Poker site

Hi , I find xss bug on poker site , I messaged to admin for bounty but they not answered me , my question is how I get bounty from they!

https://redd.it/1ctqher
@r_bugbounty

apple payment process

Hello guys , i won bug bounty from apple and thanks you guys for answering each every quection i asked from this sub reddit.

i dont have a paid developer account and i asked for a one time user code from apple for sign up at developer.apple.com/programms/offer-code/claim

i would like to know after receiving a offer code , how i continue ? where to add payment details ? i dont have any idea about this

https://redd.it/1cttlks
@r_bugbounty

Automating Bug Bounties? Check Out This Advanced Crawler

While automating bug bounties having a robust crawler is crucial. It needs to handle authentication, efficiently crawl SPAs, proxy requests, fill forms, upload files that the server accepts, and manage slow websites.

Finding a crawler that ticks all these boxes is tough, so I decided to build one myself. Introducing Sasori! 🕷️

Give it a try and let me know if you have any feature requests or feedback! 🥂

https://i.redd.it/trlkvkddby0d1.gif



https://redd.it/1cu0m80
@r_bugbounty

Best Practice BBH Setup

TLdR; What Os/Environment Setup do you use for BBH for feeling safe?

Hi,
I just got going on hackerone and I was wondering if there is a best practice for setting up your hacking environment. I am asking this mainly because of safety concerns. Up to now I am using a Kali Linux VM which is set up with all my tools and I reset it back to a snapshot after every use for maximum safety. But I have to say I am starting to get annoyed because its quite slow and that makes it less fun for me.

What is your environment? Are you just hacking on your main system, OS?

What am I scared of?
Well, I'm still a beginner, so I don't really know. But if you're doing programs, are you not potentially exposing your IP address to A. the company and B. to other hackers doing the same program? This could make you a target, right? Please correct me if this is a stupid thought.

Thanks in advance for the answers :). If this question has been already asked feel free to redirect me.


https://redd.it/1cu39lo
@r_bugbounty

any burp suite good extensions?

i am looking for some burp suite pro or normal extensions any suggestions

https://redd.it/1cugsqh
@r_bugbounty

any csp bypass programs besides github?

Github pays for CSP bypasses without needing to provide an actual injection. Does any other program have scope that covers this?

https://redd.it/1cum5nt
@r_bugbounty

Starting out as a beginner. Automate or Not to automate?

Basically what the title says. As a beginner, should I use automation tools to cover the scope, or should I manually do over things?

https://redd.it/1cuqadw
@r_bugbounty

I just released a $500 PoC on SQL injection (error handling) and PHP Information Disclosure. Hope this helps you guys for a better understanding intermediate techniques and tools being used. ❤️
https://youtu.be/lTgwArCRs-k?si=ZHxOE12rto6Y2oam

https://redd.it/1cuxgb8
@r_bugbounty

Feedback Needed for Automated Bug Bounty Target Detection Platform

Hi Guys,

My name is Daniel, and I started doing offsec stuff 4-5 years ago. I always thought bug bounty hunting was a very interesting topic, so I did some as a side hustle. My biggest pain point was always time efficiency; I "wasted" a lot of time on targets until I found something interesting.

Earlier this year, I started developing some automations and quickly had more vulnerabilities on my hands than I could report without sending spammy emails. Therefore, I converted my idea into a project that others can use too. I have now reached a state where I think my side project could be ready for its first users.

I kindly ask you guys to try my website and give me feedback if it lacks any features or if there are other roadblocks or problems with it. My goal is for the website to grow over time with even more detections and, maybe in the end, generate some money through a premium access subscription.

The website is: https://cerast-intelligence.com/

Please leave a comment with feedback or DM me.

Thanks a lot, and maybe I can make your entry or routine in bug bounty hunting a little bit easier :D

https://redd.it/1cuxff5
@r_bugbounty

How much does a professional web app pentester make per hour?



https://redd.it/1cv2i8t
@r_bugbounty

What is this XML file for?

I was doing a simple googling of the domain and I found this file on the internet there is no file path but the subdomain just has a misc.domain.com does this look like anything worth looking into can anyone point me into the right direction?


image

https://redd.it/1cv46nv
@r_bugbounty

Android application testing

Hello, I recently started learning about android pentesting, I learnt about ssl pinning bypass using frida and objection and tried doing it in a real live application, it was a ride booking application (not Uber) I managed to bypass the ssl pinning and was able to intercept the traffic easily but when I opened the application again with the objection command the application asked for location permission even though it was enabled, it was not able to intercept the traffic after that . Then I normally opened the application without the proxy and objection and the app worked fine. I'm confused how's that happening?

https://preview.redd.it/cludxeuga81d1.png?width=839&format=png&auto=webp&s=3d112fd7fcb6964883cc3409a40ea0f8d99be155




https://redd.it/1cv3uq8
@r_bugbounty

Do you listen to music while hunting?

