GraphQL is definitely the new hotness compared to good ol' Restful APIs, so more content related to pwning GraphQL endpoints would be pretty interesting.
@dadik7466
3 жыл бұрын
these 2 hours of waiting will feel like an eternity!
@jorihiukka6483
3 жыл бұрын
6 mins.
@zhivkogospodinov
Жыл бұрын
You're not wasting my time mate, I came here for that. But what surprised me is how you're actually thinking out loud which is fascinating for me and I really appreciate it, being able to peek into a fellow researcher's mind. Great video, keep going!
@mamoswx
3 жыл бұрын
John you are the MAN!! I get so excited for your videos, they're what I look forward to each week! Great personality, great sense of humor and great way of explaining what your doing! Keep up the excellent work mate!! Your channel is better than TV!! 👍🏽😆
@argsahoo
3 жыл бұрын
Others: I watch John Hammond for learning new cybersec skills. Me: I watch him for his outro music 😂
@johnnywalker3862
3 жыл бұрын
About that, did you actually know the music name or the artist?
@argsahoo
3 жыл бұрын
@@johnnywalker3862 I think that's fearless by NCS
@johnnywalker3862
3 жыл бұрын
@@argsahoo Thanks a lot man! Have a nice day/night!
@jkobain
3 жыл бұрын
I'm watching it despite the outro music for sure.
@insanitydefined3112
3 жыл бұрын
Loving these videos! Super cool how you explain each and every thing you do, even as a seasoned programmer it’s always cool to see how another programmer thinks! Thank you!
@archhuman
3 жыл бұрын
someone on Loi Liang's video commented about this channel, and here i am subscribing
@mayankarya6506
3 жыл бұрын
You make soo much fun, Also, A amazing teacher, I learnt lots of things from your videos, And really thankful for making such videos for us🙏
@MatteoGariglio
3 жыл бұрын
This technology is getting more and more used, therefore YES, I think it is a good thing to have few videos on GraphQL topic ;) Super nice your videos, John. Cheers!
@teddybear9152
3 жыл бұрын
Whoop another video can’t wait ! 🤘🏻 love this guy!
@robertcrier3551
2 жыл бұрын
I love your channel, it's eye candy for pentesters.
@SinusQuell_
3 жыл бұрын
I have now registered on HTB because of your videos :)
@WebWonders1
Жыл бұрын
Learned alot from this video
@_xpl0it_
3 жыл бұрын
I had fun learning graphql with you, thanks john.
@bufordmaddogtannen
4 ай бұрын
To avoid getting the unwanted traffic from the briwser, just patiently compile a list of offending domains and exclude it within the browser's proxy settings.
@makerslab919
3 жыл бұрын
Thanks again John, always look forward to your next video =)
@Piercy0812
3 жыл бұрын
GraphQL is pretty great. It can really empower your APIs if used correctly. It's worth being wary of the performance but depending on scenario it can be very good. For Example, Imagine an Author object can have a books array. When calling the query, you can specify the fields you want, and it will only query for those fields. So if you imagine the books array could be more complex than just getting the Authors First and Last name. It allows for people to query the Author, and get the name information without the books, or query the author, and also get their books. The way GraphQL can handle this means you don't unnecessarily query your database for fields that are not required. If you wanted to take that one step further, you can choose what fields you want back from the book, and lets pretend the genre field was complex. You could separate this out too so that again you don't create complex queries on your database when you don't need to. Each time you do this, your essential layering your queries on top of each other. So first the Author returns with an AuthorID, then the Books are Queried, using that AuthorId, then the Genre is queried using each BookId. Again, taking it further, maybe you return a list of "TopAuthors", well thats just an array of Authors, which you could query the Books, and as such the Genres... or maybe that's going to be too badly performing, so you just return the Author First and Last names instead. Simplified answer, and you have to be careful when using GraphQL. However, it is very powerful.
@Narc0YT
3 жыл бұрын
Nice little run down!
@kojche
Жыл бұрын
When you zoom that much it's also unreadable, just keep something in the middle :) Thanks for the video!
@jrmartinss
3 жыл бұрын
You could write at the end of the URL /graphql that would open the Query editor. This would make it easier to intercept the data.
@AjaSiva
3 жыл бұрын
it may be disabled
@switchblade3868
3 жыл бұрын
John : maybe I do this some that and ctf is solved Me : maybe I do this some that and did I just broke my vm again?
