Hello @Reptilidog, that’s completely up to you. Personally, I think proxychains are overkill, but I use a VPN for the sole reason of resetting my IP address at ease. I’ve been blocked by WAFs many times when I first started, and a VPN makes it much, much easier to spin up a new IP address when needed.
It took me 4 months to find my first valid bug on a public program on bugcrowd.
You have to create your own methodology and what works for you. If you directly jump in the application then you will be lost unless you have a good experience like others.
101 is good for getting started but its not enough, follow other people on Twitter and read blogs. Watch bugcrowd’s univeristy videos , watch nahamsec’s videos on youtube or follow him on twitch , follow cybermentor on youtube and peter also have a youtube channel with good content. The point here is see and learn what others doing and then make your own approach that works for you.
“A known session cookie may have been set without the secure flag” . how can this info is useful for me to report plz support…
Thanks&Regards.
hello guys its me once again! 
So… heres where im now, just looking on youtube on where to find the flags… this is pretty annoying, i dont want to look at youtube to see where the flags are, any suggestions?
- i have burp suite, (for now), does that in anyway shape or form, tell me where the flags are?
2)Anyone living in canada to show me how this works? (to get in this field).
-
ive seen some tutorials and downloaded some pdfs regarding bug bounty, but i couldnt put my head around it, imagine you have a 16 year old, and you want to explain to him from 0, how would you do that?
-
i saw someone say downloads payloads, payloads this payloads that, but what is a payload and how do you use it for finding bugs? i feel like there should be a full course on this, to show how to find the ctfs, all the way up to finding real bugs… if we can come up with something like that, that’ll be really good… i did find a “free course” i signed up, but just like the title said “free”, no explanation, no hands on, just someone doing some one setting up burp and then explaining it, and putting different variables…etc
Hi there,
While pen testing a webapp i stumbled upon a curious API end point.
https://login.example.com/api/v2/user/verify (GET request)
among many other things it returns a IP addresses of my laptop.
The request has a CSRF token but its not being authenticated .
Is it possible to exploit this??
i mean can i trick a user to visit the URL and extract his/her IP ??
thanks
Have patience and passion because without these two you wont survive in this field. If you are totally new then start with peter’s hacker 101 book and read blogs and practice what you learn on vulnerable labs, watch bugcrowd university and h1 videos.
Hello, I have two questions:
-
How do I make my own threads on here? I didn’t see a create new thread button, so I’m guessing it’s restricted to new users?
-
How do I get a bugcrowdninja.com email? All these bug bounties are saying to use it to sign up, so how exactly do I get one?
Hi, I would say yes.
Unless the Out of Scope says “www.example.com/signup” if In Scope says “www.example.com” than you’re good.
CSRF attacks are blind. You cannot extract the response from a forged request. If you want to extract the response body, you could test for CORS misconfigurations.
Extracting the victim’s IP wouldn’t really make sense, though, as the exploit would require you to be able to perform a CSRF-like attack, which would give you access to their IP anyway.
1: You need read a few threads and post a few comments, then you’ll be able to create your own threads.
2: You already have one! It’s [your_username]@bugcrowdninja.com and any email sent to the address will be forwarded to the email address you used to sign up for your Bugcrowd account.
1 Like
A session cookie without the secure flag may be recoverable to an attacker on the same network. It’s a P4 vulnerability, but you should make sure that the cookie controls the session before reporting it.
I am new here and interested to learn how to find bugs but i don’t know from where to start learn. Can anyone help me?
Assalamu Alaikum (Peace Be Upon You)
I am Mehedi Hasan Remon
I am new in Cyber Security.
Recently I start hunting on a website, there I saw that they are using captcha.
There they show an image with 5 digit number and users have to enter that number shown in the image.
That site written in asp
After playing around the website I found that they are using javaScript time function to call the image.
Every second they import a new image.
I also found that they are using this technology on that image
CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90
now my question is how they are detecting the 5 digit number from that image!
is there any way to bypass this technology
Thank You
Hi, all.
I can find places to get reflection easily enough, and sometimes they even display all the text, like <script>alert(1);</script> but they only display it as text. What are your go-to ways to turn this into some actual xss?
If the payload is reflected as text on the page, the input is probably being filtered (" -> ", < -> <), meaning that the site is protected against XSS. You can view the HTML source to see how your input is being reflected.
There are numerous techniques to bypass XSS filters, though, so don’t give up! You can find an abundance of information about XSS bypasses online, here’s a great example.
1 Like
There are lots of great resources to learn bug bounty hunting online, but I know it can be quite overwhelming. I personally learned a lot from reading disclosed HackerOne reports (check it out here). Furthermore, I’d recommend Hacker101, Bugcrowd University and especially this awesome collection of bug bounty writeups.
Feel free to write me if you have any questions
So im like super new, and i wanted to know that how can the programs owners know that im a tester ( i can test without being accused of something illegal) also can ubuntu kali tools be used for testing
It seems like you’re suppose to log in using your bugcrowdninja email for most of your testing. Once you do so they probably cross-reference your ip to see you’re not a actual black hat.
If you’re really worried just go for the programs that say they’re a safe harbor, and not just partially safe.
They would probably contact you in good faith if they ever couldn’t tell.
Thanks for this reply