My Hacking Setup and How to Use It (Firefox/Burp Community)

Рет қаралды 17,035

Күн бұрын

This is probably one of the most common question I get asked about Bug Bounty, right next to "do you take mentors" and "how to find a bug". There are a ton of 3rd party awesome community tools that can take your pen testing and hacking to the next level, but it's important to not rush to try out new tools when you're still learning the basics. With that in mind I take you around the basic toolkit I use and show you some of the fundamental tools that help me get bounties!
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they’ll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your level, there’s a place for you in the crowd. You can sign up with my link here: bugcrowd.com/user/sign_up.
- Social Media -
Discord: insiderphd.dev/discord
Patreon: / insiderphd
Twitter: / insiderphd
- Timestamps -
0:00 Introduction
4:13 Firefox Extensions
7:14 Setting up Firefox
12:23 Burp Guide
22:51 Using Burp for fuzzing
27:54 Outro

Пікірлер: 62

@hrishikeshdahale4640 Жыл бұрын

No matter how often I review the fundamentals, I always discover something new. Your videos are fantastic, and I eagerly anticipate learning more from next week's video.

@InsiderPhD Жыл бұрын

Wow, thanks! That means a lot 🥹

@mumblbeebee6546 Жыл бұрын

Thank you very much - it is very kind of you to take the time to share this, it’s very calm and backed up with experience!

@enpassant7358 Жыл бұрын

I've been studying the art of Ethical Hacking for several years now. I think one problem I have is that I jump around a lot. Watching this video, it occurred to me that settling in on one thing and try to master it should be my next step. I'm familiar with quite a number of tools but I think I'm going to focus in on Burp Suite and stay at it and hopefully take my understanding to the next level.

@InsiderPhD Жыл бұрын

You are definitely not alone keep an eye out for a video in the next few weeks I’m putting together more of a “study plan” for bug bounty

@InsiderPhD Жыл бұрын

Also I love your username how many people have accused you of hacking with a name like that ;)

@HalfDeaff Жыл бұрын

@@InsiderPhD looking forward to it already

@mathavonravi686 Жыл бұрын

You have been studying hacking for several years and never found bug before?

@enpassant7358 Жыл бұрын

@@mathavonravi686 I've been involved more in the penetration testing side of things.

@nischalshrestha9914 Жыл бұрын

Short, crisp and to the point. Doing what @InsiderPHD does best. Namastey, from Nepal!

@badxcode Жыл бұрын

Owah, that took such a long time for this video to come. Praying for your well being, so we can get such wonderful education non-stop. Take care ma'am.

@wolfrevokcats7890 Жыл бұрын

Thanks Kathy, great video as usual. Quick question, why don't you use embedded browser which is more convenient, and no FoxyProxy required?

@InsiderPhD Жыл бұрын

A few reasons, but mainly is it gives me flexibility to use other tools like OWASP ZAP, also sometimes the updater breaks and it crashes but that might be my installation. When I teach my irl students I do get them to use the built in browser though because it is super conviennent and avoids the steps of setting up certificates. Honestly though you do you, however you want to setup your stuff

@XaraTVOfficial Жыл бұрын

I have a super random question, what's that yellow dot on top right of your screen? Is that an indiciation that your screen is recording or something?

@InsiderPhD Жыл бұрын

Yup it’s a Mac thing and a good reminder to myself, I keep telling myself I should edit it out or something but never do

@ReligionAndMaterialismDebunked Жыл бұрын

Nice! A new one! ❤🥰🤝🔥

@humanxoxo4 7 ай бұрын

do I need any specific OS here or just windows10 is enough? thanks!

@wolfrevokcats7890 Жыл бұрын

12:50 I would love to see your video on Frida, how to bypass SSL Pinning and other stuff

@learn-with-noob-007 Жыл бұрын

Keep updating 😊😊😊❤ Love from India ❤️

@InsiderPhD Жыл бұрын

Will do, thank you so much !

