Welcome to my blog, where I share my knowledge with the Bug Bounty Community… Today, I wanted to write about a bug-hunting story where I was able to take over an admin portal without any username or password. It was a VDP target, but the details may be useful for you. I found an XSS in this subdomain, and while I was trying to exploit it, I found a “Caido Finding” that was reported by Caido Scanner under the title “Big Redirect”. ...
How to build Caido passive workflows to scan all HTTP requests & responses… In this tutorial, I will guide you through the steps to build your custom Caido Workflows, which can help you identify bugs based on your methodology… You can scan for patterns like API keys or tokens, or take it to the next level by integrating it with “Match & Replace” rules to inject payloads and match for high-impact bugs, such as OS command injection. ...
It took over two years to build my bug bounty automation framework (The Blue Whale), so I like to share the story of the building process and some details about the project architecture… Talking about bug bounty automation … basically, you want to automate the tasks that will be repeated over and over, which will cost you effort and time each round. The second and most important reason is “scalability”, the power of being able to scale a scan of a single bug on all of the bug bounty programs. ...
As a bug hunter, you may need a powerful VPS to run your tools, and as a beginner, you should achieve this goal at the lowest cost. What is a VPS? VPS or (Virtual Private Server): is a machine on the cloud that you can use to run your CLI tools and commands remotely. What is GitHub CodeSpace? Based on GitHub definition: GitHub Codespaces is an instant, cloud-based development environment that uses a container to provide you with common languages, tools, and utilities for development. ...
Hunting for Blind XSS can be tricky because you should have a server that runs 24/7 and is ready to receive any payload fired on the admin’s screen. So, after a lot of research and testing, I will provide the best option you can use without paying for subscriptions. Steps Create a new account at: https://xss.report/register After that, you will need to activate the Telegram bot to receive an alert when your payload fires. ...
Intro Having your own hacking server is one of the most important investments that you can make in your bug bounty journey. You can use your server to achieve the following: Hunting bugs that require OOB (Out-Of-Band) interaction like SSRF Exploiting bugs like CORS misconfiguration that requires custom subdomains Host your exploit files like CSRF POCs, and more. Can you use any public OOB server? Yes, you can but it comes with its problems and limitations, and the biggest problem is that some firewalls and security systems will block the outgoing traffic to these public OOB servers, making you miss some important bugs. In this post, I will help set up “Interactsh Server” to use in your pentest or bug bounty hunting operations. ...