Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 13 to 20 of March.
Our favorite 5 hacking items
1. Tutorials of the week
– Absolute Bruteforce with Selenium– A secret note to Bug hunters about URL structure and its parsers
The first article shows how to bruteforce an OTP when your target is using Web Sockets with encryption. In this scenario, traditional bruteforce with Burp Intruder is not possible so @MilindPurswani uses Selenium instead. I don’t think this is a scenario you will often encounter but if you do, this might be of great help.
The second tutorial is an introduction to URL structure. Understanding these basics helps understand how differences in URL parsers can cause serious vulnerabilities.
2. Writeup of the week
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
In this writeup, @honoki shows how he leveraged a low impact HTTP request smuggling vulnerability to bypass a firewall and fully exploit an XXE found in a file upload functionality.Each bug taken separately had limited impact: the request smuggling bug only affected port 80, so only HTTP requests could be poisoned. The XXE could be exploited to exfiltrate data via DNS, but it was non-sensitive data. And HTTP requests were blocked by the firewall, except for a few whitelisted domains.By finding a domain that was both whitelisted and vulnerable to HTTP request smuggling, it was possible to chain the two bugs and exfiltrate sensitive data .
3. Podcast of the week
The Bug Bounty Podcast – Episode #3 ft. NahamSec
Yes, it is back! One of my favorite podcasts, with @Regala_ interviewing @NahamSec. They discuss many topics like @NahamSec’s motivation for streaming, why he finds it harder to do bug bounty as someone who works for a bug bounty platform, how he makes most of his money, mass recon, doing deep work, the power of long term collaboration, etc.This episode is an excellent way to spend one hour and a half!
4. Tool of the week
Remember Scope Monitor, the Burp extension for keeping track of tested endpoints? His author, @Regala_, discontinued it and started using Progress Tracker by @dariusztytko instead.This new extension offers interesting functionality. You can capture requests, exclude specific extensions and status codes, associate each request with tags and one of 6 different statuses (Ignored, Done, In progress…), etc.
5. Video of the week
@infosec_rohk Talks About Hacking Uber, Working at Synack, and His 120 Reports in 120 Challenge
Great interview of @rohk_infosec. He talks about how he accidentally got into bug bounty, how he taught himself hacking, how he chooses which bugs to focus on, his experience from Computer Science student to bug hunter, to triager, to senior application security engineer, the top 3 things he wished he knew when he started out, and much more.
I loved hearing about the 4 months bug hunting challenge (120 bugs reported in 120 days) he did while having a full-time job, and more importantly the steps he took to deal with stress and burnout despite a crazy schedule.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
- Dangerzone & Introduction: Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF
- Catffuf: Alias and function for ffuf to get a cooler output
More tools, if you have time
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
Remote work resources
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 03/13/2020 to 03/20/2020.