Your content is amazing. I'm a beginner to bug bounty hunting and I have learned a lot things from you. I really appreciate your content and your contribution to the community. Thank you Katie..

*This is was by far **_THE BEST_** video I’ve watch on cyber security I’ve seen, thus far!*

Katie you are a superstar - thank you for taking the time to make these videos. They are very helpful

It takes lots of efforts in making such content I loved it -thanks

Hi Katie, wouldn't changing the cookies be a MITM Attack, which is invalid for I'm sure most programs.

Hello Katie, First of all thank you so much for providing us such information. I've a question I was hunting on a bug bounty platform and I found a end point which is vulnerable to IDOR cookie manipulation as I interchanged the cookie of two account and it worked but the triage team responded by marking it as NON-APPLICABLE as they quoted "It's not worth it as you have to have cookies of both attacker as well as victim account" can you tell me if it's a Valid bug or it needs to land on NON APPLICABLE category...? Thanks agian.

Can i use community edition of burp suite in a real bug hunting?

Does it also count as IDOR if I can access objects by changing PHPSESSID in the cookies?

NICELY EXPLAINED!

This video really put me in interest to study more about Bug Hunting! I was all confused before haha xd

I got a doubt. What if the triage team asks how can an attacker get another user's cookie? And don't consider an impact?!

4th place also as usual awesome video

please i want this video How to become a cyber security analyst full road map Topic is after 12 what should I do, with BCA, skills , course, jobs , salary, which is best and which in demand in future ( Web Exploitation, Cryptography, Reverse Engineering, Forensics, General Skills, Binary Exploitation) Almost full road map Please 🙏🙏

you missed up all of this.

Thank you!! Neatly explained.

Thanks a lot. Very well explained.

Just FYI. in the IDOR videos of yours that I've watched, you've never explained what IDOR stands for. Looks like it's Insecure direct object reference. Learned about you from The Cyber Mentor (TCM).

Was Able to Use Paypal Payment Token of User1 with User2 & vise-versa on a shopping portal. Is this also a case of IDOR vulnerability ?

Sweet

Till date, no findings :-((if you remember me from previous videos)

Hi kattie.. How you get access victim account to see changes or victim cookies ,this big question

l

So if i understand in correct way login copy cookies logout and use cookies to login as other user ?

🔥

Thanks, In the video you mentioned about middlewares. I hope you will make video's on Code Review :) Thanks again

thanks Katie! IDORs make more sense now. 🌊️⛱️😎

Thank you!!! Amazing video!!! (Like always)

Hello Dr

Please never stop posting

Never stop posting videos

Am I right to think that IDOR is a type of broken access control vulnerability? There's no mention to this in the video.

Thank you so much mam 💞😊🇳🇵

There is authorize now

2nd @albonycal

if they've caused something to happen to account A rather than B what to do next?

Thanks , very helpful 🙏

Im confused a little bit. Sorry. What if the cookie of user A contains user 's credentials like user id encoded in it. So if i will change the request of user B' s cookie to uaer A's cookies, it would be just like User A is sending the request right? So it's not an idor if that's the case right?

really great knowledge

Informative..!!..Please also add link of related videos in the description..it would help people like me as I haven't seen that "firefox containers" video. Thanks for the video..💖

Thank you a lot.

Hey katie, What do you mean by "see if they've caused something to happen to account A"? at 16:54

signing up Intigriti with ur link let's hope for the best

Thanks for this man

Is there any getting started video for any platform like hackerone, bugcrowd. I mean how to setup account ,start real target and report issue like that. Thank you

Well explain 😍

Hey Katie ! Let's say I have found a cookie based IDOR , but this falls in the category of MITM because you have to steal cookies first !🤔 Is this an false positive ?

❤️

not the best video