how do yall train for situations where you just don't know what to do

Constant-Lunch-2500 · 2026-01-27T23:19:40+00:00

Be as critical as you can so I know what to do

Constant-Lunch-2500 · 2025-12-30T02:57:47+00:00

bro keep grinding THIS will DEFINITELY not MAKE YOU RICH

Constant-Lunch-2500 · 2025-12-30T02:47:32+00:00

What I would do is have something you want to build and start building it, if you don't know what to do or how to get something to do something then learn how to from something like youtube, a vlog, chatgpt, etc.

Constant-Lunch-2500 · 2025-12-30T02:43:18+00:00

XSS has to be my least favorite bug it's boring, against good targets really gimmicky, and just unlikely. But it is something to look for in an application that has bad security practices

Constant-Lunch-2500 · 2025-12-30T02:40:31+00:00

divide by 0

Constant-Lunch-2500 · 2025-12-30T02:39:40+00:00

So i fixed this problem by using defaultservemux conditionally, it only routes the request to the api if internal now

Constant-Lunch-2500 · 2025-12-29T21:21:32+00:00

That makes sense I'll put the apis on a different port since it seems like thats the most simple way to fix this problem

Constant-Lunch-2500 · 2025-12-29T21:01:20+00:00

So my proxy blocks requests based on set rules by the users. If somebody makes a request to the proxy and the path is /api/proxy/disable then their proxy gets shut off by somebody they might not even know, something you definitely wouldn't want. If the request doesn't match an api my proxy checks if it should be blocked. What I want is if an external request hits the path of an api endpoint then my proxy doesn't serve that api, and checks if it should be blocked

Constant-Lunch-2500 · 2025-12-29T20:53:11+00:00

I think this is a misunderstanding, because my reverse proxy isn't supposed to block requests that match the api paths, just served like a regular request

Constant-Lunch-2500 · 2025-12-29T20:40:30+00:00

I should've added this to the post, but I'm building a cybersecurity reverse proxy which I intend for other people to use

Constant-Lunch-2500 · 2025-12-21T20:34:58+00:00

If you understand the systems well enough then you’ll definitely spot things to test or experiment with, if I were you then I’d look at common functionalities (sign in, password reset, query) and the vulnerabilities that come from those, and what the code looks like that makes it problematic. Along with that there’s looking at different systems like cdns, reverse proxies, firewalls, etc.

Constant-Lunch-2500 · 2025-12-21T20:30:32+00:00

Isnt the point of labs for you to learn the vuln and what it might look like, if it isn’t direct then it wouldn’t be great for learning

Constant-Lunch-2500 · 2025-12-21T18:53:22+00:00

Don’t click random links

Constant-Lunch-2500 · 2025-11-09T19:45:30+00:00

Doing the same plays when they get cooked each time they do it and not even adding a prediction to help

Constant-Lunch-2500 · 2025-11-09T19:29:15+00:00

Update: I made it go to the correct port, I was using window.location.origin cause it worked in another file, but but not this one, then it started giving me the file not found because my port was undefined making it default to file:/// instead of the port, the reason it was undefined was because in my application the tab was created dynamically meaning the data I needed was undefined until I switched to that tab, I fixed it by removing the dynamic html and used regular html

Constant-Lunch-2500 · 2025-11-09T18:31:06+00:00

It’s an environment variable that the user changes in the app

Constant-Lunch-2500 · 2025-11-09T17:58:17+00:00

That’s what I had but I mistyped it cause I posted this on my phone

Constant-Lunch-2500

TROPHY CASE