WEB CACHE DECEPTION FOR BEGINNERS!

preview_player
Показать описание
Hi! I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.

SIGN UP ON Intigriti:

BUY ME A COFFEE:

SOCIAL MEDIA:

TIME STAMPS:

00:00 Introduction
00:56 What is Cache?
01:24 Which files are cached?
01:52 Lab Demo
03:08 Path Confusion
04:06 The Bug
05:42 Attackers Exploitation
06:29 Summarizing Conditions
06:53 Instructions for the lab

INSTRUCTIONS TO SET UP VARNISH WITH YOUR APP:

CONFIG CODE:

sub vcl_recv {
return (pass);
}
return (hash);
}
}

RESOURCES FOR WEB CACHE DECEPTION:

HACKERONE REPORTS:

  1. Farah Hawa
  2. web cache
  3. web cache deception
  4. web cache deception attack
  5. bug bounty
  6. ethical hacking
Рекомендации по теме
WEB CACHE DECEPTION 0:07:42

WEB CACHE DECEPTION FOR BEGINNERS!

Web Cache Deception 0:23:02

Web Cache Deception Attack

Web Cache Deception 0:07:23

Web Cache Deception Attacks! | New From BlackHat 2024!

web cache deception 0:00:34

web cache deception attack (poc)

Web Cache Deception 0:00:57

Web Cache Deception POC | Bug Bounty POC | Lazy Pentester

Web Cache Deception 0:01:45

Web Cache Deception

Web Cache Deception 0:10:36

Web Cache Deception Attack

Portswigger: Exploiting path 0:02:51

Portswigger: Exploiting path mapping for web cache deception

Web Cache Deception 0:00:30

Web Cache Deception Attack in PayPal History Page

web cache deception 0:00:34

web cache deception attack poc | web cache deception poc #viralvideo #portswigger #bugbounty

Web Cache Deception 0:01:24

Web Cache Deception attack POC

Web Cache Deception 0:03:38

Web Cache Deception POC Bug Bounty

Web Cache Deception 0:31:40

Web Cache Deception vs Web Cache Poisoning

Web Cache Deception 0:00:49

Web Cache Deception Attack PoC on a private bug bounty program

$500 Bug Bounty 0:02:13

$500 Bug Bounty POC - Web Cache Deception

Web Cache Poisoning 0:03:51

Web Cache Poisoning Explained : Web Security & Vulnerability

Black Hat USA 0:23:02

Black Hat USA 2017 Web Cache Deception Attack

USENIX Security '22 0:11:59

USENIX Security '22 - Web Cache Deception Escalates!

26.17 Lab: Exploiting 0:02:04

26.17 Lab: Exploiting HTTP request smuggling to perform web cache deception

Exploiting exact-match cache 0:04:10

Exploiting exact-match cache rules for web cache deception | PortSwigger SERIES

Web Cache Deception 0:00:38

Web Cache Deception Attack in PayPal Settings Page

h@ckivitycon 2020: Cached 0:30:30

h@ckivitycon 2020: Cached and Confused: Web Cache Deception in the Wild

WEB CACHE DECEPTION 0:02:47

WEB CACHE DECEPTION

Exploiting origin server 0:02:03

Exploiting origin server normalization for web cache deception | PortSwigger SERIES

Комментарии
Автор

This video proves that a single video is enough to understand the concept. Great Work.😀

ZaidKhan-nkxr
Автор

Your way of explaining things with an example using labs is

sivakumar-idhe
Автор

Very useful content keep post cybersecurity content like this ❤

ChillTamizha
Автор

Di, I thought Web Cache poisning is So hard to understand because It is a P1 Vulnerability and P1 are difficult to learn but You Made My Day Today, a Lot Farah Di!
❤️

MokshitKalRa
Автор

Content getting better and better 👍👍👌👌

samsingh
Автор

Your method of teaching is really helpful for beginners like me

mehrabhasan
Автор

Awesome!
Just to add a bit more to it:
Whether a page should be cached or not, also depends on a response header Vary. Do check that out to know exactly what is being used to cache the pages of the website. (Cookies, Accept-Encoding, Extensions etc.).

rohitsoni
Автор

Its amazing teaching stayle. Thank you Ma'am.

sanghadiyasunil
Автор

you've included some good resources in the description. It's amazing :)

ashrafulalim
Автор

Just wow learned many things from your video

donhasan
Автор

It doesn't work for me when I replicate the lab, I inserted the config code given, it did cache when I change pass to hash for php file but when I try to insert the extension of css or other extensions, it just gave me 404 error, any idea where i went wrong? Everything seemed to work except trying to get it to cache the extension

Aaron
Автор

Your explanation is so good please continued for other topics

VikasSingh-eugb
Автор

Love your videos . Please make practical video on idor bug .

darshanjogi
Автор

hey farah your video is really helpful even though i've already been 3 years in bug bounty community, i still find your videos very helpful especially the most basics one i tend to forget it, do you plan creating your udemy tutorials soon?

arjayhferrer
Автор

Excellent. You have yourself another subscriber :)

kiwinesss
Автор

@Farah Hawa. can you make a video on Reflected file download

abhishekrajak
Автор

All the basic relevant info and technical explanations in <10 mins! What else do people even need? A cut from your bounties?

RogueSMG
Автор

Hi! I'd like your opinion on the platform INE Training, I don't know if it's worth it. Have you used it? Have you known anybody who has? They're quite expensive. Cheers mate!

davidg
Автор

Really well explained and very helpful. Thanks!

xnl-hckr
Автор

Hello Madam we all like your way of teaching. We are requesting please make a video on the bugcrowed bug bounty where we get how to choose program, initial steps to any bug bounty and how to perform and which tools are used and os is useful for bug bounty and most important report writing for anyone of program in bugcrowed.

Waiting for your reply.

Thank you.

shekharpopatmahadik