Problems with paramspider
You're probably familiar with paramspider (https://github.com/devanshbatham/ParamSpider). I've always used it and it worked fine, untile yesterday. I don't know why, now it requires much much more time to work, and sometimes it just doesn't. Have you been experiencing the same issue or is it just me?
https://redd.it/1dcljxh
@r_bugbounty
You're probably familiar with paramspider (https://github.com/devanshbatham/ParamSpider). I've always used it and it worked fine, untile yesterday. I don't know why, now it requires much much more time to work, and sometimes it just doesn't. Have you been experiencing the same issue or is it just me?
https://redd.it/1dcljxh
@r_bugbounty
GitHub
GitHub - devanshbatham/ParamSpider: Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing - GitHub - devanshbatham/ParamSpider: Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/f...
Bug hunting with just a phone?
Long story short, I seldom have a computer available at hand, for various reasons. But I do often have my Android available. So, because I'm a masochist, I'm curious how much I could do with this alone.
I don't need any automated tools, I barely use them anyway. Really all I actually need is a way to see the browser's HTTP requests, and a way to send new ones. That's pretty much the extent of my knowledge on desktop anyway, and I refuse to use automated tools which I couldn't explain what they're doing. However, I'm curious if there Are any other tools on mobile.
I know something like Kali NetHunter exists, but I don't want to reinstall my whole OS, just use apps on the existing one. Also, this is more an experiment or a supplement than anything else, so it's not terribly essential. I'd just like to know what's possible.
https://redd.it/1dcy2ha
@r_bugbounty
Long story short, I seldom have a computer available at hand, for various reasons. But I do often have my Android available. So, because I'm a masochist, I'm curious how much I could do with this alone.
I don't need any automated tools, I barely use them anyway. Really all I actually need is a way to see the browser's HTTP requests, and a way to send new ones. That's pretty much the extent of my knowledge on desktop anyway, and I refuse to use automated tools which I couldn't explain what they're doing. However, I'm curious if there Are any other tools on mobile.
I know something like Kali NetHunter exists, but I don't want to reinstall my whole OS, just use apps on the existing one. Also, this is more an experiment or a supplement than anything else, so it's not terribly essential. I'd just like to know what's possible.
https://redd.it/1dcy2ha
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Source code review
Hi Pentesters , I need resources for learn source code review.
Thanks
https://redd.it/1dcm0kw
@r_bugbounty
Hi Pentesters , I need resources for learn source code review.
Thanks
https://redd.it/1dcm0kw
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
What bug should I focus on when starting out?
Hey everybody, I've been taking steps to learning bug bounty the past couple weeks and have been going through a lot of portswigger labs such as XSS, Access Control, CSRF etc... and I've been having trouble deciding what bug I should really learn the ins and outs of first. Any advice?
https://redd.it/1dcfzo9
@r_bugbounty
Hey everybody, I've been taking steps to learning bug bounty the past couple weeks and have been going through a lot of portswigger labs such as XSS, Access Control, CSRF etc... and I've been having trouble deciding what bug I should really learn the ins and outs of first. Any advice?
https://redd.it/1dcfzo9
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
help with taint flow vulns and dom xss
i am looking for taint flow and dom xss vulnerabilities. i have written a chrome extension to fingerprint sources and sinks. the thing is that i am taking into consideration all of the js files, but most of them are modules and third party dependencies. is there an easy way to programmatically differentiate this from custom application code? is because even in the custom webpack bundles i imagine there will be a lot of third party modules.
https://redd.it/1dbw9if
@r_bugbounty
i am looking for taint flow and dom xss vulnerabilities. i have written a chrome extension to fingerprint sources and sinks. the thing is that i am taking into consideration all of the js files, but most of them are modules and third party dependencies. is there an easy way to programmatically differentiate this from custom application code? is because even in the custom webpack bundles i imagine there will be a lot of third party modules.
https://redd.it/1dbw9if
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Exploitation Of Blind Reflected XSS
In my head, this shouldn't be possible and I should just move on, but I have a site with an extremely outdated contact form 7 WP plugin.
The older version has an xss for the wp-admin page, obviously inaccessible to me. I can't directly prove any impact, so I'm certain on not reporting at this point in time, but is there a way I can?
PoC of contact form attack:
https://wpscan.com/vulnerability/1c070a2c-2ab0-43bf-b10b-6575709918bc/
https://redd.it/1dbunyq
@r_bugbounty
In my head, this shouldn't be possible and I should just move on, but I have a site with an extremely outdated contact form 7 WP plugin.
The older version has an xss for the wp-admin page, obviously inaccessible to me. I can't directly prove any impact, so I'm certain on not reporting at this point in time, but is there a way I can?