@AbacateSexy
3 жыл бұрын
Great vid John. But I can't wrap my mid around, how did you single out Introspection right away? I feel like I would be stuck reading about GraphQL for a week before stumbling upon introspection. Could you help me understand your train of thought? Cheers :)
@user-zx8pk4qm3k
3 жыл бұрын
he has tutors for that
@AkshatMittal
3 жыл бұрын
Personal Experience: The first time I faced a GraphQL endpoint when I knew nothing about it, the term I Googled was "GraphQL osint" followed by "GraphQL exploit" both of which lead me directly to Introspection. It did take me at least another 2 searches to find a full dense introspection query but it worked flawlessly. (I also chose to use a GraphQL client rather than Burp like John) Just sharing because it might be helpful. (I'm also a developer, so maybe my train of thought and experience helps by default)
@AbacateSexy
3 жыл бұрын
@@AkshatMittal thanks homie, that was really helpful!
@caracolsalinas
3 жыл бұрын
I found a bug bounty related with this before :D
@karanb2067
3 жыл бұрын
Man!!!!You're really really good!
@Pr4547h
3 жыл бұрын
John using burpsuite..!! 1st time iam seeing 🧐
@omgpizza4174
3 жыл бұрын
i love how you find the flag
@bufordmaddogtannen
4 ай бұрын
Patiently compile a list of offending domains and add it to the browser extension exclusion list. These will not go through B urp.
@patrickwildschut5750
3 жыл бұрын
Could you do some more beginner CTF walkthroughs? They’re sooo handy
@jorgevilla6523
3 жыл бұрын
Great video! Thanks
@svilenSt.
3 жыл бұрын
Good one! Thanks for sharing :)
@tracid56
3 жыл бұрын
Hi @john! Thanks for all this video and explanation! I was stuck for the "Syncopation" challenge in reversing section. Are you going to make a video on it? thanks!
@sob3ygrime
3 жыл бұрын
Awesome video!~
@anujpatel1654
3 жыл бұрын
Would love to see john struggling and exploring in bug bounty
@georgehammond867
3 жыл бұрын
Replace all new lines by " " is not working on Sublime text and Vs code, how is he doing it in this video?
@comdeyoverflow2414
3 жыл бұрын
What key did he used in sublime text to make the payload more simply use in burpsuite.
@johntoes1260
Жыл бұрын
Make sense
@pinkeye00
3 жыл бұрын
The Ed Sheran of Blue Team.
@sgtkeebler
3 жыл бұрын
John, lately I have been committing to my studies 3 hours a day 6 days a week. How much study time would you recommend?
@alootgoblin
3 жыл бұрын
You could pass your api URL to Graphiql/Graphql playground for pretty easy exploration.
@AdamHillikerLikesRobots
3 жыл бұрын
This endpoint is usually disabled on production builds
@Explor1ngth3w0rld
3 жыл бұрын
👤👤🖤🖤🖤
@luthfisukma9787
2 жыл бұрын
what keyboard is u use ?? may i now ??
@Anunnaki95
3 жыл бұрын
Wanna know more about Pegasus? Is this software available to use?
@fordorth
3 жыл бұрын
I am always down to learn everything lets throw up that GraphQL tutty!
@JNET_Reloaded
3 жыл бұрын
taskbar belongs at the bottom for both win an lin
@BearkFearGamer
3 жыл бұрын
would be nice a video with gRPC
@Patocoh
2 жыл бұрын
Are we gonna get a graphql course? :c
@coolmanberr1738
3 жыл бұрын
You're fantsastic
@crowntimber1
3 жыл бұрын
font too smol make it biggggg doesnt work then makes it smaller then when he started
@S3curityB3ast
3 жыл бұрын
Hiii, can you Make a video on syncopation from this ctf I am stuck from 2 days for this now...
@_JohnHammond
3 жыл бұрын
Yup! Already recorded, should be released soon :)
@S3curityB3ast
3 жыл бұрын
@@_JohnHammond Thanks a lot Super excited to see it :)
@harisankar1024
3 жыл бұрын
So what did you learned from this? googling????
@iamvikasgola
3 жыл бұрын
You should have explained the graphql query. Otherwise, there was no point in making this video of 15 mins.
Пікірлер: 68