[Part III] Bug Bounty Hunting for IDORs & Access Controls

Рет қаралды 8,404

Күн бұрын

In part 3 of this series, we combine what we learned in the previous videos to build a cohesive methodology to hunt for IDORs and Access Control Violations on complex attack vectors with multiple layers of validation.
We also explore testing on a desktop application, as well as through a WebSocket connection, for added complexity.
00:00 - Introduction
00:52 - Review IDORs & Access Control Violations
04:28 - Bug Bounty Hunting on Desktop Apps
06:08 - Complexity & Tech Debt = Bugs
09:09 - WebSockets: What, Why, & How?
12:53 - Shut Up and Hunt!
13:23 - Setting Up Burpsuite
16:50 - Routing the Windows OS Proxy Through Burpsuite
18:16 - Downloading the Figma Desktop App
19:20 - Installing the Figma Desktop App
22:50 - Differences Between Desktop App & Browser App
24:41 - Notes are Mandatory
25:39 - Registering Our First User Account
28:32 - Exploring the Figma Application
34:14 - Creating New Teams in Figma
37:53 - Visualizing the Application in XMind
41:48 - Logging Into the Desktop Application
44:00 - Inviting Users to Our Teams
51:51 - A Quick Tip About Postmessages [@r00tdaddy|@pashakenobi|@liardom]
52:20 - Updating Our Notes
54:30 - Finding Application Boundaries to Test
58:25 - Creating New Projects in Figma
1:05:23 - Creating New Files in Figma
1:08:29 - Identifying Objects for IDORs
1:10:30 - Identifying Mechanisms for Access Control Violations
1:20:25 - Testing Our First Attack Vectors
1:26:13 - Testing Differences Between Desktop App & Browser
1:31:16 - Reducing the HTTP Request
1:35:10 - Four IDOR Attack Vectors in One Request?!
1:41:00 - Testing Combinations of Attack Vectors
1:50:10 - Identifying Mass Assignment in the Figma API
1:56:00 - Finding Attack Vectors for RBAC Testing
1:59:18 - Testing Differences Between Desktop App & Browser
2:02:51 - Testing Multiple Application Boundaries in One Request
2:08:33 - Finding Unique Identifiers for Team Objects
2:13:30 - Testing Boundary 1: IDOR
2:28:25 - Identifying Validation Patterns
2:36:43 - Testing Boundary 2: RBAC
2:44:45 - Finding Valuable Attack Vectors (VAVs)
2:53:17 - Testing VAV1: Moving a File to Project
3:03:38 - Testing VAV2: Adding a User to a Project
3:35:14 - Access Control Testing Desktop Endpoint In Browser
3:45:48 - IDOR Testing in WebSockets
3:59:17 - What is the Purpose of These Videos???
4:02:10 - Summary of What We Learned
Hire Me! - ars0nsecurity.com
Watch Live! - / rs0n_live
Free Tools! - github.com/R-s0n
Connect! - / harrison-richardson-ci...

Пікірлер: 45

@MustafaGains 2 ай бұрын

I dont see any KZfaqr do content like u ❤ you are unique and best

@kittoh_ 5 ай бұрын

Your content is way better than everyone else. Other creators are just selling courses and subscriptions. Keep going man!

@huzaifamuhammad8044 5 ай бұрын

Just got notified and immediately I followed up to see what you have cooked for us this afternoon. Great work Ars0n

@lalit7562 Ай бұрын

way better than paid courses

@xcalibur305 2 ай бұрын

I love your content, keep it going man!

@rainerzufall4268 5 ай бұрын

Thank you for sharing your knowledge. I love your content.

@breakoutgaffe4027 3 ай бұрын

Excellent trilogy thanks a lot! ❤

@exception4144 5 ай бұрын

Thanks for this conceptual video... Practical content

@1ko9 Ай бұрын

Thank you very much for these awesome videos! I watched all of your IDOR & Access Controls videos they are really helpful. I hope I can find my first bug. 🙏

@mr.researcher1525 5 ай бұрын

please make more some xss i loved your teaching methodology ❤

@se78404 3 ай бұрын

Amazing, thanks for your great job

@MFoster392 5 ай бұрын

Thank you ,great info as usual :)

@eyephpmyadmin6988 5 ай бұрын

I really enjoy this

@BLKSD 4 ай бұрын

Sir , i really want another client side injection video , even its 10-hour or more video. i am happy to watch

@ByteHax_ 5 ай бұрын

I love your video background

@Gray3ther 5 ай бұрын

Thanks sooo much ars0n. You're a Rockstar!!

@user-py2bw1qj1h 5 ай бұрын

thank you for this!

@amoh96 5 ай бұрын

Ars0n best content so far thank you alot wish more of this videos deep dive and new tips and tricks

@sourabhmishra8530 5 ай бұрын

Sir you make the best videos

@steiner254 5 ай бұрын

Awesome

@sreeramrm7997 3 ай бұрын

A video about idor without making user's account and how to find vulnerability in that domain.

@user-hw1eh8dh6p 5 ай бұрын

Great,bratan.Please,do a long deep dive live on *****Server Side Request Forgery (SSRF)*********.I am waiting for a long time for this

@greeneyedguy 5 ай бұрын

Awesome ✌️😎👍

@ahmedmouad344 4 ай бұрын

thank you sooo much❤

@adventure6759 4 ай бұрын

Thank you boss

@monikasharma2931 5 ай бұрын

Wow sir big fan ❤

@rhidayah7 5 ай бұрын

Give us a real world scenario advanced idor & access control

@ZArtword 4 ай бұрын

hey bro can u make vedio for extension for burp suite and tnk u so u are this best bro

@abubakarshah4003 5 ай бұрын

Can yu guide where do you goo live cuz on twitch i can’t figure it out

@Mcgenix 5 ай бұрын

tnx

@master-manhood 5 ай бұрын

1:45:24 R-s0n you have talked about integrity checked with signatures is not present. But, I have noticed that the header has the signature present in the Tsid header. But I'm not sure.may be I'm wrong

@kuroketsueki9059 5 ай бұрын

Is it okay to do bug hunting on windows without a box?

@ahmedmouad344 4 ай бұрын

Hello, i have an issue with capturing my target windows requests, I set the proxy as you did in my windows but whenever i try to use the application to sign in for example or anything it pops up network error, once i turn the windows proxy off i get the app running normally. can you help please im searching for solution about week ago. note that i got the same issue with multiple apps not just the target