Easy IDOR hunting with Autorize? (GIVEAWAY)

Показать описание

I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner.

This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment on this video with an answer to: What bug or type of hacking do you want to know more about? And the text: #bountypls

5x 1 month memberships PentesterLab Pro
5x 2 months Try Hack Me Premium
10x InsiderPhD Swag Pack

Рекомендации по теме

Комментарии

Great video, Katie! Loved it as always.
My favourite bug bounty tools are burp suite, all tomnomnom's tools, amass and the ones I developed on my own! (LazyFuzzZ, Wordlist Weaver, Fu-JS) #bbhammer

dhruvkandpal

Thanks for this great knowledge. I am currently learning IDOR and I've been able to use autorize and I got "enforced" in some areas. What next am I to do next. How do I exploit this for bug bounty?

stablewater

amazing, this could be probably one of the biggest information that i have ever been given

Vinayak-qp

21:24 what idor it's called?, is it idor?

Coollinux-cb

Awesome video, as always!

Favourite tool - Burp Suite - even if the only features it had were the proxy history and Repeater, it'd still be amazing.

##bbhammer

gf

Thanks for doing so much for the community ❤️
It'll be great to have more videos about DOM based vulnerabilities #bountypls

CyberTron

Mostly there r auth bearer token for APIs which also needs to be add in cookies section?

gk_eth

Thanks for all your videos Katie!❤ I got my first bug from your IDOR video. My favorite tool is burp! #bbhammer

arrheniusangipaelongan

Thanks for the video! The tool that I use the most is fuff, cause of it's speed and simplicity. Burp is another indispensable tool as well! #bbhammer

link-ed

Thanks for the video. Information part is starting at 3:49

sekmekci

My favourite bugbounty tools are FFuF, Dirsearch, and Burpsuite with this extentions such as autorize #bbhammer

sudokom

I'm having an issue with autorize picking up requests that should be out of scope. Anyone else have this issue? This leads to a lot of extra requests to parse through, which really slows me down

maapi

Thanks for doing amazing video katie. My fav bug bounty tool is burp ofcourse. I'm looking forward more automation videos like this..#bbhammer

chitraa

why you're so late katie. i was waiting for this video for so long

xff

Thanks for all your videos Katie, My favorite tool is burp #bbhammer .

rami

nice video i've watched quite a few of em. clear well rehearsed script.. this video actually tries to show us something. well rounded video.
i wish more of your videos showed us how to actually do this stuff like this video. you do great on the speaking side of teaching tho, need more hands on tho.

saite

I want more videos explaining bugs with dem websites not just presentations. Thank You, Katie. #bountypls #bbhammer

sangeethaa

katie, i'm new to bug hunter, i'm still practicing about the web security system, i have joined in ingriti but i don't know what i can and can't do when looking for bugs, can you give a little direction and tips on how to work in intigriti please, ,

roxneil

Wowww Thanks katie 🔥🔥🔥🔥it really encourages people more thanks for video

iamkaustubh

You are my favorite bug bounty channel

Death_User

Easy IDOR hunting with Autorize? (GIVEAWAY)

Easy IDOR hunting with Autorize? (GIVEAWAY)

Mastering IDOR Vulnerability Hunting: Find IDORs in less than 10 minutes with Autorize!

Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)

Don't test for IDOR's manually, Autorize is so much faster!

How to Use Firefox Containers for Easy IDOR Hunting (With Demo!)

Hunting IDOR with Z-winK (Part 2)

Simplest & best method to install Burp Plugin - Autorize (A must have plugin for Bug Bounty hunt...

Gamified Hacking Ep:8 | How Hunting Broken Access Control Can Be EASY! Part 2 Autorize

IDORs are not easy, let me tell you why

Hunting IDOR (Insecure Direct Object Reference) Vulnerability Manually Using Burp Suite

Find IDOR Using Burpsuite | Autorepeater | Autorize | Bug Bounty

$1500 Bounty || Easy to find IDOR | POC | Bug Bounty | Spreaker.com

Easily Exploit IDOR Vulnerability | TryHackMe Neighbour | Ethical Hacking

Automating IDORS with Autorize - Common API Bugs Pt. 2 - IDORs & Access Control Issues

5 ways to test for IDORs

IDOR is a good vulnerability to start with!

Fuzzing IDOR Vulnerability With ZAP!

Live IDOR POC Bug Bounty Hunting Guide to an Advanced Earning Method

Poc of IDOR worth $1250🤑 | Bug Bounty | Hackerone

How to Exploit IDOR Vulnerabilities

IDOR Explained - Insecure Direct Object References

Easy to find IDOR POC Bug Bounty Spreaker com

Bug Bounty | A story of a $1000 IDOR bug

Finding Your First Bug: Manual IDOR Hunting