Bug Bounty Tips
Over the past years we have shared a lot of tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in finding that one juicy bug!
We dove deep into our archives and made a list out of all the Bug Bounty tips we posted up untill this point. Here is a summary.
Index
Recon
The way you perform your reconnaissance is what differentiates you from other hackers. Here are some tips to step up your recon game!
Copyright Footer
Company Owned Domains
Company Resources
Webinars
OpenSSL for Recon
Deleted Accounts Recon
Premium Features
E-mail Template Injection
RTFM
Rails Application Testing
API Endpoints Recon
Tools
There are lots and lots of security tools out there, these are the ones we tried throughout the years. The might me worth your time looking into!
Objection
EyeWitness
Apktool
FileChangeMonitor
Exiftool
Cloud_Enum
Security_Trails
Payloads
Sometimes you feel like you are close to finding something but you are not quite there yet. It could be a matter of executing the right payload in the right place. The next example might help you in the right direction.
XSS in Parameter Names
Youtube XSS
XSS with htmlentities()
Hidden GET and POST Parameters
Payloads in E-mail Address
X-Forwarded-For Headers
Long String Parameters
Hidden Wildcarts
Fuzz Non-Printable Characters
JSONp Callback
XSS in API
XSS in MathJax or KaTeX
Authentication & Authorization
Many problems reside in the authentication and authorization process. These vulnerabilities cause huge security risks for company’s so your reports wil gladly be received. With these tips you will be sure to find more of them.
UUID IDOR Trick
Username Takeover
Swapping Tokens
Leaked Slack Tokens
Facebook Account Takeover Vulnerabilities
Hidden OAuth Providers
Change Request Method
JWT Account Takeover
Extract AWS S3 Bucket Name
Support Subdomain Takeover
Bypasses
You find yourself getting stuck against some type of wall while hunting? No worries! The next tips might help you get past them.
Bypass JWT Signature
403 Forbidden Bypass
Bypass Paywalls
Bypass Firewalls
Send Back Responses
From False to True
Business Logic
Tired of getting only low or medium bounties? Then you need to hit where it really hurts. Try thinking in the company’s perspective and what is important for them. You will get more money for your work!