@jamespoda5621 5 ай бұрын

Thanks very much ❤

@user-yb8kn7fi4y 11 ай бұрын

Hello thanks for the video. Do we need to download burpsuite in a virtual machine or just on the regular windows or Mac machine

@InsiderPhD 11 ай бұрын

I just use a regular windows or Mac, I don't see the advantage of Kali for example.

@deepestbars3889 Жыл бұрын

Thank you so much

@amoh96 Жыл бұрын

Thank you so much plz i have qst i finish HTML im in javaScriot should i keep learn your course without language or it's ok ? this my roadmap ( HTML - JS - PHP - MySQL) Make small website with username and password input to understand how things work ? what u think and thank you

@InsiderPhD Жыл бұрын

Keep on HTML and JS honestly though if you know hacking is your end goal trying out Burp on a real website and working out how the browser is turning your actions into visuals as soon as you feel confident is key, but I am putting together a “study guide” of sorts with a roadmap, Im not sure when it’ll be ready for release

@OG_Rona Жыл бұрын

One thing I may have missed, should i be using a VM to do this or can I use my own host OS

@InsiderPhD Жыл бұрын

Host OS is just fine I never use a VM :)

@lowkeylyesmith Жыл бұрын

Hi, which OS would you recommend? @@InsiderPhD

@firosiam7786 Жыл бұрын

Welcome Back after a break 😇. Hope you are all beter now

@InsiderPhD Жыл бұрын

Thank you! It was a little unexpected being in hospital for a few days but I am back in action 🙌

@firosiam7786 Жыл бұрын

@@InsiderPhD more power to you

@XaraTVOfficial Жыл бұрын

I've seen a lot of bug hunters working with Firefox instead of Chrome, are there any specific reasons or is it just a coincidence and matter of personal choice? Thank you.

@InsiderPhD Жыл бұрын

While my main web browser is Safari because I am an OSX/iOS ecosystem gal, I use chrome for when websites don’t like Safari so using Firefox, one puts me in hacking mode giving me a “space” and 2 only has hacking on it so I’m not capturing traffic I don’t care about, plus seeing my longer time hacking targets makes me feel motivated to just spend a few mins passively hunting and seeing if I see any new features to get an easy win on

@XaraTVOfficial Жыл бұрын

@@InsiderPhD Thanks for the clarification. Hopefully I can get my first bounty on h1 and bugcrowd soon and officially call myself a big hunter. Hehe

@rb-py5cv Жыл бұрын

maam in 1password there is no option of hacking only private and shared is there what to do

@InsiderPhD Жыл бұрын

You just need to make it as a new vault in 1password!

@orbitxyz7867 Жыл бұрын

finally ❤

@ISDFRishidharan Жыл бұрын

finally the video is here...thanks mam..hope i earn my bounty soon

@InsiderPhD Жыл бұрын

Good luck!

@_justnick Жыл бұрын

How far can you go without having to buy the pro version?

@InsiderPhD Жыл бұрын

I tested it out and I received $2k of bounties without pro, I struggled with an SSRF though and caved because the results from interactsh weren't clear, the SSRF was actually a really neat bug that I'll have to tell the story of one day!

@_justnick Жыл бұрын

@@InsiderPhD Thank you

@Avenger-bd2fs Жыл бұрын

Why are you not there in the video like the first two ones

@firos5381 Жыл бұрын

is this series gona teach about sql injections , xss and all??

@InsiderPhD Жыл бұрын

Yup! It’s going to be a looping series we’ll cover SQL injections in the later part of the series when we talk about improving consistency and impact of your bugs

@Thenileshpatil Жыл бұрын

HEY YOU IAM FROM INDIA YOU ARE HELPING A LOT TO CYBERSECURITY STUDENTS PLEASE COME BACK WITH BOUNTY HUNTING TUTORIAL IN SIMPLE WAY WE WANT OLD YOU LOVE FROM INDIA 😇😇😇