If so whats your playlist?

https://redd.it/1cv87lm
@r_bugbounty

WAF's

Im somewhat new to bug bounty's and have never really looked for firewalls or anything. And I am just curious for bug bounty's if I continue to try and break through the firewall or I stop. I have an index.php and many other php and js files that blocked by firewalls. Do I continue to try and break through is that enough for a vulerability??

https://redd.it/1cvaeix
@r_bugbounty

Need someone to send a report for me in HackerOne (bounty split 50/50)



Hi,

I need someone with an invitation to a specific program on HackerOne (I'll share the program name in a private message) to submit a report for me. The report involves a Remote Code Execution (RCE) vulnerability.

I was actively hunting in this program back in 2020, but I was removed for not following the rules (I changed a real customer's password as part of a proof of concept).

I'm willing to split the bounty 50/50. I believe critical reports for this program are paid around $4000.

While going through my old files, I found an RCE in one of the program's URLs, but I no longer have a way to submit it to the company via HackerOne.

Thank you.

https://redd.it/1cvltke
@r_bugbounty

What platforms do yall focus on nowadays?

I hunted on Synack for two years, where I gained the most knowledge ever (even more that the OSCP in my opinion which was my introduction to Cybersecurity. I probably found about 40-50 bugs in the two years and earned approximately 20k.

After Synack, I found a job as a Security Consultant which I've been doing for nearly two and a half years. As a result, I haven't had the time to do much bug bounty. When I do try on Synack nowadays, it's much much harder to find any bugs at all.

So I am wondering where you guys/girls are having the most success. I've been told by my friend who is a beast and gets 10-15k bugs regularly from those companies, to just focus on Microsoft, Apple & Google.

If you'd like, let me know what you've been focusing on and how it's been going for you as well as your journey in Cybersecurity.

Many thanks & feel free to ask me any questions, I'm always happy to help, because if no one ever helped me, I wouldn't be anywhere remotely near to where I am now.

https://redd.it/1cvlop6
@r_bugbounty

(vdp not bug bounty) Can a platform really depend you not share the vulnerability?

TITLE EDIT: (VDP not bug bounty) Can a platform really demand you not share a vulnerability?

I was looking into a vdp and they say to not mention the vulnerability online, blog, etc.

I think they mean temporary until its fixed, do you think its best to straight up wait or to give an ultimatum? For example 30 days, 90 days, etc

I've heard a sign of a good security researcher is to be able to negotiate being able to talk about your bugs

https://redd.it/1cwaryf
@r_bugbounty

Bug Bounty is Scam

Recently I found vulnerability in Regulated Firm which is 4 year Old company. The company is Based in India. I was able to dump 4 Lakhs / 400k KYC Documents like Pan Card, Aadhar Card, Company Documents,etc. by Changing the Document Attachment ID. However the company appreciated me and they offered me 3-6 months internship along with after the graduation Full Time offer. So, the thing is the vulnerability which I reported got reward as 15,000₹ (180$) which I beleive is totally low I'm very disappointed. What should I do? Should I argue with them and tell them to increase or just let it go and take internship offer laterby? As I just told them that currently I'm learning and will be doing internship with them in upcoming 5-6 months it's not confirmed yet. Please suggest me.

https://redd.it/1cwhxr4
@r_bugbounty

Blackhat Conference

I am looking for some feedback on the trainings provided at Blackhat conference: https://www.blackhat.com/us-24/training/schedule/

Are these good for someone with a web programming background looking to switch careers? Any thoughts?

https://redd.it/1cwgtxp
@r_bugbounty

New to bug bounty hunting and nervous

I've been studying cybersecurity and bug bounty the last year and have finally decided to jump in just to see how and where it goes.

I don't have any expectations and have spent loads of time seeing people getting discouraged but I'm not in a rush and am just psyched to start.

HOWEVER! I also feel extremely nervous of doing something wrong and having the feds at my door. I know that's why you make sure you're 100% clear on what's in scope and out of scope-and I read, reread and reread again to make sure I do-but still feel on edge. I don't feel like certain things are always clear. Obviously things like DoS attacks or anything that damages or disrupts their business isn't allowed and I keep in mind that we're supposed to approach it in an ethical way.

I've tried a few that don't have any requirements for changing your header or user-agent (I did it anyway just because I figured it would be good to show that I'm a legit researcher and not a malicious threat actor) but in this case, what's the protocol for that?

I also have burp setup with the configuration file for what's in and out of scope and set for dropping requests made for out of scope domains but when you get deeper into a web app, is it possible to unintentionally go out of scope?

I'm not new to computers or IT stuff and have been using them most of my life (28+ years)

Basically I'm just paranoid and looking for some clarification that I haven't been able to find anywhere yet.

Thanks in advance!

https://redd.it/1cwpbfr
@r_bugbounty