The burp extension, code to change the signature and the lab which was used are all linked in the description!
@kunalraut16894 жыл бұрын
But what if the server doesn't accepts the request made to it having the Symmetric Algorithm(parameter) or doesn't accept any altered requests and just neglects it. Then its of no use for us to alter the 'alg' to something else and we have to deal with it the way it excepts(Asymmetric Algorithm)? And btw well explained! Thank You.
@afifmalghani7554 жыл бұрын
Once again, the best beginner friendly content out there. Keep it up.
@jatindersingh704710 ай бұрын
Just wanted to drop some appreciation your way! Your content has been an absolute lifesaver for beginners diving into the world of cybersecurity. I would love to see more videos on web vulnerabilities and diving deeper into those crucial interview questions which are not very common, but frequently asked in the interview. Keep up the fantastic work!" :)
@MattiaCampagnano4 жыл бұрын
As a pentester, I tell you you girl rock. Well done, keep up the good work!
@manikgoenka87204 жыл бұрын
Just randomly crashed into this channel yesterday and now I am a subscriber........you are doing a great job Farah.......looking forward to explore this field.
@thecoder79844 жыл бұрын
Farah your are an role model and example of millions of Indian women.👍👍👍
@adryelgainza16862 жыл бұрын
Awesome! Lots of videos showed how to do it but they did not explain the vulnerability like you. Thank you!
@corporatemurrell4 жыл бұрын
What an amazing video! Great music and sound effects, superb graphics and editing, fresh technical content in a bite sized package, and such a pleasant voice. You're setting the bar really high, and I hope you continue you to do so! Good job!
@himanshushah94714 жыл бұрын
Please make video on Beginner guide to cybersecurity/ethical hacking and all stuff like scope, carrier, programming languages, Basics,Certification, what to Learn and where?,Resources, etc...
@himanshushah94714 жыл бұрын
Also make video Your CEH journey
@monishpalanikumar4 жыл бұрын
You've given a precise and beginner friendly tutorial.. thank you so much Farah ! 🤗
@yrks11094 жыл бұрын
Just don't stop these kind of Videos about Cyber security, as a Beginner myself I rely on KZbin for gathering 98% of knowledge, so thanks for giving us a video like this! Keep it going! 👍👍🔥
@shwetakalkhair12064 жыл бұрын
M currently doing a project in my office.. they using JWT.. this was actually helpful for testing JWTs.. thank u 🙂
@Unhacker2 жыл бұрын
Good stuff, one of the better JWT hacker vids. Another interesting angle to explore is JWTs as an injection/RCE vector, completely outside the context of bypassing authentication. Good times.
@apnimashoori27624 жыл бұрын
how to find the hs256 key ?
@yajusgakhar69692 жыл бұрын
Thanks to you I could complete a challenge that had been bothering me. Cheers!
@mal09313 жыл бұрын
very good vid this helped me complete a hack the box, very good explanation to.
@ElektroDrrrEL4 жыл бұрын
content is super high quality - thank you, Farah!
@whitehat39374 жыл бұрын
Hy please don't stop making videos. You are doing great job. I want indian women also be a part of this community 🙂
@haksting4 жыл бұрын
10/10 Awesome quality of video Very informative Nic editing 👍
@MehediHasan-rc1lo4 жыл бұрын
No such file or directory: 'public.pem' error generate from your script. How can I solve this error?
@comedybuzz66294 жыл бұрын
please create a video on how to set up burp suite with android and intercept loved this video :)
@ilyasayusuf54473 жыл бұрын
Is the header really important ? I mean why would they show the attacker the alg they are using. Maybe make the signature unpredictable like this? hs256(bs64url(fakeheader)+secretkey+bs64url(body)+bs64url(secretkey),secretkey); am i doing it better or it is bad practice?
@jissjose13824 жыл бұрын
The best video 👌 out there.Looking forward for more attacks and contents from you..
@matitanium2 жыл бұрын
how i can export publickeey with .pem format in webpage? pls answear
@sameerkeeran96793 жыл бұрын
I love you and your teaching ❤️👍🙏
@urssaf343 Жыл бұрын
Said scenarios are not realistic in production. Who implements jwt and doesnt verify signature ?
@raanonyms79264 жыл бұрын
wow, you are doing awesome. please keep on posting such walkthrough.
@AasdKareemKorejo4 жыл бұрын
Thank you Farah for this useful videos but please also suggest us what is recommended way to use.
@fenilfaldu87403 жыл бұрын
I love your content, but can you make a video on nftoken
@Abiishek4 жыл бұрын
Welcome Back 🙌 Stay positive!!
@mr_ehmed4 жыл бұрын
i am not able to modify tokken through JSON Web Tokens extension :/
@erezlevi54114 жыл бұрын
That's really really helpful and easy to understand! Thank you!