PoC of contact form attack:
https://wpscan.com/vulnerability/1c070a2c-2ab0-43bf-b10b-6575709918bc/
https://redd.it/1dbunyq
@r_bugbounty
WPScan
Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting
See details on Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting CVE 2024-2242. View the latest Plugin Vulnerabilities on WPScan.
Returning after 6+ years
Hello all
First sorry for english
What do you guys use to enumerate to much have changed crimeflare it dosent work censys used to be free but now its 250 searches on month sublist3r dosent work etc etc.
For bug bounty its not a full or part time job for me ( dreams get fwked up kids family job etc) i will spend my free time maybe 1 hour a week or 30 hours a week idk
Its been to long since for me it was nearly a full time job
https://redd.it/1dbbkrm
@r_bugbounty
Hello all
First sorry for english
What do you guys use to enumerate to much have changed crimeflare it dosent work censys used to be free but now its 250 searches on month sublist3r dosent work etc etc.
For bug bounty its not a full or part time job for me ( dreams get fwked up kids family job etc) i will spend my free time maybe 1 hour a week or 30 hours a week idk
Its been to long since for me it was nearly a full time job
https://redd.it/1dbbkrm
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Bug bounty help
I submitted a bug report to HackerOne's program 20-25 days ago and have not received any response from the concerned team. Despite sending multiple follow-up emails, I only received a response 12 days ago. In their reply, they stated that they had other priorities and could not address my report promptly. I was surprised by this dismissive response, especially considering that if a hacker exploits this bug, they could potentially dump 300TB of data.
https://redd.it/1dbmijt
@r_bugbounty
I submitted a bug report to HackerOne's program 20-25 days ago and have not received any response from the concerned team. Despite sending multiple follow-up emails, I only received a response 12 days ago. In their reply, they stated that they had other priorities and could not address my report promptly. I was surprised by this dismissive response, especially considering that if a hacker exploits this bug, they could potentially dump 300TB of data.
https://redd.it/1dbmijt
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Very overwhelmed, looking for a more linear way to learn
Pretty much what the title says. I would like to learn about web vulnerabilities and general exploits with the goal of eventually being able to get paid for finding bugs in real targets. That being said I am extremely overwhelmed, information overload if you will.
If someone knows of a website course that teaches me from the ground up that would be the best for me that would be well appreciated.
I'll be active in the comments so don't hesitate to ask me questions.
https://redd.it/1ddaods
@r_bugbounty
Pretty much what the title says. I would like to learn about web vulnerabilities and general exploits with the goal of eventually being able to get paid for finding bugs in real targets. That being said I am extremely overwhelmed, information overload if you will.
If someone knows of a website course that teaches me from the ground up that would be the best for me that would be well appreciated.
I'll be active in the comments so don't hesitate to ask me questions.
https://redd.it/1ddaods
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Need guidance for mobile app penetration.
Hello hunters, I hope your recent reported bug is gonna triaged. I am into web app bug bounty from last 1 year. After doing some research I found that rather than just going with web apps, why not to try mobile app penetration testing also. However, I am not able to find a proper way to learn it. I tried to find videos of eMAPT (INE Course) on internet, but didn’t find it. If you guys have any YouTube playlists then please feel free to send me a dm.
https://redd.it/1ddhasa
@r_bugbounty
Hello hunters, I hope your recent reported bug is gonna triaged. I am into web app bug bounty from last 1 year. After doing some research I found that rather than just going with web apps, why not to try mobile app penetration testing also. However, I am not able to find a proper way to learn it. I tried to find videos of eMAPT (INE Course) on internet, but didn’t find it. If you guys have any YouTube playlists then please feel free to send me a dm.
https://redd.it/1ddhasa
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Blog Post Questions
Hey hunters!
I'm looking to start a blog to document my learning journey from PortSwigger Academy and general Web Application Security Testing. The only free option I've found so far is WordPress.
When applying for jobs, I often see the question "Do you have an online presence?" Is this something I should have?
Please share your thoughts and experiences:
* What blog sites do you use and recommend?
* Any other great, free blog platforms out there?
* What other learning platforms do you find useful?
* How has learning from PortSwigger or other sites improved your bug bounty hunting skills?
* How valuable do you think having an online presence is?
Looking forward to your comments and suggestions!
https://redd.it/1ddjmhs
@r_bugbounty
Hey hunters!
I'm looking to start a blog to document my learning journey from PortSwigger Academy and general Web Application Security Testing. The only free option I've found so far is WordPress.
When applying for jobs, I often see the question "Do you have an online presence?" Is this something I should have?
Please share your thoughts and experiences:
* What blog sites do you use and recommend?
* Any other great, free blog platforms out there?
* What other learning platforms do you find useful?
* How has learning from PortSwigger or other sites improved your bug bounty hunting skills?
