Burp for Beginners: How to Use Repeater

Подписаться 80 тыс.

Просмотров 10 тыс.

50% 1

Repeater is the main tool you'll end up using in Burp for bug bounty hunting, in this video, I go through the basics of repeater, show you how to get the most from repeater and give a live demo showing you how to actually hack things with repeater!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
What are you doing this weekend? What burp videos do you want to see? Let me know in a comment! Do you want to support me? Why not buy me a coffee? ko-fi.com/insiderphd
Got questions? I have answers, Tweet at me / insiderphd

Развлечения

Опубликовано:

30 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 35

@danyelvillalba7 4 года назад

I love your content, Your videos motivate me more and more to continue with bug bounty! Thanks Katie, I like this kind of videos with real targets, Thanks a lot!!!!

@husseindhooma5816 2 года назад

Amazing content Katie, thank you so much

@khalifakhalifi2397 3 года назад

I love the way it is explained, and I also love the voice! Love your content!

@jacklinenyamuiru6360 4 года назад

hi katie, i love your videos, thank you :)

@htsec4923 2 года назад

Thank you 🙏🏻

@zeus-x0722 4 года назад

Thank so much Katie for amazing effort

@InsiderPhD 4 года назад

Thank you! Happy to make it :)

@SpookiePower 4 года назад

Thanks for another great video. Hopes to see more Burp videos from you :)

@InsiderPhD 4 года назад

Sooooon! I’m hoping to cover everything in intruder!

@sachinmaurya3259 4 года назад

Finally!! I was waiting for your video :)

@InsiderPhD 4 года назад

Hope you enjoyed it!

@sachinmaurya3259 4 года назад

@@InsiderPhD Yep ;)

@nikolakrsmanovic1253 4 года назад

Great content! Keep up!

@InsiderPhD 4 года назад

Thanks, will do!

@nikhil6085 3 года назад

Thanks Katie! I was trying to do the same with gmail but the requests over there are too difficult to interpret. I would like to highlight one thing, your mail won't be sent because there are many values in that request which are changed while sending an email. Solution to this problem is you send two different emails from your account (from browser like a legitimate user), then in Burpsuite you send those email request to comparer (request) and find out the changes between the two requests and do the same in your crafted email in repeater. Add random values of same length where the changes are seen and boom! your email will be sent.

@kevingeorge9152 4 года назад

Is having in depth knowledge of web development necessary for getting started with bug bounty? I have no web dev experience, so should I first learn it to understand how JavaScript and stuff works or is it not really necessary? PS : thanks for all these amazing videos

@InsiderPhD 4 года назад

You don't need to learn how to do web development, in fact not knowing can be an advantage since you might look in places someone with dev experience might skip over! But I will say that it helped me a lot and it meant when I went into hacking I saw it as an extension of deving rather than a new skill. STOK is quite well known for not being a dev and TomNomNom is a dev and they're on the same team! If you want my opinion, learn how to make a basic web app in a language (python might be a good choice since many tools use it), to get a feel for how it works!

@joshgordon7299 3 года назад

Awesome

@user-us4yi6mc7i 2 месяца назад

great

@muhammedali1870 4 года назад

Hey Katie, do you think subdomain takeover is still worth to hunt or it will be very hard to find and just wasting my time? Thanks

@InsiderPhD 4 года назад

People do find their first bugs with subdomain takeovers, but just make sure that the services you're looking at are vulnerable via github.com/EdOverflow/can-i-take-over-xyz this is a good introduction www.hackerone.com/blog/Guide-Subdomain-Takeovers !

@niraj9226 4 года назад

Love your videos. Thanks for the videos. I have a question that since you are using the suite on yahoo.com, so is it legal? Can I use burp suite on any website? I mean is it legal to use on unauthorized websites? thanks and keep sharing your knowledge.

@InsiderPhD 4 года назад

No! I am allowed to hack on Yahoo.com because it runs a public bug bounty program on HackerOne hackerone.com/verizonmedia you should never test a website you're not explicitly allowed to via a bug bounty program or some kind of authorisation directly from a company (eg a pentest)

@niraj9226 4 года назад

Thanks Katie . Please don't stop uploading videos for beginners. I am a newbie.

@shreyanshdesai3152 4 года назад

i needed this so badly cause i just started in bug bounty ps- i wanted to know that is cracked burp harmfull to use as i can not afford one

@InsiderPhD 4 года назад

You don't need to use a cracked version! You can just the Community Edition (free one)! The full version isn't necessary when you just start out

@shreyanshdesai3152 4 года назад

@@InsiderPhD thanks for showing path I appreciate you helping community

@hasnainabidkhanzada3754 3 года назад

Since you already know where ymail endpoints are in the long list of yahoo request captured by burp but what if someone doesn't know about them? How he can find endpoints? For suppose endpoints fo Gmail etc? Any suggestions regarding that?

@InsiderPhD 3 года назад

It comes with practice basically, I have hacked the Yahoo Mail app before so I know what I'm looking for, but usually my approach is: - Poke at what I want to hack - Go to burp, see what requests were just sent - Look for one which has the data my poke had, ignore anything that looks like a tracker/advert - Use that to filter down my Burp scope

@hasnainabidkhanzada3754 3 года назад

@@InsiderPhD Ok Got it, Thanks :)

@hasnainabidkhanzada3754 3 года назад

@@InsiderPhD Ok Got it, Thanks :)