Can someone verify part 1 still works? I did it the other day and got the cookie from Carlos. I have been trying the same way I did before as well as trying different encoding today and cannot get it to work. No cookie ever shows up in the log of the exploit server... Thanks
I've just started my journey in cyber security and I followed you on twitter. You are helping me a lot. I wish the best for you and I hope you continue uploading vidoes
I was able to get my own cookie being redirected but I cannot see carlos. I see my own cookies on the GET URL but not on the access log when I view andy parameter, same for my own.
Hi andy, do you still remember how long does the sql injection takes? cause from what i know level 5 and risk 3 takes quite some time and the exam is only 4 hours
I'm a beginner, please ask permission. whether the issues or bugs I found through Burp Suite Professional using Burp Bounty Pro are valid bugs. or should be in more in-depth testing. thank you so much for the answer.
justgot into part three, java deserialization, when running the attack after finding out how its encoded, it comes back as nothing being vulnerable..... anyone recently do this?!? so frustrating!
@@andyli weird i changed the search parameter from "?find" to "SearchTerm" still not seeing session in the access log, any guidance (struggle bus with burp suite)
can anyone help in what is the payload for the first step, (dom xss) i tried everything but nothing works, i can get my own cookie in the logs but not carlos cookie =/ edit: nevermind i solved it
@@andyli do you have any advice or tips? do you think doing all apprentice+practitioner labs is enough or do I need to do something more? what did you do to prep?
The video is good but don't be such a draaaaaaaaaaag!!!! bro and slow explaining it, it makes us fall sleep, Please explain it with sharp and confident voice broooh.