Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study

  Рет қаралды 8,268

Bug Bounty Reports Explained

Bug Bounty Reports Explained

Күн бұрын

Пікірлер: 33
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
Thank you for watching this video. If you've learnt something new, leave a like to show me that you appreciate it!
@michamoneta669
@michamoneta669 5 ай бұрын
Szkoda, że nie ma tłumaczenia na Polski. Pomyśl o tym😉
@BugBountyReportsExplained
@BugBountyReportsExplained 5 ай бұрын
@@michamoneta669 myślałem nie raz i doszedłem do wniosku, że jeżeli ktoś chce rozwijać się w web security to i tak musi znać angielski
@michamoneta669
@michamoneta669 5 ай бұрын
Jesteś wybitnym Pentesterem i fajnie jakby były chociaż napisy po Polsku. Właśnie będę działał z angielskim z Wiki Sitko i działam również z Security Starter pakietem, ze Szkoły Maćka Kofla. Fajna sprawa Cybersec. tylko nie wiem czy już dla mnie nie jest za późno..... chodzi o moj wiek.🤔 Zrobiłem suba Twojego kanału, cóż będę słuchał po angielsku😁
@fengzhi-p1f
@fengzhi-p1f 12 күн бұрын
您好,我有一些关于 HTTP 请求走私的问题。我如何在 Discord 上联系你们?
@musawerkhan9817
@musawerkhan9817 5 ай бұрын
Why do we have to use white space character please clarify this is possible
@musawerkhan9817
@musawerkhan9817 5 ай бұрын
And also how can we figure it out that a backend is using HTTP/1.1, HTTP/2 or HTTP/3
@day0xyz1
@day0xyz1 6 ай бұрын
In addition to Burp Plugin HTTP Request Smuggler, what other methods can find this vulnerability?🤒
@HerlockShomes
@HerlockShomes 5 ай бұрын
Hi thanks for the video, can I get the notion link of the reports?
@crlfff
@crlfff 6 ай бұрын
I’ve watched so many videos, done courses on http request smuggling and still don’t understand. I’m thinking about making a http server in C to exploit it myself to understand it better
@huzaifamuhammad8044
@huzaifamuhammad8044 6 ай бұрын
Is that you didn't understand or that you couldn't exploit one HRS in the wild ? I did understand the bug class but I never found one in the wild.
@crlfff
@crlfff 6 ай бұрын
@@huzaifamuhammad8044well maybe, I’m testing a target right now and I have two responses but I’m not sure if its a false positive or not
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
a few years ago, I made a video about basics of request smuggling, maybe that will help: kzbin.info/www/bejne/nauwZaqNdpyFfNE
@alvarobalada6528
@alvarobalada6528 6 ай бұрын
Next Video: $$.$$$ bounty using request smuggling
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
Hopefully!
@airsky21
@airsky21 5 ай бұрын
How to contact you privately?
@BugBountyReportsExplained
@BugBountyReportsExplained 5 ай бұрын
write me a DM on twitter
@adampauloantony3097
@adampauloantony3097 6 ай бұрын
thanks👍
@javeleyjaveley
@javeleyjaveley 6 ай бұрын
Can you share the notion reports?
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
At this point I don't know if you're trolling me or just haven't watched the video but I answered this in 6:57
@InfoSecIntel
@InfoSecIntel 5 ай бұрын
I think he means the database, which i also just tweeted you about because I cant find it
@BugBountyReportsExplained
@BugBountyReportsExplained 5 ай бұрын
@@InfoSecIntel it's in the bottom of the article that's linked in the description
@InfoSecIntel
@InfoSecIntel 5 ай бұрын
Thank you. I see soo many people ask this question so sorry lol, that database on the article looks like an image so that's what I always thought it was. But you mention it in the video. Thanks again.
@BugBountyReportsExplained
@BugBountyReportsExplained 5 ай бұрын
@@InfoSecIntel No problem ;) There's also the link to the same database but in Notion below that embedded database.
@airsky21
@airsky21 5 ай бұрын
Hello, I am from China. I like the video content of your channel very much. I want more people to learn these vulnerabilities. Can I translate your video and repost it to the Chinese bilibili video website? I will mark your KZbin address on the video page, thank you
@BugBountyReportsExplained
@BugBountyReportsExplained 5 ай бұрын
Please reach out to me privately
@airsky21
@airsky21 5 ай бұрын
@@BugBountyReportsExplained How?
@kunshtanwar4765
@kunshtanwar4765 6 ай бұрын
Hey dude, great video as always. I had a question for so long after completing all the labs related to http request smuggling from portswigger is that I am able to identify the HRS vulnerabilities using the detection method, and even the Smuggler tool but never able to showcase a full-proof POC because I have seen people use Turbo intruder for that like here 6:26, and I couldn't find a place to learn that so I request you if you can make a video on how to actually make a POC or show the IMPACT as we say, because I have so many places I couldn't show the actual poc it was annoying.
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
There are many scenarios, many context and I couldn't make one video to cover all exploit methods. If you believe you have a valid bug but can't piece an exploit, DM me on Twitter or Discord and I'll try to exploit.
@gespoL-
@gespoL- 6 ай бұрын
Se garantiu
@balsonga
@balsonga 6 ай бұрын
🧉mate time 19:24
@BugBountyReportsExplained
@BugBountyReportsExplained 6 ай бұрын
I love mate!
CSRF - how to find it in 2024? CSRF bug bounty case study
15:29
Bug Bounty Reports Explained
Рет қаралды 8 М.
HTTP 1 Vs HTTP 2 Vs HTTP 3!
7:37
ByteByteGo
Рет қаралды 266 М.
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 22 МЛН
Osman Kalyoncu Sonu Üzücü Saddest Videos Dream Engine 275 #shorts
00:29
2 MAGIC SECRETS @denismagicshow @roman_magic
00:32
MasomkaMagic
Рет қаралды 21 МЛН
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
32:30
DEFCONConference
Рет қаралды 34 М.
How to do account takeover? Case study of 146 bug bounty reports
30:23
Bug Bounty Reports Explained
Рет қаралды 10 М.
Missing HTTP Security Headers - Bug Bounty Tips
15:48
LiveOverflow
Рет қаралды 141 М.
HTTP Request Smuggling - False Positives
16:40
PinkDraconian
Рет қаралды 13 М.
HTTP Desync Attacks: Request Smuggling Reborn
47:36
Black Hat
Рет қаралды 30 М.
Turning unexploitable XSS into an account takeover with Matan Berson
23:46
Bug Bounty Reports Explained
Рет қаралды 13 М.
Client-side desync vulnerabilities - a breakthrough in request smuggling techniques
12:51
Bug Bounty Reports Explained
Рет қаралды 17 М.