@tirtheshpawar10204 жыл бұрын
One humble request, please try and make a full playlist covering bug bounty hunting concepts with attacks, it can be a series of videos maybe 1-2 videos per week.You pitch your content really well. God bless you!
@darshanjogi57814 жыл бұрын
Useful video please make full playlist on how to use burpsuit.i think You explain it better than others
@pastryelite14404 жыл бұрын
Nice video with Great Explanation... looking forward to watch more videos....🥳
@PavanKumar-hd2cf2 жыл бұрын
Thank you so much for clear explanation.. 😊👍
@AryanPant2004 Жыл бұрын
Thank you thank you thank you mam , please keep on teaching
@fypage.4 жыл бұрын
Your way more interesting than most teachers probably because you so young I would expect you to know much so that's good
@vijaySingle1433 жыл бұрын
Huge respect Farah , thank you .
@FarahHawa3 жыл бұрын
you're welcome 😇
@kamar13804 жыл бұрын
Again Thank for this awesome video...👍 Pls don't stop making such a awesome video..
@surajagarwal35614 жыл бұрын
Plz make some tutorials for dumbs also plz I don't know in which platform you are working
@czemuklown3 жыл бұрын
hello you helped me with ctf tournament thank u very much love ya
@urrahman1964 жыл бұрын
Great tutorial I must say. Could you Please make a guideline type or learning path type video to Start in Cybersecurity field. What are the topics and which resources should follow as a beginner? Thanks
@roshanrajkumar78273 жыл бұрын
Amazing...but it’s too fast..I got few doubts ...how can I contact?
@amishmane4 жыл бұрын
Thanks Farah. Just a suggestion that a zoomed coding screen would really be helpful.
@alexmridul24034 жыл бұрын
It's great Really OP I love the way you teach
@pranayhusukale26664 жыл бұрын
Explanation is top notch.
@techrims39084 жыл бұрын
Really Great Information Farah Didi | Thank You So Much | 💝🙏💌
@jashan86364 жыл бұрын
You're the best. I'm beginner in cybersecurity and I was wondering if anyone could help me where to start. Your videos gave me some direction. carry on👍👍👍
@danielgrunberger26214 жыл бұрын
I absolutely love ur videos !! Greets from Brazil
@SahilKumar-ww7xn4 жыл бұрын
All right but can you tell me how to change the token manually plz becoZ we don't have option which you used in your burp suite.Thank u
@FarahHawa4 жыл бұрын
You can download the extension. I have mentioned the link for it in the description.
@SahilKumar-ww7xn4 жыл бұрын
@@FarahHawa but how we add it on burp suite in kali Linux.
@FarahHawa4 жыл бұрын
@@SahilKumar-ww7xn Use the Extender tab
@SahilKumar-ww7xn4 жыл бұрын
@@FarahHawa Thanks a lot. Waiting for next vedio 😍🤟
@gilbertolopez58944 жыл бұрын
Thanks for dedicating content for beginners !! You are my hero, I want to be just like you when I grow up :)
@ZaidKhan-nk7xr4 жыл бұрын
Please make a tutorial on Burp Suite
@theprateekmahajan4 жыл бұрын
Hey farah, Great of you. Would you make a video on your journey till today for the very begginers who wants to Kickstart their career.
@URKCS-hj9xe4 жыл бұрын
Hi, Please tell me how to get "/tmp/public.pem" which you mentioned in 5:00 min.
@crocheteur32903 жыл бұрын
4:29 - She copied the text to save it in a file named public.pem
@haskellscript Жыл бұрын
Great content. I've noticed that you blink a lot on this vid. As a suggestion it'd be nice to bring a vid about the tools you use/like/recommend like the one on this vid.
@aayushgoel2844 жыл бұрын
how do you get the public.pem
@mscor4ever1394 жыл бұрын
great work , you deserve the best
@hackerproxy194 жыл бұрын
Hello Farah you make video (Subdomain Takeover Attack) i'm waiting for your next video
@rohitblaze90154 жыл бұрын
Your video is really good for beginner but can you go a little slow and a bit more description? Then it would be perfect.
@dhruvkandpal99094 жыл бұрын
Great job! Really learning a lot out here. Keep up the good work! Happy hacking!
@bheeshamkumar11864 жыл бұрын
Thanks for video it is really nice and simple to learn. Keep it up...
@viveksdf4 жыл бұрын
Hello Farah, Great video I would love to watch more this kind of content and a video how you started in this field a journey video would be great
@Aravindb263 жыл бұрын
What if we have HS256?
