Hii all i have back with new article which helps beginner a lot .Lot of my friends facing issue to install linux .and if they able to install it then facing issues and lot of error in it . here i am mentioning some tools and tips and bug which u can find with the help of your window machine .
Recon is the most important part of bug bounty It refers to the process of collecting as much information as possible about the target system to find ways to penetrate into the system. This is an important phase and preparatory phase while performing security assessments.
Find subdomain ..
First step of bug bounty is finding subdomain of our target in linux lot of tools are present (subfinder ,sublister,finddomain…) you can use virustotal for finding subdomains and some other information about your target
Find Status code of domain
For finding of status code of domain (200 ,301,302,400,500 etc).in kali we have httpx tool .but in windows we can use https://httpstatus.io/ for that …
Reflected xss is one of the most common and high impactful bug you can find it in url and in any input field by manually . like this https://www.target.com/search?q=%22%3E%3Cimage+src%3Dx+onerror+%3Dprompt%281%29%3E
here i am enter xss payload in search bar “><image src=x onerror =prompt(1)> like this . You can use senital for burp suite for finding xss
Sentinel is the burp extension it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests.
Capture the request from burp suite
Right click — -> send to senital
select attack type xss
then send and go !!
HTML Injection also known as Cross Site Scripting. It is a security vulnerability that allows an attacker to inject HTML code into web pages that are viewed by other users. you can find it also in any input field by manually also with the help of burp suite intruder and repeater by analyse the response .
An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site. you can find it by with the help of burp collaborator client and also manually like this with the help of intruder
Tip:- Focus on http url and 301,302 status code urls .
Information disclosure, also known as information leakage, is when a website unintentionally reveals sensitive information to its users. Depending on the context, websites may leak all kinds of information to a potential attacker, including: Data about other users, such as usernames or financial information. You can find sensitive information from source code and also in js files and exploring github repo of your target .
Tip:- in files and source code search [admin , Root ,API ,Token ,user Secret this type of sensitive keywords ]
OTP bypass is about using the fake OTP verification process while visiting any application or website. OTP bypass allows users to protect their original contact details and avoid spam emails.
You can find otp bypass by brute force the otp and also manipulate the request
400 bad request — -> 20OK
access:- False — —> true
Tip:- Create two accounts first create an otp request then fill right otp and capture it .then create an other request from 2 nd account fill wrong otp then change massege with first account response like this… you can also change only token sometime this worked !!
Sometimes we found sensitive token and information from server side .you can find it in any request for more pleese read my blog on it
A Server-Side Request Forgery (SSRF) attack involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data imports from URLs or allows them to read data from URLs. You can find it with burp collborator client and also manually like this ..
GET/target.comurl=https%3A%2F%2Fsearch.gov%2Fmanual%2Faccount.html HTTP/1.1 — — ->
GET /help_docs?url=http://127.0.0.1:21/?%0Ahttps%3A%2F%2Fsearch.gov%2Fmanual%2Faccount.html HTTP/1.1 .
Tip :- Try to find it with linux :-)
No rate limit is a flaw that doesn’t limit the no of attempts one makes on a website server to extract data. It is a vulnerability which can prove to be critical when misused by attackers. REAL LIFE EXAMPLES : When you try to login to your account, after 3–4 wrong attempts, your account gets suspended for some hours. for more please read my article on it
I will be continue this series…
Follow me for more .
Note :- All photo are copied form google..