.png)
8 months ago
51 BOOK THIS SPACE FOR AD
ARTICLE AD
I’ve spent a lot of times to find some first bugs even without rewarding. It’s needed to get some experience and invitation to private programs as well. I think the best option to start is searching Open Redirect vulnerability. To get possible URLs with open redirects, I execute waybackurls tool.
waybackurls example.com > waybackUrlsResult.txtAnalyze result of this command could be manual or automatic.
Manual. Just find in list of URLs something with:
redirect_to=https://google.com(or some another URL, but better not the same like “example.com”)nextURI=https://google.comurl=https://google.comReturnUrl=https://google.comAutomation.
cat domains.txt | waybackurls > waybackUrlsResult.txtcat waybackUrlsResult.txt | grep "=" | qsreplace https://evil.com > urls.txt
cat urls.txt|httpx -fr > possibleOpenRedirect.txt
Analyze file possibleOpenRedirect.txt and find https://evil.com inside […]
Bengali (Bangladesh) · 
English (United States) ·