Комментарии:
I quite enjoyed that.
Ответитьlove this can you suggest any other XSS ctfs?
Ответитьcan you make a video how to make different types of payloads?
ОтветитьCan anyone explain how he made a request sending the dictionary and it injected the code?
ОтветитьYou are just awesome bro !!!!!!!!!!!!
ОтветитьBest of its kind
Thanks so much mentor
You are amazing 😀
ОтветитьTIL: he doesn't know javascript syntax
ОтветитьWhere u learn python for cyber security
ОтветитьThat was so epic man 🤘🏼🤘🏼
ОтветитьMan, john looking forward to "python primer for hackers!" great stuff keep it up.
Ответитьthis is amazing man
ОтветитьWhat is your primary job? I noticed you have to be in mil to do this challenge. I'm in the Army myself
ОтветитьGreat video.I want to block my mobile carrirer xss protection to have free internet.give me an idea please.
ОтветитьNice()
ОтветитьDude quality stuff 👌👌👌
Ответитьgreat video and I love your unique way in solving the challenge with python but couldn't you have don all this with burp suite ?
ОтветитьThis is awesome.
ОтветитьI know it's old but I've been binging your videos and bro, just amazing. The use of python to wreck like everything makes me sooo sooo happy.. I've literally understood coding 1000% better just watching your content.
ОтветитьMan 😍
ОтветитьI think I have to leave bash and start python🐍🐍
ОтветитьYour videos are priceless. You don't just show the attack but also the process and the evolving of ideas while designing the attack.
Premium content, thank you really.
really enjoyed this!!!
ОтветитьI know I'm late on this one, but I'm just binging on your old stuff at 2:30am. The backticks allow you to use ES6 syntax to create a template literal, previously referred to as a template string I believe.
So instead of:
var name = "Nick"
var output = "My name is" + name
alert(output) // outputs "My name is Nick"
We can use name and change output to:
var output = `My name is ${name}`
Our alert will produce the same result without needing to concatenate the string and variable and eliminates the need for using quotes for the string. This is a very simple example, but when you need to concatenate a lot of stuff it saves a bunch of time. It also apparently helps to make this attack work which is super cool.
That Was awesome <३
ОтветитьCouldn't you just do "document.cookie" with the browser dev tools? Why create a script to send this info to your server?
To whom actually belong that session?
I see myself there doing PT with my client application finding all possible xyz. Exactly, I got that PT feel bro..🍻🔥
ОтветитьWowww, that was awesome!!!!! <3 Thanks a lot!
Ответить`b to a` and `a to b`
ОтветитьSo basically if you don't have a server on the internet, you're SOL?
Ответитьincredible sir i really loved it and please keep coming these videos
ОтветитьThis was so informative and beautiful in a short video 👌
ОтветитьBinging on your content. Love seeing your thought process as you run into roadblocks.
ОтветитьI love how John teaches the subject. He most likely already knows the answer, but knows that showing the methodology is more important. Trying different things, failing sometimes, then finally winning, are what makes a good hacker.
ОтветитьOne of best ctf question i’ve ever seen so far. Also great solution! Congrats John
ОтветитьAmazing video man !! new sub and like , more XSS videos !!!!
Do you give a course on udemy or something like that on web hacking? If not, it would be great, we would all buy it
Bro how are u today? I am anonymous haha
ОтветитьBro where script code phyton this video
ОтветитьI would have never thought about that base64 and atob(), nice little trick to bypass filters to keep in my pocket! Great fun lab!
ОтветитьI love how you approach the problem... it is excellent..
also how do you get the output of python in new window.. by default it opens in a panel...
Teacher
ОтветитьWhat I would do is make the string the fragment and pull it from there
Ответитьel verdadero proceso de un hacker , investigar , persistir , evadir los obstaculos .... te ganaste un subscriptor bro , buen video
ОтветитьThat ad at 18 minutes was 🤌🏼
ОтветитьHey John, wondering if you can expand on your CORS comments from the end of the video. You mention that when a script from the target site tries to reach out to the attacker's site, you can see a CORS error. However, isn't that error entirely in the attacker's control? Couldn't you have returned the right CORS headers from your server to allow the request through?
ОтветитьI rather had idea lile h1 on dom content full load do function :3
Ответитьsir start a series on python like solving CTF on python its gonna be really fun ❤
Ответитьseeing you hacking made me love hacking very much.
Ответить