I've said it once and I'll say it again APIs are some of the best applications to hunt on, and now I've worked at a platform I have some data to back me up that IDORs are fantastic first bugs and they are EVERYWHERE! But, when we test a real API vs a lab or CTF there are so many endpoints and resources and stuff to test, so what if we could make IDOR hunting easier? What if we could automate it? Well this is what Autorize is designed to do! This free Burp extension allows us to automatically make a second request to test if our attacker account can do something to affect our victim. It's such a useful tool to have installed I 100% recommend it especially if you're a beginner.
Did you know this episode was sponsored by Intigriti? Sign up with my link [ Ссылка ] I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
This month as a thank you for bearing with me as I get back into video making we're doing a giveaway! To win one of the following prizes please enter via a comment on this video with an answer to: What bug or type of hacking do you want to know more about? And the text: #bountypls
1x Lifetime Membership to [ Ссылка ]
5x 1 month memberships PentesterLab Pro
5x 2 months Try Hack Me Premium
10x InsiderPhD Swag Pack
