In and out of Bug bounty in 6 months, Made Over $12K

You read the title. I won’t make any more introductions and bore you for no reason. What happened? How did I do it? With no knowledge at all in bug hunting, In fact, the 6 months that I mentioned in the title are the first 6 months I spent in bug hunting. So how the hell did I do it!? And what's the Story behind it

Chapter 1: The Beginning

Years before I got into bug hunting, I used to sell Social Media Apps Tools, I sold many tools and software. Anything possible to be made, I made it. From Account Creators to Username Claimers and Everything in between.

But in order to dominate that Business, you had to make something unique and Special. In order to do that, I had to manually Extract API’s from The apps that I made tools for instead of using existing ones. Most of the other competitors were using the same API’s that are found in other tools. They were basically reselling the same Product with a Different name/brand.

That's the thing that set me apart from the competition. I have managed to create new Tools that the Market has never seen before, Just because I took the First Step.

I have spent years In a Certain App and completely understood how it works. Where to find what I want. And how to find it. Also used almost every possible Version for that App to Fully grasp its core. And not knowingly, That thing was the Best thing that I ever could’ve done

Getting back to Bug bounty related Discussion, One day while I was browsing the same App to find new API’s that I can use in my Tools, I found something weird, I have accidentally found a Vulnerability. It was a Low Risk IDOR Bug that I couldn’t make any use of. So I decided to try and make a legit Report to the Company In order for them to fix it. I did, and a couple of days later I received a response. They fixed the bug and decided to reward me with a $500 Bounty. It wasn’t that much compared to my other source of income. But I felt something That I have never experienced before. It was a weird High and Euphoria sensation. It was the First time ever that I felt something like that, It was unbelievable. Since then, My first goal when browsing an app is not to find API’s or other things to help me build new tools. It was to find new exploits that I can report. Just to chase that High, That feeling that I had. I have gone addicted to it.

Fast-forward 2 months later. I found another Bug and reported it and got $1050. Sure, the money is great, I won't lie. But That feeling. It was Priceless! The feeling before opening The Email and guessing the Bounty amount, Then Opening the email and seeing that your Report has made a Difference and you have been rewarded for it. It only made me hunger for More and more!

One last thing. The App that I was talking about was Instagram

Chapter 2: The First Mile

After the last bounty, I wanted more. More of that feeling, I spent hours and hours pentesting. And by hours I mean +12 hours Daily. Not to mention the years I spent in this app before even deciding to do Bug hunting on it. At that point, I could have literally recited most of the endpoints in the App and Where to find them. And Their parameters, Essential Headers. I was never bored looking at headers, responses for hours and hours. Until I can’t open my eyes no more

Weeks Later, my hours have paid off, I found a Huge Vulnerability. At that moment, my heart started racing, My body was pumping Adrenaline like Crazy. I raced to report the Bug. The only thing I was thinking was, What If someone has reported it before me? It would’ve destroyed all of my hard work, Time spent. I ignored everything and sent the report. Weeks later, my Report was confirmed. I was so relieved, And finally my anxiety has gone

Months after the report, I received a response. I had that feeling again, The thrill of looking at the email before opening it, Guessing the Bounty amount, The feeling was so familiar. I opened the email, and I was flabbergasted, The Bounty was more than $4000! More than 4x the last Bounty

And finally. That High came back stronger than ever. I just kept staring at the email for a few minutes, Fully indulging in that euphoria sensation, before it starts to fade away again. And there was I hungry for more

Chapter 3: The Aftermath

I kept chasing that feeling, Bounty after bounty. But something weird happened. I kept losing my hunger for more, At that point I knew I never did it for the Money. I did it to prove something, To prove to my 11 year old Self that wanted to be a “Hacker”, That I can do it. That was the source of that feeling. It wasn’t the Money amount, It was the Impact of the Bug I reported that give me that high. I tried to chase the hunger once more. The hunger used to want me. But now, for the first time, I wanted the hunger. But I couldn’t feel it anymore. My mind or perhaps my old self was fulfilled, I completed my mission, and I just needed to find a new mission for the future me to fulfill for the sake of the current me. That's how my mind works

Never tell anyone your plans, instead, show them your results.

The End

The reason I wrote this is to completly end that chapter of my life in order to move to a new one. It was a fun Chapter, May the next Chapters be more fun