8:30 your webcam is top-right, covering whatever you clicked to update the session cookie. I enjoy watching the videos and learning. Thanks for the great content!
I think in this application there is no need to spend the time decrypting the traffic, as he mentions this is theory. You could absolutely argue that in a RL situation where you would be hacking MFA it would be encrypted.
Because he is using a local proxy, it intercepts the browser's traffic before https is applied, I think it's burp actually. The only way to use this attack he is showing is to have control of the client machine or browser on a step before the attack. With a man in the middle it would go everything encrypted. The other thing he said that's not that aqurate is the posibility of bruteforcing the 4 digit code. Anybody with some knowledge of security would block that after some incorrect inputs, like 3 times or so. Usually those cannot be bruteforced unless the page is vulnerable to that (it was designed by a monkey) and it sould be generated by a random secure generator so the posibility to guess that is almost null. I think I went overboard with the explanation, sorry, I think I didnt really like this video.
I can see how "How to Hack MFA" could seem uninteresting to someone who doesn't know what "MFA" means. Maybe putting the written-out text in the title as well would be helpful in this case.
6:29 the easiest way would be to set the payload type to Numbers, then set the range from 0 to 9999 and the step to 1. Then you set min integer digits and max integer digits to 4 and min fraction digits and max fraction digits to 0.
Hi. Great video again. Could you make some of the next one about basic windows AD enum ? It will be nice to know some basic steps what could be useful to check to privesc after you get revshell or any not elevated user account. WinPEAS is good, but some tips for manual enum will be great to know. Thanx a lot. And also thank you for great content 🙂
amazing video, web apps are easy to use and access ... trying brute force on dedicated apps is quite different. I wonder this could work on a chromium addon MFA are really important, sad to know most people dont care about using it
