Bug_Bounty_Methodology

bugbounty hacking pentesting

• SQL_Injection -- About injecting SQL.
• Eyewitness -- The tool to grab website screenshots.
• WebGoat -- Notes on WebGoat.
• git - everybodies friendly repo

From the site: "Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser's developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable."

Quote from this article:

https://craighays.com/bug-bounty-hunting-tips-4-develop-a-process-and-follow-it/

"To ensure you operate effectively, define how much time you’re willing to spend on each of the stages from 1 to 5. Stage 4 is the most interesting and the stage we’re always the keenest to get stuck in to but stages 1-3 are where we actually find the bugs. Unless we know what we’re testing we can’t test it effectively. Generic vulnerabilities from automated testing tools will almost always be detected by either the developers or someone else before you get to it. You’ll make the most money by targeting the areas that nobody else is thinking of. This is why your research phases are so important. If you want to find new bugs you must do new things."

Important questions:

What are they running? Have you read about that?, if not do.

• 4.2.1 Testing for Web Server fingerpint (OWASP-IG-004)
  • Module: recon/hosts/enum/http/api/builtwith
• 4.2.2 Review Webserver Metafiles (OWASP-IG-001)
  • Module: discovery/info_disclosure/http/interesting_files NB: ^ not a passive test, downloads files, robots.txt, etc..
• 4.2.5 Identify application entry points (OWASP-IG-003)
  • Module: xssed NB: ^ this maps out end-points that should be investigated.

AND:

• 4.4.2 Testing for User Enumeration and Guessable User Account (OWASP-AT-002)