HACKING OAuth 2.0 FOR BEGINNERS!

Рет қаралды 43,101

3 жыл бұрын

I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.
SIGN UP ON Intigriti:
go.intigriti.com/farah
BUY ME A COFFEE:
www.buymeacoffee.com/farahhawa
TIME STAMPS:
00:00:45 - What is OAuth 2.0?
00:01:05 - Uses of OAuth 2.0
00:01:30 - Entities in OAuth 2.0
00:02:09 - Types of Flows of OAuth 2.0
00:02:30 - Authorization Code Grant Flow
00:04:11 - Implicit Grant Flow
00:05:11 - Practical Exploitation
00:05:36 - Reusing Access Tokens
00:07:05 - redirect_uri Not Validated
00:08:52 - CSRF
SOCIAL MEDIA:
Follow me on Twitter: / farah_hawaa
Follow me on Instagram: / farah_hawaa
Connect with me on LinkedIn: / farah-hawa-a012b8162
OAuth 2.0 LAB:
github.com/koenbuyens/Vulnera...
OAuth 2.0 RESOURCES:
www.digitalocean.com/communit...
tools.ietf.org/html/rfc6749
auth0.com/docs/api-auth/which...
alexbilbie.com/guide-to-oauth...
• LevelUp 0x02 - Hacking...
Video editor: www.fiverr.com/pixelstudios1

Пікірлер: 142

@Vinayak123-q8p 2 жыл бұрын

amazing, this could be probably one of the biggest information that i have ever been given..the way how you explain is an amazing..we need such playlist more and more in upcoming days

@shubhamghosh2228 3 жыл бұрын

Farah you are doing great! Very informative video. You taught so many things in just 10minutes.

@yosoffmalik9135 3 жыл бұрын

You are good with knowledge and theoretical stuff, your videos gets me into reals basics of topics

@devvishack641 3 жыл бұрын

Aweeome . Just awesome . For noobs like me who are just starting in bug bounty . This is the place where we can learn basics in depth. Thanks . Please keep posting more such practical videos .

@albertobarbieri8280 3 жыл бұрын

Your videos are amazing. Simply to understand and very explicative.

@m.waheedanwar7105 3 жыл бұрын

Beautifully explained hope to get more knowledge from you girl.More power to you

@muizzraheem5937 2 жыл бұрын

Have been having issues comprehending Oauth, this video is a problem solver thanks farah ❤️

@FarahHawa 2 жыл бұрын

You’re welcome 😊

@ahaytman 3 жыл бұрын

Great work Farah !!!

@soufianeamed217 3 жыл бұрын

Yaw Farah This Is Just Awesome, Brief And Useful That's Why I Love What You Are Doing, Keep It Up And Stay Safe .

@sohamprince1 3 жыл бұрын

Awesome.. loved the way you teach the concepts and the labs!! Keep it up!

@medioclick 3 жыл бұрын

once again simple and good explanation.

@mylyf6684 3 жыл бұрын

I learned something today.💯 Thanks.

@raselmir1285 3 жыл бұрын

Great job. Thanks man. Now I am clear.

@solodancer617 3 жыл бұрын

Very good video, presentation is understanding quiet easily.

@killcode6717 2 жыл бұрын

Thanks for the tutorials

@rayancrasta7460 3 жыл бұрын

Shez doing a great job on youtube cuz to get sponsors within just

@cheffysunnythakkkar7614 3 жыл бұрын

thank you so much dear for such a wonderful explanation

@swapnilpotbhare888 3 жыл бұрын

Excellent, and very good command over Knowledge

@ishikasharma1103 3 жыл бұрын

Really a good video!

@pussycat0x676 3 жыл бұрын

Awesome work :D

@balapraneeth9708 3 жыл бұрын

Spot on!!. Simply amazing. Thanks for sharing :)

@pakflutterdeveloper 3 жыл бұрын

Excellent work :)

@RakeshWaghela 2 жыл бұрын

awesome video, keep it up. you earned a sub !