* How valuable do you think having an online presence is?
Looking forward to your comments and suggestions!
https://redd.it/1ddjmhs
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
What kind of bug is this?
I had my window cracked and a light nearby and there was a plethora of them flocking to my window.
Are they devils spawns? Am I in hell? Or is it karma?
SOS.
https://redd.it/1de1j1t
@r_bugbounty
I had my window cracked and a light nearby and there was a plethora of them flocking to my window.
Are they devils spawns? Am I in hell? Or is it karma?
SOS.
https://redd.it/1de1j1t
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Too much competition in web bug bounty... Looking into mobile security kinda liked it any suggestion to get better?
https://redd.it/1deciu1
@r_bugbounty
https://redd.it/1deciu1
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
This is how you can easily find serious credentials on .env such as AWS, Paypal, Stripe, MySql and Redis login details with Github Mass Hunt Automation? Many companies are still vulnerable too this! Hope you guys enjoy the PoC.
https://youtu.be/EInD1VE_c7o?si=k7A11lPqD5HtwrgG
https://redd.it/1dejwjw
@r_bugbounty
https://youtu.be/EInD1VE_c7o?si=k7A11lPqD5HtwrgG
https://redd.it/1dejwjw
@r_bugbounty
YouTube
Mass Github Hunting Automation leads to All Credentials Exposure | Bug Bounty PoC Worth $5,000
This is a bug bounty PoC where I am mass hunting for creds on github (.env) left open to the public with automation. This includes AWS, Paypal, PayTM, Mail access, MySql, Redis, Stripe, etc. Then you can see the techniques on how I try validating these. Tools…
dom xss and taint flow methodology
i have been working for a while with fingerprinting common sinks and sources in client side js files, and following the flow for the ones i might think risky. other than doing this what would you suggest when looking for this vulnerabilities?
https://redd.it/1df34va
@r_bugbounty
i have been working for a while with fingerprinting common sinks and sources in client side js files, and following the flow for the ones i might think risky. other than doing this what would you suggest when looking for this vulnerabilities?
https://redd.it/1df34va
@r_bugbounty
Help needed to setup openvpn routing
Hi everyone,
I'm currently working on a bug bounty project and need some assistance with intercepting mobile application traffic using Burp Suite. Some of the applications I'm targeting are proxy unaware, so I can't use a standard proxy setup to capture the traffic.
Here's my setup so far:
I have an OpenVPN server and a Burp Suite server running on AWS.
I successfully set up OpenVPN and can connect to it from my mobile device.
I have added the Burp TLS certificate at the system level on my device.
However, I'm running into an issue with forwarding HTTPS traffic from the OpenVPN server to my Burp Suite instance on Windows.
Despite setting up a prerouting rule on the OpenVPN instance and adjusting the security group to allow traffic between the two servers, the HTTPS traffic still isn't reaching my Burp instance.
Has anyone here encountered a similar issue or have any advice on how to resolve this? Any help would be appreciated
https://redd.it/1dgcezi
@r_bugbounty
Hi everyone,
I'm currently working on a bug bounty project and need some assistance with intercepting mobile application traffic using Burp Suite. Some of the applications I'm targeting are proxy unaware, so I can't use a standard proxy setup to capture the traffic.
Here's my setup so far:
I have an OpenVPN server and a Burp Suite server running on AWS.
I successfully set up OpenVPN and can connect to it from my mobile device.
I have added the Burp TLS certificate at the system level on my device.
However, I'm running into an issue with forwarding HTTPS traffic from the OpenVPN server to my Burp Suite instance on Windows.
Despite setting up a prerouting rule on the OpenVPN instance and adjusting the security group to allow traffic between the two servers, the HTTPS traffic still isn't reaching my Burp instance.
Has anyone here encountered a similar issue or have any advice on how to resolve this? Any help would be appreciated
https://redd.it/1dgcezi
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Looking to Split Hack The Box Academy Subscription Cost
I'm eager to dive into Hack The Box Academy, but the subscription cost is currently out of my budget. I'm looking for like-minded individuals who might be interested in splitting the cost and learning together. I'm also planning to commit to a 60-day challenge to maximize our learning and progress.
If you're interested in sharing the subscription cost, participating in a 60-day challenge, and collaborating on the labs please comment below or send me a message.
https://redd.it/1dgdxyo
@r_bugbounty
I'm eager to dive into Hack The Box Academy, but the subscription cost is currently out of my budget. I'm looking for like-minded individuals who might be interested in splitting the cost and learning together. I'm also planning to commit to a 60-day challenge to maximize our learning and progress.
If you're interested in sharing the subscription cost, participating in a 60-day challenge, and collaborating on the labs please comment below or send me a message.
https://redd.it/1dgdxyo
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community