WEB CACHE DECEPTION FOR BEGINNERS!

Hi! I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.

SIGN UP ON Intigriti:

http://go.intigriti.com/farah

BUY ME A COFFEE:
https://www.buymeacoffee.com/farahhawa

SOCIAL MEDIA:
Follow me on Twitter:   / farah_hawaa  
Follow me on Instagram:   / farah_hawaa  
Connect with me on LinkedIn:   / farah-hawa-a012b8162  

TIME STAMPS:

00:00 Introduction
00:56 What is Cache?
01:24 Which files are cached?
01:52 Lab Demo
03:08 Path Confusion
04:06 The Bug
05:42 Attackers Exploitation
06:29 Summarizing Conditions
06:53 Instructions for the lab

INSTRUCTIONS TO SET UP VARNISH WITH YOUR APP:

https://linuxhint.com/varnish_cache_u...

CONFIG CODE:

sub vcl_recv {
if (req.url ~ "^[^?]*\.(php)(\?.*)?$") {
return (pass);
}
if (req.url ~ "^[^?]*\.(css|jpg|js|gif|png|xml|flv|gz|txt|...)(\?.*)?$") {
return (hash);
}
}

RESOURCES FOR WEB CACHE DECEPTION:

https://www.blackhat.com/docs/us-17/w...

https://blog.cloudflare.com/understan...

https://omergil.blogspot.com/2017/02/...

https://blog.takemyhand.xyz/2018/05/w...

HACKERONE REPORTS:

https://hackerone.com/reports/593712
https://hackerone.com/reports/397508



Video editor: https://www.fiverr.com/pixelstudios1