Thank you for watching this video. If you've learnt something new, leave a like to show me that you appreciate it!
@michamoneta6695 ай бұрын
Szkoda, że nie ma tłumaczenia na Polski. Pomyśl o tym😉
@BugBountyReportsExplained5 ай бұрын
@@michamoneta669 myślałem nie raz i doszedłem do wniosku, że jeżeli ktoś chce rozwijać się w web security to i tak musi znać angielski
@michamoneta6695 ай бұрын
Jesteś wybitnym Pentesterem i fajnie jakby były chociaż napisy po Polsku. Właśnie będę działał z angielskim z Wiki Sitko i działam również z Security Starter pakietem, ze Szkoły Maćka Kofla. Fajna sprawa Cybersec. tylko nie wiem czy już dla mnie nie jest za późno..... chodzi o moj wiek.🤔 Zrobiłem suba Twojego kanału, cóż będę słuchał po angielsku😁
@fengzhi-p1f12 күн бұрын
您好,我有一些关于 HTTP 请求走私的问题。我如何在 Discord 上联系你们?
@musawerkhan98175 ай бұрын
Why do we have to use white space character please clarify this is possible
@musawerkhan98175 ай бұрын
And also how can we figure it out that a backend is using HTTP/1.1, HTTP/2 or HTTP/3
@day0xyz16 ай бұрын
In addition to Burp Plugin HTTP Request Smuggler, what other methods can find this vulnerability?🤒
@HerlockShomes5 ай бұрын
Hi thanks for the video, can I get the notion link of the reports?
@crlfff6 ай бұрын
I’ve watched so many videos, done courses on http request smuggling and still don’t understand. I’m thinking about making a http server in C to exploit it myself to understand it better
@huzaifamuhammad80446 ай бұрын
Is that you didn't understand or that you couldn't exploit one HRS in the wild ? I did understand the bug class but I never found one in the wild.
@crlfff6 ай бұрын
@@huzaifamuhammad8044well maybe, I’m testing a target right now and I have two responses but I’m not sure if its a false positive or not
@BugBountyReportsExplained6 ай бұрын
a few years ago, I made a video about basics of request smuggling, maybe that will help: kzbin.info/www/bejne/nauwZaqNdpyFfNE
@alvarobalada65286 ай бұрын
Next Video: $$.$$$ bounty using request smuggling
@BugBountyReportsExplained6 ай бұрын
Hopefully!
@airsky215 ай бұрын
How to contact you privately?
@BugBountyReportsExplained5 ай бұрын
write me a DM on twitter
@adampauloantony30976 ай бұрын
thanks👍
@javeleyjaveley6 ай бұрын
Can you share the notion reports?
@BugBountyReportsExplained6 ай бұрын
At this point I don't know if you're trolling me or just haven't watched the video but I answered this in 6:57
@InfoSecIntel5 ай бұрын
I think he means the database, which i also just tweeted you about because I cant find it
@BugBountyReportsExplained5 ай бұрын
@@InfoSecIntel it's in the bottom of the article that's linked in the description
@InfoSecIntel5 ай бұрын
Thank you. I see soo many people ask this question so sorry lol, that database on the article looks like an image so that's what I always thought it was. But you mention it in the video. Thanks again.
@BugBountyReportsExplained5 ай бұрын
@@InfoSecIntel No problem ;) There's also the link to the same database but in Notion below that embedded database.
@airsky215 ай бұрын
Hello, I am from China. I like the video content of your channel very much. I want more people to learn these vulnerabilities. Can I translate your video and repost it to the Chinese bilibili video website? I will mark your KZbin address on the video page, thank you
@BugBountyReportsExplained5 ай бұрын
Please reach out to me privately
@airsky215 ай бұрын
@@BugBountyReportsExplained How?
@kunshtanwar47656 ай бұрын
Hey dude, great video as always. I had a question for so long after completing all the labs related to http request smuggling from portswigger is that I am able to identify the HRS vulnerabilities using the detection method, and even the Smuggler tool but never able to showcase a full-proof POC because I have seen people use Turbo intruder for that like here 6:26, and I couldn't find a place to learn that so I request you if you can make a video on how to actually make a POC or show the IMPACT as we say, because I have so many places I couldn't show the actual poc it was annoying.
@BugBountyReportsExplained6 ай бұрын
There are many scenarios, many context and I couldn't make one video to cover all exploit methods. If you believe you have a valid bug but can't piece an exploit, DM me on Twitter or Discord and I'll try to exploit.