 to access/edit/delete resources of user2, then it's an issue.
@dishant_singh4556 Жыл бұрын
@@thehackerish like i am copying the jwt of account A and then using this Jwt of account A in Account B. And session of Account A is destroyed after loging into Account B but Somehow I am still able to see User A PII info and able to change its profile picture, so can I report it ?
@thehackerish Жыл бұрын
@@dishant_singh4556 JWT have an expiration time. Generally, when you logout it will still work for some time unless the dev has blacklisted the jwt upon logout. If you report it, you risk getting informative or a low, but read the policy for any mention of session logout being out of scope.
@rajupaswan5111 Жыл бұрын
How can i find bug or hack banking sites, can you explain with your video
@thehackerish Жыл бұрын
Check the pentesting playlist out, tons of videos on just that
@thaihungnguyen67382 жыл бұрын
Can someone recommend another extension for Firefox, please?
@SankizTime3 жыл бұрын
How to get AUTH header?
@thehackerish3 жыл бұрын
From your test accounts. The objective here is to probe for IDORs, not getting AUTH headers.
@SimplyHackss4 жыл бұрын
first !
@josephrajareddy46064 жыл бұрын
Second
@thehackerish4 жыл бұрын
third
@sail61144 жыл бұрын
Zero😂
@sohailbzioui83234 жыл бұрын
what the impact of broken access control
@thehackerish4 жыл бұрын
It depends on the vulnerable request. Examples: access or update profile data of other users, access admin features, etc.
@amanSingh-bl3um Жыл бұрын
But the question is how will i get victim token.
@thehackerish Жыл бұрын
That's the wrong question. You use this technique to test broken access control between two test accounts
@authenticworld72713 жыл бұрын
I want to learn bug bounty... Can you help me... please 🙏🙏
@thehackerish3 жыл бұрын
Yes, read as much as you can and never stop hacking!
@angeldavatos98003 жыл бұрын
Ahm hello just wanna ask something cause its so complex. If i can set victim user account to private/public by changing my authorization header into the victim. Is this a valid bug? Cause i dont understand how to show the impact cause wht if they ask me how did i get the auth header value?
@thehackerish3 жыл бұрын
I don't think this is a bug unless you can choose the account by an ID. Generally, the feature you mention would need only the JWT to process the request.
@angeldavatos98003 жыл бұрын
@@thehackerish but why here you just change the auth header value? Can you explain to me whats the diffirence thanks
@thehackerish3 жыл бұрын
@@angeldavatos9800 Sure, here I am using the JWT swapping technique to test if I can control the victim's basket, which is referenced by ID.
@asterfiester3 жыл бұрын
The main problem is.. When we submit this kind of vulnerability.. They will ask one question.. How the jwt token obtained..😂😂 Lol😂
@thehackerish3 жыл бұрын
It is not about the JWT, but the identifier that suffers from IDOR
@0xbitbybit Жыл бұрын
@@thehackerish What identifier are you referring to? Isn't any identifier irrelevant if there's no way for an attacker to get the JWT in the first place, the identifier can have all the IDORs it likes if it's not possible for anyone to get the victims JWT. What am I missing here?
@thehackerish Жыл бұрын
@@0xbitbybit the point is not the JWT, it's the data accessible by userA that belong to userB. Both JWTs are linked to test accounts to help broken access control testing