How to approach a target in bug bounty:
Hello friends today I am going to tell you about how to approach a target in bug bounty.
So first thing is there are many platforms like bugcrowd, hacker-one, yeswehack , SafeHats to report security issues means bugs.
First thing you need to observe how website works or how system works . There is website called wappalyzer.com . In which you can check that which languages or functionality website use. In this information gathering part you will get to know that on which language website is based on.
You need to observe workflow of website for this you can use a proxy tool such as BurpSuite , Zap etc.
If you don't know about proxy tools then we are going to post about proxy tools.
Don't worry !
If you find any weird behavior in website it doesn't mean that site is vulnerable for any bug , sometime its intended behavior. You have to do some self research for pen-testing . Let's say you found that a particular version of of web server is being used that is outdated look on the internet for known vulnerabilities against it you will find known CVE . Try to exploit it and see what happens.
There are some special tools are required explore into that if possible, remember BurpSuite is legend tool .
After spending many of hours on a single website if you think you have exhausted all your options and not get anything proper output stop and move on . Getting Hung Up On something is the biggest motivation killer but that doesn't mean you are giving up.
It's all about how to approach a program or a website feel free to ask questions
Cheers !
Hello friends today I am going to tell you about how to approach a target in bug bounty.
So first thing is there are many platforms like bugcrowd, hacker-one, yeswehack , SafeHats to report security issues means bugs.
First thing you need to observe how website works or how system works . There is website called wappalyzer.com . In which you can check that which languages or functionality website use. In this information gathering part you will get to know that on which language website is based on.
You need to observe workflow of website for this you can use a proxy tool such as BurpSuite , Zap etc.
If you don't know about proxy tools then we are going to post about proxy tools.
Don't worry !
If you find any weird behavior in website it doesn't mean that site is vulnerable for any bug , sometime its intended behavior. You have to do some self research for pen-testing . Let's say you found that a particular version of of web server is being used that is outdated look on the internet for known vulnerabilities against it you will find known CVE . Try to exploit it and see what happens.
There are some special tools are required explore into that if possible, remember BurpSuite is legend tool .
After spending many of hours on a single website if you think you have exhausted all your options and not get anything proper output stop and move on . Getting Hung Up On something is the biggest motivation killer but that doesn't mean you are giving up.
It's all about how to approach a program or a website feel free to ask questions
Cheers !
How to report bugs properly?
ReplyDeleteIs adsense enabled on this blog? Asking because google dont usually allow it on cybersec blogs.
ReplyDelete