Been a couple days and one of the things I’ve been wondering was some of the rules on bug bountys. One bounty I looked says I can’t use which scanners(burp) for looking for a bug which bother me since I spent couple days learning how to use burp.There other things I write here but what I’m trying to say I’m lost. I know couple languages but I don’t know exactly how to utilize them and I hope someone points me in the right direction.
but what is your question @Mr_Silver ? you are lost with what ?
For example one of the languages I know is javascipt so I thought I’ll use it where it usually at cross scripting. I tired using a couple times but I realize I don’t know if I found a vulnerability or where to find a good place to look? I tired looking at places I would think that would be vulnerable like login for example.
check EVERYWHERE where a user can input data particularly where the input is reflected back, eg error pages, password reset pages. search pages, comments, even some .js endpoints
name
address
phone number
etc etc
put this in google site:hackerone.com xss and read EVERYTHING there is soooooo many place to put xss. remember to test all browser version as some xss only fires on some browser
Your advice has been helpful and I’m also using harker 101 for refence. I have 3 things I’m curious about before I start.
1.Sql injection legality like off limits to all sites or some?
2.what some useful tools I can use in kali?
3. I’ve been trying to install dvwa but its being a pain so I might skip it. I know it can help me on my hacking skill but I wondering if there other ways to hone my skills?
-
I have not seen any program say explicitly do not test for sql injection, but use common sense you dont need to dump the whole database to prove sql injection.
-
read here Researcher Resources - Tools, watch level up, go on thebugcrowd leaderbaord and follow the top guys on their twitter, a lot of them have some type program or script they have wrote on github and read their blog posts, many have a medium.com page. many of the tools on kali are now more often updated on github for example if you use sqlmap on kali and run sqlmap --update it advises to use github.
-
you can use https://google-gruyere.appspot.com/ which is a live website to practise on, or watch this to install mutillidae and xampp on your kali box https://www.youtube.com/watch?v=CWThOgW4iZM but if you do decide to use mutillidae get the git version by pasting this in your terminal git clone https://git.code.sf.net/p/mutillidae/git mutillidae-git
good luck
It been 2 weeks I’ve been using mutillidae and that google site you recommended to get a good idea of bug hunting but I could use some more tips.
1.I wondering if any good recon tools because any recommendation I get is all over the place.
2.Also I notice some bounty exclude scanner including burp suite scanner but I wonder if I can still use some tools of burp but not the scanner itself. Will it still exclude me if I do this?
3.One more problem I face was when I use proxychains with burp suite I get a “dns refuse connection” error. The first time I used it worked.
scratch the third one I figured it out.
@Mr_Silver anyone who has done any type of threat hunting/hacking will tell you that the first (and probably most important) step is recon. Abraham Lincoln said, “If you give me 6 hours to chop down a tree I will spend the first 4 hours sharpening the blade”, which applies directly to hacking. depending on what you’re comfortable using here are some recon tools I use
-dnsdumpster.com
-nmap
-sparta
-nikto
-Shodan.io
Good luck, and happy hunting! Cheers!