Journal
Raw Notes
- Installed Foxy Proxy yesterday didn’t take notes because it did not seem necessary
- So far this is information I have already learned about the Proxy on Burp Suite
- Burp Suite
- Proxy
- see data flowing from client to server
- Intruder
- brute forcing
- Install the extension Turbo Intruder?
- Logger++ should be installed apparently
- Proxy
- Authentication
- The authentication “flow” is a common attack vector
- What is the difference between authentication and authorization(access control)
- Authentication
- is your Identity
- Authorization access control
- Is what you are allowed to do
- Authentication
- The two main ways we are going to attack Authorization are
- Brute force attacks
- Dev teams under estimate
- Logic issues
- usually critical and undetected by tools
- Brute force attacks
- Critical Thinking Podcast
- Bug Bounty Hunting is a game of luck but you control how many times you roll the dice.
- Go down rabbit holes but possibly control yourself when doing them. When starting out it is good to go down rabbit holes because you are also learning.
- Take your time with a program. The first 40 hours you spend on a program is to learn about the program before getting any attack vectors
- Fuzz all the things
- Dedicate time everyday
- Dedicate time to learn new attacks
Web Application Penetration Testing PJWT Burp Suite Bug Bounty