@FarahHawa 2 жыл бұрын

Thanks for the sub!

@abhinavkishoregv273 3 жыл бұрын

nice explanation. Thank you

@vishalkothari8065 3 жыл бұрын

So if i want to get details of a user on client side of the application using an ajax call and display those same details to the user then it is an authorisation code grant example right?

@NinjaTech1337 3 жыл бұрын

Great Teaching Style. Loved Your Contents.🤗

@vasuyadav9171 3 жыл бұрын

Hi Farah can you please tell the impact of the csrf one and reuse of token and also there severity category? Btw nice video

@hannanjamil1060 3 жыл бұрын

Great work Farah!

@balveersinghbhatia 3 жыл бұрын

Nice work thanks for this video

@AmanGupta-ho4rh 3 жыл бұрын

I am getting warning as: Warning: missing space before text for line 14 of jade file "/usr/src/app/views/login.jade" And not able to authorize the request. can someone help me with it please :) ?

@abhisheksanmare6835 3 жыл бұрын

hello mam. I have encountered that while signing again, the website is sending an OTP to my previous device, not on my number in the new device. I once had an account on that website that was deleted due to inactivity. is it a flaw to be explored?

@ahjee718 3 жыл бұрын

Thank you for this video! Is it possible for you to do a tutorial on how to create a live web server similar to the one you showed in this video that captures vulnerabilities like the OAuth access token?

@SageTheProfessor 3 жыл бұрын

Thank you Farah. Very useful explanation and amazing demos. Keep up the great work.

@phitran5164 3 жыл бұрын

Nice video, thanks you so much

@MohitSharma-xf9wp 3 жыл бұрын

Very much appreciated

@chinna_ 3 жыл бұрын

Awesome ...!!

@ravichhetri8918 3 жыл бұрын

Hi Farah, Do you take session on the bypass techniques for Saml, Oauth ,oidc..I am very much interested.

@the_linux_guy1515 3 жыл бұрын

People were getting jealous of Bugcrowd sponsoring ...now Intigriti has sponsored ...and soon Hackerone will ...to hell with them 😂😂...keep up the good work 👍🔥

@graycybermonk3068 3 жыл бұрын

No one jealous. all are belong in hacker world.

@renganathanofficial 3 жыл бұрын

@@graycybermonk3068 HAHA STOP KIDDING BUDDY

@Clo326 2 жыл бұрын

Sooper videos

@vijaykannanhere 3 жыл бұрын

Much Appreicated . :)

@fypage. 3 жыл бұрын

Wow 10k congrats your channel has grown so fast earlier this year I had like 1 or 2k subs

@Sniperrkr 3 жыл бұрын

Thank you!

@chinmay128 3 жыл бұрын

can you make a video on your journey of how you became a hacker i want to learn to do all of this stuff but really don't know where to start with .please make a video on it. and if you can refer to any video on youtube .i mean for learning.

@SumitSingh-xu4qs 3 жыл бұрын

great explain sister

@vaibhav114 2 жыл бұрын

How old are you? Don't think you are out of school yet. But, amazing grasp of the subject. Kudos!!

@wiz2398 3 жыл бұрын

Bhai yeh kittiiiee Awesome hai.. 😍😘

@theintrovert894 3 жыл бұрын

😘❤️❤️🔥🔥

@adityasadhukhan8438 3 жыл бұрын

Can you help me with resources to study about advanced SQL

@adminhackstar3333 3 жыл бұрын

Make an video on best course for beginners in ethical hacking

@jayeshprajapati1396 3 жыл бұрын

Can you make a video on your cyber security journey ?? ............................................................... Video is good👍👍

@susovangarai6731 3 жыл бұрын

Good for beginner like me 👍 .... Please make an advanced level video also

@boneytech3965 3 жыл бұрын

Can you Please upload more about oAuth Vulnerability In websites with more detail.

@omerfarooqdemir9907 3 жыл бұрын

which ubuntu distribution are you using

@cyber__hawk5555 3 жыл бұрын

Which lab are you using ?

