Walk Me Through The Process Please

Hi all, hope everyone is healthy with whats going on. Being rather new my big question is (because I do not want to do anything wrong) is how exactly do I get started on a target? Do I look at a particular program, see what is in scope and I can go directly to that site and start to work? Can I register for an account and all? If someone can give me some guidance as to the process I would appreciate it. Thank you in advance, this is a great community.

First of all, welcome to the community!

All the public programs that you see invite you to test their sites/products. If the target is a webapp, you can go directly to the domain, sign up for an account, and start testing. Be sure to have a look at the bounty brief first though - some programs will provide credentials for you to login with, some require you to use your @bugcrowdninja.com email address. Also, some require that you add an identifying HTTP header to all your requests.

When testing, make sure to understand the program scope. For example, most programs don’t appreciate volume-based DoS testing, long-lasting brute force attacks, aggressive automated scanning, payloads in chats/forums, cache poisoning attacks without cache busters and generally anything that negatively impacts their service and customer experience. Also, you’re naturally not allowed to dump databases, install backdoors or anything like that in case you do compromise the system. If rate limit testing is allowed, don’t test excessively - just enough to confirm the existence of the vulnerability.

But to answer your question - yes, you may go ahead right away. Just make sure to stay within scope.

1 Like

Thank you so much for the reply, could you give an example of the http header identifier you spoke about?

For example, the Skyscanner program requires that researchers add the following header to all HTTP requests:

Skyscanner-Security: Bugcrowd

In Burp Suite, you can simply configure the tool to add the custom header to each request automatically.

This is not very common, but you should check the bounty brief before starting to test.

As @waike has mentioned, some programs ask that you add a custom header when you are working on their system(s). If you use Burp, there is a great extension to make this easy for you called Add Custom Header. You can grab it directly from the BApp store, and then set it for the project.

HTH :+1:

Many thanks for that complete information! mygroundbiz