Burp for Beginners: How to Use Repeater
Рет қаралды 10,533
Күн бұрын
@danyelvillalba7 4 жыл бұрын
I love your content, Your videos motivate me more and more to continue with bug bounty! Thanks Katie, I like this kind of videos with real targets, Thanks a lot!!!!
@khalifakhalifi2397 3 жыл бұрын
I love the way it is explained, and I also love the voice! Love your content!
@sachinmaurya3259 4 жыл бұрын
Finally!! I was waiting for your video :)
@InsiderPhD 4 жыл бұрын
Hope you enjoyed it!
@sachinmaurya3259 4 жыл бұрын
@@InsiderPhD Yep ;)
@kevingeorge9152 4 жыл бұрын
Is having in depth knowledge of web development necessary for getting started with bug bounty? I have no web dev experience, so should I first learn it to understand how JavaScript and stuff works or is it not really necessary? PS : thanks for all these amazing videos
@InsiderPhD 4 жыл бұрын
You don't need to learn how to do web development, in fact not knowing can be an advantage since you might look in places someone with dev experience might skip over! But I will say that it helped me a lot and it meant when I went into hacking I saw it as an extension of deving rather than a new skill. STOK is quite well known for not being a dev and TomNomNom is a dev and they're on the same team! If you want my opinion, learn how to make a basic web app in a language (python might be a good choice since many tools use it), to get a feel for how it works!
@husseindhooma5816 2 жыл бұрын
Amazing content Katie, thank you so much
@zeus-x0722 4 жыл бұрын
Thank so much Katie for amazing effort
@InsiderPhD 4 жыл бұрын
Thank you! Happy to make it :)
@htsec4923 2 жыл бұрын
Thank you 🙏🏻
@jacklinenyamuiru6360 4 жыл бұрын
hi katie, i love your videos, thank you :)
@nikhil6085 4 жыл бұрын
Thanks Katie! I was trying to do the same with gmail but the requests over there are too difficult to interpret. I would like to highlight one thing, your mail won't be sent because there are many values in that request which are changed while sending an email. Solution to this problem is you send two different emails from your account (from browser like a legitimate user), then in Burpsuite you send those email request to comparer (request) and find out the changes between the two requests and do the same in your crafted email in repeater. Add random values of same length where the changes are seen and boom! your email will be sent.
@SpookiePower 4 жыл бұрын
Thanks for another great video. Hopes to see more Burp videos from you :)
@InsiderPhD 4 жыл бұрын
Sooooon! I’m hoping to cover everything in intruder!
@shreyanshdesai3152 4 жыл бұрын
i needed this so badly cause i just started in bug bounty ps- i wanted to know that is cracked burp harmfull to use as i can not afford one
@InsiderPhD 4 жыл бұрын
You don't need to use a cracked version! You can just the Community Edition (free one)! The full version isn't necessary when you just start out
@shreyanshdesai3152 4 жыл бұрын
@@InsiderPhD thanks for showing path I appreciate you helping community
@joshgordon7299 4 жыл бұрын
Awesome
@nikolakrsmanovic1253 4 жыл бұрын
Great content! Keep up!
@InsiderPhD 4 жыл бұрын
Thanks, will do!
@muhammedali1870 4 жыл бұрын
Hey Katie, do you think subdomain takeover is still worth to hunt or it will be very hard to find and just wasting my time? Thanks
@InsiderPhD 4 жыл бұрын
People do find their first bugs with subdomain takeovers, but just make sure that the services you're looking at are vulnerable via github.com/EdOverflow/can-i-take-over-xyz this is a good introduction www.hackerone.com/blog/Guide-Subdomain-Takeovers !
@sys_rootkit 4 ай бұрын
great
@niraj9226 4 жыл бұрын
Love your videos. Thanks for the videos. I have a question that since you are using the suite on yahoo.com, so is it legal? Can I use burp suite on any website? I mean is it legal to use on unauthorized websites? thanks and keep sharing your knowledge.
@InsiderPhD 4 жыл бұрын
No! I am allowed to hack on Yahoo.com because it runs a public bug bounty program on HackerOne hackerone.com/verizonmedia you should never test a website you're not explicitly allowed to via a bug bounty program or some kind of authorisation directly from a company (eg a pentest)
@niraj9226 4 жыл бұрын
Thanks Katie . Please don't stop uploading videos for beginners. I am a newbie.
@hasnainabidkhanzada3754 4 жыл бұрын
Since you already know where ymail endpoints are in the long list of yahoo request captured by burp but what if someone doesn't know about them? How he can find endpoints? For suppose endpoints fo Gmail etc? Any suggestions regarding that?
@InsiderPhD 4 жыл бұрын
It comes with practice basically, I have hacked the Yahoo Mail app before so I know what I'm looking for, but usually my approach is: - Poke at what I want to hack - Go to burp, see what requests were just sent - Look for one which has the data my poke had, ignore anything that looks like a tracker/advert - Use that to filter down my Burp scope
@hasnainabidkhanzada3754 4 жыл бұрын
@@InsiderPhD Ok Got it, Thanks :)
@hasnainabidkhanzada3754 4 жыл бұрын
@@InsiderPhD Ok Got it, Thanks :)
@StefanRows 4 жыл бұрын
Katie = Insta Thumbs Up
@InsiderPhD 4 жыл бұрын
🙌
@KrakoonGaming 4 жыл бұрын
You are using burp on windows or any other os
@InsiderPhD 4 жыл бұрын
I primarily use OSX to bug hunt so I mainly use the Mac version of Burp
Trà Đặng Official
Рет қаралды 8 МЛН
CryptoCat
Рет қаралды 8 М.