@mukoshmanob9240 3 жыл бұрын

Plzz make a videp about recon

@gyansoni2667 3 жыл бұрын

Such a nice explanation 👍

@himanshushekharpandey1519 3 жыл бұрын

awesome explanation as always :)

@winklerrr Жыл бұрын

Where did you find your information? :)

@prasantabanerjee1184 3 жыл бұрын

excellent 🤗

@graycybermonk3068 3 жыл бұрын

Hi, I am your big follower. I have started new in this bounty. Can you tell what about Automated Scans? Every where I got out of scope this Automated Scans. Please I need some help.

@FarahHawa 3 жыл бұрын

Basically, programs mark automated scans as out-of-scope findings because they create too much noise on the server and result in the discovery of bugs that are known or false positives. It's best to not rely on automated scans for bug bounties.

@graycybermonk3068 3 жыл бұрын

@@FarahHawa thank for very good reply. Takr my respect. You are like my sister. Really I am appreciate to you and your channel. I started bug bounty. But I am not getting any path how to start. What kind of toolsa I will use? Can you help me little bit. Really I am stuck. Thanks for your reply and respect.

@gulhameed1270 3 жыл бұрын

what if we replace the state parameter value with other account state value,and the account logged in ?. is it still consider as OAuth missconfiguration?

@FarahHawa 3 жыл бұрын

Yes!

@gulhameed1270 3 жыл бұрын

@@FarahHawa Thank you!

@aadarshverma6913 3 жыл бұрын

Make more videos please I love them and I want to be just like you

@nayeem9358 3 жыл бұрын

Awesome

@prashantkumar2963 3 жыл бұрын

what is your ug course?

@kalyanidudhekar3655 3 жыл бұрын

Farah this helps me a lot but can u plzz make a vedio on subdomain takeover

@cimihan4816 3 жыл бұрын

kzbin.info/www/bejne/bGjGmYmhppiaZq8

@joharraza5231 3 жыл бұрын

Excellent work. Very informative. But please don't use music. 👍

@sudiptapandit4880 3 жыл бұрын

Isn't OAuth is for authorization part only? the 'Sign in with' buttons use OpenID Connect protocol not OAuth. Although nowadays people use these terms interchangeably .

@FarahHawa 3 жыл бұрын

OpenID Connect is a layer that's built on top of OAuth... you can check this here developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc

@sudiptapandit4880 3 жыл бұрын

@@FarahHawa Thanks for clarifying

@faique2995 3 жыл бұрын

awesome

@cyber_tech_404 3 жыл бұрын

Love u bro

@amarshaikh2147 3 жыл бұрын

Thanks it's good info for developers as well to improve there application security 🔒🔒🔒 thanks ❤❤❤❤ again.

@pankajholariya8331 3 жыл бұрын

thx

@merchant1998 3 жыл бұрын

Hello, I need your help please

@Manik-Atri-Short 3 жыл бұрын

Please make hindi vedio

@mr.heretic8192 3 жыл бұрын

Hey appreciate your skill & teaching skills..... I've cleared my 12th, please advise me what should i do to get cyper security

@vikasmeshram2515 3 жыл бұрын

Apne hacking kaha se sikha ??

@sn0xsecurity696 3 жыл бұрын

are GAJAB lots of love dear stay safe but kabhi video thoda hindi meh bhi bana dena toh aapke susbcribers bhi jada jldi grow karenge hope u got it my point and thanks for this video. by @MR CYBERTRON YT

@cyberUF 3 жыл бұрын

Hey I learn lot from You ! Can you create how we exploit dom based xss or any dom based issue

@Bosssssss77777 Жыл бұрын

Please Make Playlist On Bwapp,Dvwa

@rishad6324 3 жыл бұрын

wow. you are just amazing.

@hassan12141 3 жыл бұрын

Great job+great content I really appreciate her work❤

@FarahHawa 3 жыл бұрын

her* Thank you!

