I love your content, Your videos motivate me more and more to continue with bug bounty! Thanks Katie, I like this kind of videos with real targets, Thanks a lot!!!!
@khalifakhalifi23973 жыл бұрын
I love the way it is explained, and I also love the voice! Love your content!
@sachinmaurya32594 жыл бұрын
Finally!! I was waiting for your video :)
@InsiderPhD4 жыл бұрын
Hope you enjoyed it!
@sachinmaurya32594 жыл бұрын
@@InsiderPhD Yep ;)
@kevingeorge91524 жыл бұрын
Is having in depth knowledge of web development necessary for getting started with bug bounty? I have no web dev experience, so should I first learn it to understand how JavaScript and stuff works or is it not really necessary? PS : thanks for all these amazing videos
@InsiderPhD4 жыл бұрын
You don't need to learn how to do web development, in fact not knowing can be an advantage since you might look in places someone with dev experience might skip over! But I will say that it helped me a lot and it meant when I went into hacking I saw it as an extension of deving rather than a new skill. STOK is quite well known for not being a dev and TomNomNom is a dev and they're on the same team! If you want my opinion, learn how to make a basic web app in a language (python might be a good choice since many tools use it), to get a feel for how it works!
@husseindhooma58162 жыл бұрын
Amazing content Katie, thank you so much
@zeus-x07224 жыл бұрын
Thank so much Katie for amazing effort
@InsiderPhD4 жыл бұрын
Thank you! Happy to make it :)
@htsec49232 жыл бұрын
Thank you 🙏🏻
@jacklinenyamuiru63604 жыл бұрын
hi katie, i love your videos, thank you :)
@nikhil60854 жыл бұрын
Thanks Katie! I was trying to do the same with gmail but the requests over there are too difficult to interpret. I would like to highlight one thing, your mail won't be sent because there are many values in that request which are changed while sending an email. Solution to this problem is you send two different emails from your account (from browser like a legitimate user), then in Burpsuite you send those email request to comparer (request) and find out the changes between the two requests and do the same in your crafted email in repeater. Add random values of same length where the changes are seen and boom! your email will be sent.
@SpookiePower4 жыл бұрын
Thanks for another great video. Hopes to see more Burp videos from you :)
@InsiderPhD4 жыл бұрын
Sooooon! I’m hoping to cover everything in intruder!
@shreyanshdesai31524 жыл бұрын
i needed this so badly cause i just started in bug bounty ps- i wanted to know that is cracked burp harmfull to use as i can not afford one
@InsiderPhD4 жыл бұрын
You don't need to use a cracked version! You can just the Community Edition (free one)! The full version isn't necessary when you just start out
@shreyanshdesai31524 жыл бұрын
@@InsiderPhD thanks for showing path I appreciate you helping community
@joshgordon72994 жыл бұрын
Awesome
@nikolakrsmanovic12534 жыл бұрын
Great content! Keep up!
@InsiderPhD4 жыл бұрын
Thanks, will do!
@muhammedali18704 жыл бұрын
Hey Katie, do you think subdomain takeover is still worth to hunt or it will be very hard to find and just wasting my time? Thanks
@InsiderPhD4 жыл бұрын
People do find their first bugs with subdomain takeovers, but just make sure that the services you're looking at are vulnerable via github.com/EdOverflow/can-i-take-over-xyz this is a good introduction www.hackerone.com/blog/Guide-Subdomain-Takeovers !
@sys_rootkit4 ай бұрын
great
@niraj92264 жыл бұрын
Love your videos. Thanks for the videos. I have a question that since you are using the suite on yahoo.com, so is it legal? Can I use burp suite on any website? I mean is it legal to use on unauthorized websites? thanks and keep sharing your knowledge.
@InsiderPhD4 жыл бұрын
No! I am allowed to hack on Yahoo.com because it runs a public bug bounty program on HackerOne hackerone.com/verizonmedia you should never test a website you're not explicitly allowed to via a bug bounty program or some kind of authorisation directly from a company (eg a pentest)
@niraj92264 жыл бұрын
Thanks Katie . Please don't stop uploading videos for beginners. I am a newbie.
@hasnainabidkhanzada37544 жыл бұрын
Since you already know where ymail endpoints are in the long list of yahoo request captured by burp but what if someone doesn't know about them? How he can find endpoints? For suppose endpoints fo Gmail etc? Any suggestions regarding that?
@InsiderPhD4 жыл бұрын
It comes with practice basically, I have hacked the Yahoo Mail app before so I know what I'm looking for, but usually my approach is: - Poke at what I want to hack - Go to burp, see what requests were just sent - Look for one which has the data my poke had, ignore anything that looks like a tracker/advert - Use that to filter down my Burp scope
@hasnainabidkhanzada37544 жыл бұрын
@@InsiderPhD Ok Got it, Thanks :)
@hasnainabidkhanzada37544 жыл бұрын
@@InsiderPhD Ok Got it, Thanks :)
@StefanRows4 жыл бұрын
Katie = Insta Thumbs Up
@InsiderPhD4 жыл бұрын
🙌
@KrakoonGaming4 жыл бұрын
You are using burp on windows or any other os
@InsiderPhD4 жыл бұрын
I primarily use OSX to bug hunt so I mainly use the Mac version of Burp