لحجه ایرانی😂❤

thanks man very well explained !!!

Informative great sharing

are you kidding me?

Do you guys all use burpsuite professional?

Hi, for some reason I am not getting the admin panel

thanks😃

Amazing knowledge and good job of how you explain step by step. Do you have a way of bypassing KYC (document submission and live selfie verification)

Thanks🙂

Great👍

brilliant

u said in video that wait until any victim user click our comment, but in your case you directly get many users like clicking on poll now in my case i won't how much time should i wait??

Do I need linux to do this or I can do it on windows?

its a perfect metod to learn

I got a very less secure app, which allows unlimited OTP tries .. in 5 mins then we just have to resend the otp is it possible to crack it ?

good explanation, is this a stored or reflected xss?

Clear and well explained👍👍

Love the way, you explained this concept.

can we bypass valorant by this ?

what to do if the website validates the extension name but not the file contents? How to activate the code inside the file?

Bro why don't you upload more videos, for network hacking

The basic flaw: it assumes the required code does not change. Use an authenticator tool, with 6-digits that change every 30-seconds, with a 3-mistakes-results in a 5-minute cooldown, and you will need a quantum computer to try to break that puppy.

Thanks for teaching and giving us the ideal are amazing. I am really happy to be here thanks again 🙏🙌🧐✊

Cool video. Are you Israeli or French 😅 the accents always sound so similar

Nice

This Channel Is Amazing Man 👨

Will the admin get notified??

Whats the Solution?

Awesome video

what is the alternative to Burp collaborator, to see thee data , as its a paid tool, can we go for any free tool to check the data,

thie work for only xss stored ?

many love

helpfull thanks alot straight to the point

Thanks

That will not work for most sites, as 1 the 4 digit usually 6 digits code keeps changing, often one-time codes and time limited, 2 after several failed attempts the account is locked, 3 often a secure app is used, 4 the system alerts the account holder of a login from a new device. 5 behavior checks, to see if its a automated attack.

Very nice video

How do i get burp suite for free?

great content

What a great explanation this video should be hosted on port swigger as a community lab solution

thanks

verry good

Can you explain me why we have to use `https`? I did try with `http`, it does not work...

nice <3

How I want see an otp send by server

So basically this attack works on requsting a new otp from the server then trying that otp and hope that our combination of generated and payload otp somehow matches . Isn't this , really difficult and completely based on luck i mean yeah we can increase the speed by making our own code in nodejs or some other languages which are very very fast when it comes to webscraping but still the odds are very very high thay we will get the code i am not sure if any website will be willing to pay for this bug . Please correct me if am wrong 🙏

Is it possible to steal all of the chome broswer cookies of victim uisng cross site scripting xss Attack on valuable website

The time is right. When the OTP is six digits long, it will not prevent the final cut of the exam in case of selection due to a challenge. If the OTP is not released within 60 seconds, the OTP will expire.

This was nice. Thank you 🙏👏👏👏👏

What is that comments box has validation and it we can see the code comments section

lol...now a days firewalls and sniffers are more powerful and normally thwarts this kind of attacks. However, good explanation.