@MdSajid-fb9ul4 жыл бұрын
Explained very well. Hats off
@angeldev964 жыл бұрын
I love you content, we learn a lot from people like you. Hope to be a great bug hunter someday ^^
@bharathpatel17574 жыл бұрын
Thanks for this . And really it's helping me alot as a beginner .
@subhradipmukherjee54404 жыл бұрын
I have a querry , In the payload section u changed user id to "admin" to get admin access , but it isn't necessary that user id of admin is always "admin". It can "admin1234" or "ad_min00" or anything else which can't be guessed easily, so how to know what is victims user id or particularly admin user id?
@viveksdf4 жыл бұрын
Brute force it with a user id list
@mohamedfahim32304 жыл бұрын
@farah hawa how did you put the Jason web tokens inside the repeater tab
@FarahHawa4 жыл бұрын
Mohamed Fahim through the extension mentioned in the description. If it detects a JWT, the tab will automatically appear
@mohamedfahim32304 жыл бұрын
@@FarahHawa ha thanks I noticed a response and as you said it appeared If the payload has id some random values And other parameters is it possible to be vulnerable
@LexiLominite3 жыл бұрын
May i know what video editor do you use ?
@hassan121414 жыл бұрын
Great content but Why u don't upload videos regularly
@tahan1tonmoy4 жыл бұрын
Very basic attacks but nicely explained 👍
@martinosaidimussa58134 жыл бұрын
i really enjoyed your stuff , stay positive
@IdrisKhan74 жыл бұрын
Hi Farah, I'm a beginner to Burp Suite. How did you get the JSON Web Token Tab in your intercept.?
@IdrisKhan74 жыл бұрын
Ok I found it in the description, will try that
@gamebuzz7234 жыл бұрын
you explained very precisely
@sharathputta17034 жыл бұрын
Please continue to post new things you are learning. I could see interesting stuff in your channel. please keep on post new things
@amanali95014 жыл бұрын
How to get they lab 🧪 environment
@FarahHawa4 жыл бұрын
Check the description!
@niteshmore2554 жыл бұрын
OWASP ZAP or Burp suit is good to be na show thread website
@reallyunnecessaryuser3 жыл бұрын
Hey, I have a question. What do you do when you find a site using HS256 algo, do you suggest them to go for RS256 or just let it be?
@muhammedsillah1114 жыл бұрын
keep up the good work really love the video
@souhaillepacifique75724 жыл бұрын
Great video thank you 💝🇲🇦 following you from Morocco ✌ keep it up
@b3ast4074 жыл бұрын
Thanks Farah!! Learnt something new
@slbpriank914 жыл бұрын
You are legend! Hopefully one day i can be good and work together with you
@meljithpereira55323 жыл бұрын
Make more videos farah
@ishanpatel83863 жыл бұрын
Hey farah, I hope you're doing well. I just wanted to ask one small thing which is confusing me, JWT are used for "authorisation" which means after we're logged in it is used to check if we're the same user which logged in vis "authentication". So my question is you used jwt authentication in your thumbnail but jwts are used for authorisation, I just want you to clear this confusion because I think I'm missing something
@we_the_people_of_kashmir35344 жыл бұрын
Hey farah. New subscriber to your channel. I just started cybersecurity and ceh. Where should I start from. Any suggestions please
@avyanshnamdeo67944 жыл бұрын
How can I get started with bug bounty please tell
@DheerajMadhukar4 жыл бұрын
Do we need to get the PEM file somehow or we need to generate it manually???
@alialmasslmany52404 жыл бұрын
thank you so much farah
@suchomir44933 жыл бұрын
Hello, you are amainzing, I do ctf 153+1 with you!!! Many greetings from Poland!
@sail61144 жыл бұрын
Good one, finally I understood the concept 👍
@swapnilpawar23114 жыл бұрын
Simple Explanation, Good video
@alexmridul24034 жыл бұрын
Yeah That's what a content creator
@ThePomelo094 жыл бұрын
Ty +1 subscriber! Hi from Argentina.
@simranpreetsingh55024 жыл бұрын
Hi Farah, That was an amazing video ! Just out of curiosity is there a way we can know how session ID's are generated by bruteforcing or any other means, any help around this would be helpful ! Thanks much :D
@saibaba76494 жыл бұрын
Sister I didn't get if fully but still I'll try doing this thanks 😊
@amansanghai12014 жыл бұрын
Hey, are you doing all this in windows or in Linux? It seems like you r using windows
@Status_Zones.4 жыл бұрын
Nice video!atlast some hope ..that i can also find bugs..
@feynman86924 жыл бұрын
thanks ma'am this helped a lot 👍 plzz make such video's and ignore false comments we badly want your help and videos 🙏
@rudalkumar21774 жыл бұрын
Plz help me I am new in this field. But I have done bca. I wanna learn bug bounty. Plz guide me. I need your help .