I am fairly new to Bug Crowd and general bug hunting. I have spent a lot of time in labs practicing different techniques and looking for vulnerabilities manually to understand it better however I want to start using some tooling. I am mostly familiar with Burp and Zap.
My question though is whether the Spider and Intruder features are generally considered safe against real world targets? I would assume not due to potential request rates on the backend however I thought I’d ask the Experts/Community for your opinion.
If not, what alternatives are there to automated aspects of the process?
Burp and ZAP are typically safe. Make sure that on the spider function that you don’t have it to populate and autosubmit form information. I had a problem once because I had Burp configured to automatically submit form information and it entered the name, address, phone and email address in the prepopulated form data in Burp.
Hey Chris
I’m new too to the field of bughunting , maybe we can help each other
contact me on discord
Ayoub#1938 or email : rezultas.diali@gmail.com
cheers
Hi all,
I am new to bug huting. please help me ? where i can find the bug path ? is this on the machine or the application like burp will show the path. How and data to be submitted in the report.