Hi, and welcome to this new video!

In this video I continue my web exploitation series by continuing the enumeration portion of the course. This time it is all about about parameter enumeration. Specifically, I will discuss how to use wfuzz in order to discover HTTP parameters such as GET parameters in the URL, or POST parameters in the body.

If you're interested in more videos of the series or if you have any feedback, please let me know!

-------------------------

TIMESTAMP

00:00 Introduction
01:50 Docker lab
05:35 Wfuzz scenario 1 – discovery of parameter name
21:10 Wfuzz scenario 2 – discovery of debug parameter
24:05 Wfuzz scenario 3 – discovery of parameter value
30:30 Insecure Direct Object Reference (IDOR)
33:00 Wfuzz scenario 4 – sending requests to burpsuite
35:15 Wfuzz scenario 4 – discovery of POST data
36:44 Conclusion

-------------------------

REFERENCES

- Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-05-06-web-exploitation-enumeration-of-parameters
- OSCP repository: https://github.com/LeonardoE95/OSCP
- BurpSuite Community Edition: https://portswigger.net/burp/communitydownload

-------------------------

CONTACTS

- Blog: https://blog.leonardotamiano.xyz/
- Github: https://github.com/LeonardoE95?tab=repositories
- Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