Bug Bounty For Beginners 2024.

The fundamental goal of bug bounty programs is clear, to proactively discover and rectify potential security flaws before they can be exploited by malicious actors.

That said, As the headline above states that “ For Beginners ” so as a Beginner as we are right now, we shall start slowly by learning a free enumeration tool known as Zed Attack Proxy ( zaproxy )!

What is Zaproxy ?

Good Question; Zaproxy is a robust security enumeration tool just like Burpsuite. The difference is that Zaproxy has no hidden payments or premium subscription yet this bad boy works even more than or let us say that Zaproxy has more functionality than Burpsuite BUT hey, i do not hate Burpsuite or anything like that am just saying that if someone is hotter than you, we have to shout out to that particular specimen.

But, If you are venturing into Bug Bounty marathons it is better to start out with a tool that has no limitation to it’s resources so we are going to be looking at Zaproxy over Burpsuite after that you will personally see why Zaproxy is a good tool to start out with as a beginner to Bug Bounty Programs.

Download and install Zaproxy Here: https://www.zaproxy.org/download/

Let’s start:

2. Performing an automated scan:

The automated scan performs both passive and automated scans to build a sitemap and detect vulnerabilities.

Here, you are tasked to use either traditional or “ ajax “ spider

Traditional is “ passive “ and enumerates links and directories of a website without “ Brute-Forcing “ this is quiet(passive) BUT not as comprehensive as it would have been with brute-force.

On the other hand, Ajax spider is an add-on that integrates a crawler in ZAP. These are known as Ajax rich sites “ CrawlJax “

Ajax Spider using a web browser and proxy and can be integrated with traditional spider for better results.

To install Ajax Spider, we shall need HTMLUnit, let’s install this with:

sudo apt install libjenkins-htmlunit-core-js-java

Note: i really had a problem install the above modules so to make it easier for you:

install:

sudo apt install libjenkins-api-perl

sudo apt install libjenkins-trilead-ssh2-java

sudo aptitude install libjenkins-json-java

if all is well, then from Use ajax spider select the htmlunit from the dropdown…

Here, you should be ready for some bug bounty marathons as zap is now ready to scan the host but remember to be ethical and follow the right guidelines to bug bounty programs!

Start the attack by clicking on the:

Notice how it is giving us every information we need for vulnerability analysis i mean bug bounty !

The thing is, you will need a lot of power and bandwidth so i suggest you select the right processor for faster bountys and specific wi-fi cards if may be your connected to the host environment or port forwarding ….

From your perspective as a bug bounty hunter, On the left you can see juicy alerts these are what we are looking for at the moment as beginners with bug bounty programs so working around zap and advancing your zap techniques is really something you might not learn anywhere.

In this next charpter, we are looking at setting zap for manual scanning

First, we need to set up a proxy between the browser and zap.

Go to Tools, Options then select Local proxies Go to new screen(Local servers/Proxies).

Change the Address to 127.0.0.1

Now, let’s add zap certificates:

select Dynamic SSL Certificates then save the Root CA Certificate.

Now, go to your preferred browser of choice and add the saved certificate.

Press OK and all shall be well….

Setting up the firefox proxy as well go to settings then search for proxy then settings here configure http proxy and the socks host with 127.0.0.1:

In my next write we shall bruteforce using zap and look at zap extensions…

Thank you!