Mass Blind Server-Side Testing Setup For Bug Bounty

9 months ago 128
BOOK THIS SPACE FOR AD
ARTICLE AD

Ott3rly

InfoSec Write-ups

Vulnerabilities that take place behind the scenes of an application’s operation are known as Out-Of-Bound (OOB) issues. It is a kind of vulnerability that does affect the server, but you cannot see the outcome unless you send the data to another server. Usually, it is critical or high-severity findings, that could lead to large bounties! There are some cases when you want to have your server to test for those vulnerabilities. For example — the target website could have certain security in place, to block known servers like app.interactsh.com or Burp Suite’s collaborator. In this article, we will discover how it’s possible to build your own OOB server. It is a must-have thing to do if you want to stand out in the bug bounty scene!

There are multiple vulnerability classes which could be used for OOB testing:

SQL Injection (SQLi) — the attacker triggers a database query that sends results to a server they control.Remote Code Execution (RCE) — malicious code will be executed that interacts with external systems.XML External Entity (XXE) Attacks — XML input processing that references external entities.Server-Side Request Forgery (SSRF) — allows an attacker to force the server to make requests to unintended locations or services.Blind Cross-Site Scripting (BXSS) — I have already covered these before. Make sure to check the BXSS server setup and BXSS Mass Hunting articles.

As you can see, these are pretty serious vulnerabilities. In this post, we will focus on building a server for server-side vuln types. For this tutorial, I will use interactsh with a custom domain from 123-reg.co.uk and DigitalOcean as a VPS provider.

If you read my BXSS Initial Setup article, you might know that I highly recommend using short domain names. Even for testing those OOB server-side issues, I highly advise using 6 character domains, since there will be cases where payload size is limited. For the Top Level Domain — use 2 letter domain (in, uk, lv, lt, io), and for 2nd level domain use 3 characters. The www.123-reg.co.uk is a good domain…

Read Entire Article