Web Hacking

Web Penetration testing is a very broad subject. I have made some tutorials which can help you to study this awesome subject.

Facebook Bug Bounty Guide | API testing

Facebook bug | Page Admins disclosed

Make WORDLISTS to HACK (Kali Linux - Crunch)

Watch Live Cyber War (Hackers playground)

Hack Passwords with PENDRIVE (steal browser passwords) - EVIL USB

Hack everything with Shodan (hackers google)

Google Hacking

Hack Password by BRUTEFORCE Kali Linux (Burp) on DVWA

Instagram Content Injection (Text) bug POC

Portforward Router Done,Explained in JIOFI

Remote Code Execution RCE (Kali Linux DVWA)

SEARCHSPLOIT - Kali Linux Offline Exploit DB

HTTP Header Injection (Mannual and Burpsuite)

URL manipulation explained (tutorial)

Facebook bug POC | Who left the Group -_-

Remote Code Injection on DVWA medium

Information gathering using TheHarvester in Kali Linux

Broken Authentication (insecure login, logout management, admin portal bypass)

Open Redirection Vulnerability

Facebook Bug POC - Privilege Escalation | emptiness

PAYTMPromoCode BUG POC

Metasploit Tutorial - 3 (hacking FTP login)

Some google dorks for you

 AMAZON Password Reset Bug POC

Google G+1 ClickJacking BUG

Power Fuzzer Website scanning tool in Kali Linux

Uniscan Vulnerability scanner in Kali Linux - Tutorial

NMAP Tutorial - 2 (Agressive scanning-intense)

Facebook trolling Hackers (Funny Header)

Facebook Mail Bombing (rejected POC)

HackerOne bug (Session Management)

NMAP Tutorial-3 (different scans and speed scanning)

NMAP Tutorial - 4 (Verbos scan and Saving scan results in file)

DOS attack using Slowloris in Kali Linux

Find vulnerability of ANDROID apps like FB (easy with steps)

Buffer Overflow with Tutorial

Nikto Vulnerability Scanner (explained with tutorial)

Metasploit Tutorial-10 (drupal site exploitation)

SQL injection (website pen test with sql map-step by step)

Recon-ng tutorial- 1 XSS Vulnerability (the first step for pen tester)

Subdomain Takeover

 How to find Subdomains (Tutorial)

WhatsApp Translate Account Takeover BUG POC (slow rate limit)

Shell Upload on Websites(backdoor PHP)

YoutubeUnauthorized Adword Linking BUG POC

Burpsuite - 1 (SQL injection,intercepting)

OSI model explained

Google Blogger ClickJacking Comments bug

Manual SQL injection (step by step)

Create Unlimited Instagram Accounts (unvalidated verification)

Cross Site Scripting (XSS)-1 (basics,ReflectedXSS)

Upload WebShell (bypass filters and intercepting)

Cross Site Scripting-2 (stored, redirected XSS)

Cross Site Scripting (XSS)-3 (XSS stored IFRAME and COOKIE Exploit)

Session Hijacking (MITM for cookies-side jacking)

Cross Site Scripting XSS-4 (hack username and password) 
 

Metasploit Tutorial -11 (e-mail extraction)

Shell Upload with Metasploit(DVWA high security)

Cross Site Scripting (XSS)-5 (medium secured DVWA)

Hacking random home routers (Angry IP scanner)

Web Spidering (Manual and Automated with Burp Suite)

Burp Suite complete Version (Windows installation)

WAF detection (WAFW00F in Kali Linux)

Cross Site Scripting (XSS) - 7 (via image upload)

Website Vulnerability Scanning Burp Suite in Kali Linux

Find Admin Panel Finder (Kali Linux Python script)

Find XSS and Bug Bounty Hunting


XSS bug in Etherscan (HOF plus Ethereum)

Encoding and Decoding (Burp Suite Decoder)

Predict Session ID (Burp sequencer)

Click Jacking (step by step explained)

BurpSuite HTTPS proxy setting (Install CA certificates)

Broken Authentication and Session Management tutrial

Hackbar and Bypassing XSS filters

Expect Header XSS