Lab: Web cache poisoning with an unkeyed header

  Рет қаралды 4,677

Jarno Timmermans

Jarno Timmermans

Күн бұрын

Пікірлер: 14
@netletic
@netletic 10 ай бұрын
Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: kzbin.info/aero/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Intro 00:13 - Identify a suitable cache oracle 01:20 - Add a cache buster 02:13 - When are two requests identical? 03:12 - Why do we add a cache buster? 03:53 - Test the cache buster in Burp 04:37 - Use Param Miner to find X-Forwarded-Host header 05:28 - What is an unkeyed input? 06:18 - Inject the X-Forwarded-Host header
@TheVerminator1337
@TheVerminator1337 10 ай бұрын
Amazing, thank you! Loved that you showed how to use the Parameter Miner extension on pro and community
@aliel-shennawy3670
@aliel-shennawy3670 5 ай бұрын
Amazing explanation, thanks alot, keep going.
@LMeasy
@LMeasy 3 ай бұрын
man beautiful video. you are insane.... thank you!!!!!
@nguyenthanhcong92
@nguyenthanhcong92 10 ай бұрын
happy to see this. Can you finish all labs from this topic please Thanks
@netletic
@netletic 10 ай бұрын
thanks @nguyenthanhcong92! yep I'll be posting videos for all 12 labs on this topic 👍
@nguyenthanhcong92
@nguyenthanhcong92 10 ай бұрын
@@netletic cool, will they be posted all in one day
@netletic
@netletic 10 ай бұрын
@nguyenthanhcong92 I'll posting one a week on average I'd say 😬 just posted the second one!
@mohsinhafeez
@mohsinhafeez 10 ай бұрын
Hi, thank you very much or the in depth explanation, while bug hunting, what would you recommend to use as an "exploit server"?
@netletic
@netletic 9 ай бұрын
hey @mohsinhafeez, I'd pick a micro web framework in the programming language that you're most comfortable with. For me that's Python so I use Flask. With Flask you can set a route/uri path, and you can return a custom response body and custom response headers pretty easily.
@mohsinhafeez
@mohsinhafeez 9 ай бұрын
@@netletic thank you! I’ll try this.
@jaywandery9269
@jaywandery9269 9 ай бұрын
Exactly this was a question i was about to ask.. Iam not a developer and i will have to learn more about flask, much appreciated, be sure i will be back if it doesn't work out.😎. Cheers
@Pwn3d-1
@Pwn3d-1 8 ай бұрын
What software you used to make that boxes/windows with the request to explain them on the video? I want to use them too for my channel
@zerocewl
@zerocewl Ай бұрын
I don't understand unkeyed vs keyed can you help explain?
Lab: Web cache poisoning with an unkeyed cookie
7:00
Lab: Web cache poisoning with an unkeyed cookie
Jarno Timmermans
Рет қаралды 1,7 М.
Lab: Web cache poisoning with multiple headers
11:02
Lab: Web cache poisoning with multiple headers
Jarno Timmermans
Рет қаралды 1,8 М.
The Ultimate Sausage Prank! Watch Their Reactions 😂🌭 #Unexpected
00:17
The Ultimate Sausage Prank! Watch Their Reactions 😂🌭 #Unexpected
La La Life Shorts
Рет қаралды 3,7 МЛН
Disrespect or Respect 💔❤️
00:27
Disrespect or Respect 💔❤️
Thiago Productions
Рет қаралды 37 МЛН
أختي الشريرة تزعجني! 😡 استخدم هذه الأداة #حيلة
00:24
أختي الشريرة تزعجني! 😡 استخدم هذه الأداة #حيلة
JOON Arabic
Рет қаралды 9 МЛН
😜 #aminkavitaminka #aminokka #аминкавитаминка
00:14
😜 #aminkavitaminka #aminokka #аминкавитаминка
Аминка Витаминка
Рет қаралды 3,2 МЛН
Business Logic Vulnerabilities - Lab #3 Inconsistent security controls | Short Version
6:19
Business Logic Vulnerabilities - Lab #3 Inconsistent security controls | Short Version
Rana Khalil
Рет қаралды 1,4 М.
Web Cache Deception Attack
23:02
Web Cache Deception Attack
Black Hat
Рет қаралды 21 М.
Web Cache Poisoning with an unkeyed header - Lab#01
28:26
Web Cache Poisoning with an unkeyed header - Lab#01
Mohd Badrudduja
Рет қаралды 1,1 М.
Lab: Confirming a TE.CL vulnerability via differential responses - HTTP Request Smuggling
11:29
Lab: Confirming a TE.CL vulnerability via differential responses - HTTP Request Smuggling
Jarno Timmermans
Рет қаралды 2,6 М.
This is How I Scrape 99% of Sites
18:27
This is How I Scrape 99% of Sites
John Watson Rooney
Рет қаралды 166 М.
Lab: Targeted web cache poisoning using an unknown header
7:32
Lab: Targeted web cache poisoning using an unknown header
Jarno Timmermans
Рет қаралды 1,4 М.
WEB CACHE POISONING FOR BEGINNERS + GIVEAWAY(closed)
7:47
WEB CACHE POISONING FOR BEGINNERS + GIVEAWAY(closed)
Farah Hawa
Рет қаралды 25 М.
Lab: Combining web cache poisoning vulnerabilities
22:13
Lab: Combining web cache poisoning vulnerabilities
Jarno Timmermans
Рет қаралды 1 М.
Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger]
18:55
Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger]
CryptoCat
Рет қаралды 8 М.
Cache Poisoning? - Solution to November '22 XSS Challenge
22:02
Cache Poisoning? - Solution to November '22 XSS Challenge
Intigriti
Рет қаралды 3,9 М.
The Ultimate Sausage Prank! Watch Their Reactions 😂🌭 #Unexpected
00:17
The Ultimate Sausage Prank! Watch Their Reactions 😂🌭 #Unexpected
La La Life Shorts
Рет қаралды 3,7 МЛН