Hacking APIs: Fuzzing 101

  Рет қаралды 55,808

The Cyber Mentor

The Cyber Mentor

Күн бұрын

Пікірлер: 31
@Tekionemission
@Tekionemission Жыл бұрын
(2:02, 5:21) Lab and Fuzz Parameter (7:40) Wfuzz filter out 404 (11:33, 11:51) Wfuzz
@chipko
@chipko Жыл бұрын
Oh wow! This is amazing and so quick. Thank you Alex, Heath and TCM!
@m1ni_m4l
@m1ni_m4l Жыл бұрын
Thanks for the content, really important and precise. TCM courses helped me a lot in my cybersec journey!
@faadi4536
@faadi4536 Жыл бұрын
Never knew about this up until now. Good job bro.
@TCMSecurityAcademy
@TCMSecurityAcademy Жыл бұрын
Thank you
@mridulkumartiwari607
@mridulkumartiwari607 Жыл бұрын
Much needed video 🤠📸
@nonlinearsound-001
@nonlinearsound-001 Жыл бұрын
Been in the coding game for the past 20 years and made a lot of mistakes and had my successes. But, what I don’t understand at all, is, who on Earth would code a Web-API and include direct file access like this, basically creating a reverse shell? (more or less). Do we really have such a significant amount of software out there, featuring this kind of flaw?
@offsecprep
@offsecprep Жыл бұрын
Yes, the main point is the methodology rather than the vulnerability. But, you'd be surprised, I've seen quite a few simple vulns like this in the past when carrying out pentests (granted, usually before the application is released - it's less likely you'll find this in the wild or during BB)
@SmedleyButler1
@SmedleyButler1 Жыл бұрын
​@@offsecprep a channel showing packet and pentesting of libre apps would be great and you sound like you could do it! To get started a unique and hugely popular video idea would be on hash /checksum app verification ON Android, FOR Android? Hash Droid is the only way I know of and I'm still not sure how to use it often (auto runs, zipped files, playstore vs Foxydroid or neostore) NOBODY has done this and it seems like THE most important thing to do!?...lots of.powershell vids on it but not everyone uses windows....also, is a chromebook really more secure than Linux as one tech (not cyber security) guy claims? He said cyber pros told him to use it or Linux in a virtual machine in windows
@Z0nd4
@Z0nd4 Жыл бұрын
Thanks for this videos, I just begin in the API pentest wave, and Its very interesting.
@Mrg-kj5ml
@Mrg-kj5ml 11 ай бұрын
That was super informative. Thanks for thorough explanation.
@worm_403
@worm_403 Ай бұрын
Interesting video man thanks for your contribution
@renatojlopes
@renatojlopes Жыл бұрын
Thanks for sharing this.
@skysunset877
@skysunset877 9 ай бұрын
Super good! Thank you!
@harrylumsdon6773
@harrylumsdon6773 Жыл бұрын
Great stuff
@janekmachnicki2593
@janekmachnicki2593 Жыл бұрын
Great tutorial mate .Thanks
@BerniesBastelBude
@BerniesBastelBude Жыл бұрын
useful explanation - thank you!
@doshamitv5020
@doshamitv5020 7 ай бұрын
IF THE LFI DIDNT WORK ON "ID param" could work on "author param" ? ( like the vulnb could work depend on the param right? ) or it also works on the other params?
@Alaa-kc4rx
@Alaa-kc4rx Жыл бұрын
Nice video, sir, and thanks for sharing this valuable content with us. please share moore videos about api enemuration and pentetst, with just basics
@leghdaf
@leghdaf 8 ай бұрын
Great Content ...
@maryjanechukwuma9707
@maryjanechukwuma9707 2 ай бұрын
how can i get the World list you used in this video
@bitminersouth8845
@bitminersouth8845 Жыл бұрын
I have the same chair, I was expecting more confort.
@张佳新-j7u
@张佳新-j7u Жыл бұрын
how can i get api dictionary
@varunfoodvlog9215
@varunfoodvlog9215 Жыл бұрын
api endpoint give 404 error then what i do, can anyone give me same tips?
@TradeFXCode
@TradeFXCode Жыл бұрын
I need wordlist txt
@_sownther_268
@_sownther_268 Жыл бұрын
1st comment 😁
@sotecluxan4221
@sotecluxan4221 Жыл бұрын
!!
@kunwaradarshsingh6436
@kunwaradarshsingh6436 Жыл бұрын
4th comment 😀
@TheCyberWarriorGuy
@TheCyberWarriorGuy Жыл бұрын
:)
@variXD
@variXD Жыл бұрын
your volume is too low
@austynstephens9263
@austynstephens9263 Жыл бұрын
🫡
2024 Guide: Hacking APIs
20:21
NahamSec
Рет қаралды 24 М.
Build, Break, and Hack WebSockets
18:54
The Cyber Mentor
Рет қаралды 16 М.
“Don’t stop the chances.”
00:44
ISSEI / いっせい
Рет қаралды 62 МЛН
Une nouvelle voiture pour Noël 🥹
00:28
Nicocapone
Рет қаралды 9 МЛН
Mom Hack for Cooking Solo with a Little One! 🍳👶
00:15
5-Minute Crafts HOUSE
Рет қаралды 23 МЛН
API Hacking 101, w/ Dr. Katie Paxton-Fear | by Traceable AI
54:34
Traceable AI
Рет қаралды 48 М.
Next Level API Hacking with Kiterunner
8:02
The Cyber Mentor
Рет қаралды 26 М.
OWASP API Top 10 - Broken Authentication
8:45
Medusa
Рет қаралды 1,7 М.
Find and Exploit Server-Side Request Forgery (SSRF)
8:56
The Cyber Mentor
Рет қаралды 44 М.
Attacking JWT - Header Injections
18:28
The Cyber Mentor
Рет қаралды 14 М.
I used AI to hack this website...
23:23
Tech Raj
Рет қаралды 142 М.
Cracking JSON Web Tokens
14:34
The Cyber Mentor
Рет қаралды 60 М.
Web Scraping + Reverse Engineering APIs
52:33
Syntax
Рет қаралды 7 М.
The Blueprint to Your First $1,000+ Bounty
12:14
NahamSec
Рет қаралды 31 М.
“Don’t stop the chances.”
00:44
ISSEI / いっせい
Рет қаралды 62 МЛН