Server Side Request Forgery(SSRF) #bugbounty #bugbountytips #infosec #cybersecurity
🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)
🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)
🏹Use Registered Domain Names That Resolves To 127.0.0.1
🏹Embed Credentials : https://attacker@victim.com
🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)
🏹Use DNS Subdomain Method : https://victim.com.evil.com
🏹Use Directory Method : https://attacker.com/victim.com
🏹Exploit Redirecting The Target
🏹Change The Referrer To Burp Collaborator [Blind Exploit)
🏹Use IPv6 addresses instead of IPv4
🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://
🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)
🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)
🏹Use Registered Domain Names That Resolves To 127.0.0.1
🏹Embed Credentials : https://attacker@victim.com
🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)
🏹Use DNS Subdomain Method : https://victim.com.evil.com
🏹Use Directory Method : https://attacker.com/victim.com
🏹Exploit Redirecting The Target
🏹Change The Referrer To Burp Collaborator [Blind Exploit)
🏹Use IPv6 addresses instead of IPv4
🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://
👍7
Find Subdomain from VirusTotal🔥
Bash One-liner 🌵#bugbountytips #infosec #bugbounty
curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
Bash One-liner 🌵#bugbountytips #infosec #bugbounty
curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
👍2
Web Application Security Mindmap🌱🔥
Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1
#bugbounty #bugbountytips #infosec
Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1
#bugbounty #bugbountytips #infosec
👍3
👍3
Categorized Web Application Testing🔥🤩
Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-M92gvt7GZ7vaA44ecsQ%2F-M92pwKmnNGTNqUWA0Fd%2Fy7ipicwvp5d41%5B1%5D.png?alt=media&token=155127c6-f54c-464d-9b78-ed90f7070e03
#bugbounty #infosec #cybersecurity
Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-M92gvt7GZ7vaA44ecsQ%2F-M92pwKmnNGTNqUWA0Fd%2Fy7ipicwvp5d41%5B1%5D.png?alt=media&token=155127c6-f54c-464d-9b78-ed90f7070e03
#bugbounty #infosec #cybersecurity
❤2👍1
🔥🌵😲8000+ Xss Payloads🌵😲🔥
#bugbounty #infosec
Git ripo : https://github.com/Aacle/xss_payload
#bugbounty #infosec
#bugbounty #infosec
Git ripo : https://github.com/Aacle/xss_payload
#bugbounty #infosec
👌3🔥1
Web Cache Poisoning🌱🌵🔥
#bugbounty #infosec
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
Where to find 🧵(1/n) :👇 Complete Thread
https://twitter.com/Aacle_/status/1588199064780537856?s=20&t=G9tW-LmTpkn9SteflrprpQ
#bugbounty #infosec
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
Where to find 🧵(1/n) :👇 Complete Thread
https://twitter.com/Aacle_/status/1588199064780537856?s=20&t=G9tW-LmTpkn9SteflrprpQ
👍6
secondary context fuzzing: 🌵#bugbounty #infosec
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
👍3
Guidance for beginners in bug bounty🌱🌵
by @LucianNitescu
Link:
https://drive.google.com/file/d/1CmhAL3XxHYfFMaRGaL7ooJ5gkQ_lg5XO/view
#bugbounty #infosec #hacking
by @LucianNitescu
Link:
https://drive.google.com/file/d/1CmhAL3XxHYfFMaRGaL7ooJ5gkQ_lg5XO/view
#bugbounty #infosec #hacking
👍9🔥2
Introducing 20 web-application hacking tools🔥🤩🌵
1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
17. XSS Hunter - Blind XSS discovery.
18. Aquatone - HTTP based recon.
19. LinkFinder - Endpoint discovery through JS files.
20. JS-Scan - Endpoint discovery through JS files.
#bugbounty #bugbountytips #cybersecurity
1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
17. XSS Hunter - Blind XSS discovery.
18. Aquatone - HTTP based recon.
19. LinkFinder - Endpoint discovery through JS files.
20. JS-Scan - Endpoint discovery through JS files.
#bugbounty #bugbountytips #cybersecurity
❤7👍5🌚1
This book is very helpful Beginner and Intermediate lvl bug bounty hunters
🥰3👍2🔥2
8-hour-long BurpSuite Focused Course for FREE. 👇
Don't miss it.
Will expire soon
#bugbountytips
#bugbounty
#infosec
#Pentesting
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=HACKITGUYS
Don't miss it.
Will expire soon
#bugbountytips
#bugbounty
#infosec
#Pentesting
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=HACKITGUYS
❤4
Web Application Penetration Testing Checklist
by
@e11i0t_4lders0n
https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6
#bugbounty #infosec #hacking
by
@e11i0t_4lders0n
https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6
#bugbounty #infosec #hacking
👍5🔥5👎3🤬1