@hassan12141 3 жыл бұрын

@@FarahHawa noted👍

@bharathpatel1757 3 жыл бұрын

Hi dhidhi . I'm completely a zero level beginner intrested in learning about ethical hacking and I was on search of finding people who could suggest me possible ways of learning things from beginning and I found your profile in linkedin . Please could you suggest me some youtube tutorial for learning hacking from very basic level .

@FarahHawa 3 жыл бұрын

kzbin.info/door/PiN9NPjIer8Do9gUFxKv7A , kzbin.info/door/QN2DsjnYH60SFBIA6IkNwg and kzbin.info/door/CZDt7MuC3Hzs6IH4xODLBw are all great

@bharathpatel1757 3 жыл бұрын

@@FarahHawa thank you ! So much

@dsdgaming2242 3 жыл бұрын

Wow. Such a beauty and skills is just

@ganeshnishitha4425 3 жыл бұрын

nice sister

@vikasmeshram2515 3 жыл бұрын

I also want to study but didn't found something better.

@whyrohit4197 3 жыл бұрын

Just wanted to know the specs of your laptop..?? And if you're comfortable,i want to know that..... How you make thumbnails😰😰😰😰😰its looks damn! Cool! :'??

@FarahHawa 3 жыл бұрын

8gb ram, i5 processor. I do have another laptop with better specs but this one does it for me on most days. Thanks, I use Canva to make thumbnails :)

@jakianam9554 3 жыл бұрын

You should add subtitles

@RelaxMusic2zero23 3 жыл бұрын

the best source(it may piad too) learn hacking and related, and where you learn all these things

@shubhamsoni8093 3 жыл бұрын

Great work Farah! So you're from Commerce background how did you come to hacking?

@hikefka8001 2 жыл бұрын

👏👏👩‍💻🧙‍♀

@anabakhtar3774 3 жыл бұрын

Really informativel video Farah 💯

@FarahHawa 3 жыл бұрын

So glad it helped!!

@ansanbinoy5949 3 жыл бұрын

😍😘

@sachinmaurya3259 3 жыл бұрын

Love to watch your videos and also learn a lot from your video:)

@FarahHawa 3 жыл бұрын

That's great! Thank you for watching!

@rutwikhiwalkar9583 3 жыл бұрын

Not a fan of the background music Farah. Great video tbh!

@playforpassion7111 3 жыл бұрын

Can someone explain the impact of reusing access tokens?

@unknown_3293 Жыл бұрын

☕☕☕☕

@l1f07bscs0035 3 жыл бұрын

an awesome detailed written guide here decatechlabs.com/oauth2-explained-and-how-oauth2-works-oauth-in-action

@JasonGomes140294 3 жыл бұрын

Well Explained!!! Why do you use ubuntu instead of kali linux??

@FarahHawa 3 жыл бұрын

thank you! I use both, but the lab required Docker and that's set up on my Ubuntu box.

@JasonGomes140294 3 жыл бұрын

@@FarahHawa ohk nice. Waiting for the next series of vdos. keep 'em coming

@itszabbs1740 3 жыл бұрын

Nice video . You have helped me a lot .

@gowthamvyasmalkari4511 3 жыл бұрын

Awesome 😊😊.Nice video. I too wanna to become bug bounty hunter. Which topics should I start to read in web application hackers handbook? and which topics just to leave? Please answer.

@gowthamvyasmalkari4511 3 жыл бұрын

Please make a videos on this.Thank u

@FarahHawa 3 жыл бұрын

Everything up till chapter 13 is mostly relevant

@gowthamvyasmalkari4511 3 жыл бұрын

@@FarahHawa how much time do u think for a beginner to a bug hunter by the resources u mentioned in the first videos. How many years took it for u ?

@FarahHawa 3 жыл бұрын

@@gowthamvyasmalkari4511 you can do it in a few months tbh. I was doing a little bit of coding, reading handbook, labs and blogs everyday. Give 1-2 hours to each resource and you can be done in 2-3 months if you're a fast learner.

@AkashHamal0x01 3 жыл бұрын

@@FarahHawa hi farah u havent hunted a single bug .U will face massive trolling