Bug Hunting is easy if you KNOW this
HTML-код
- Опубликовано: 31 июл 2024
- Hey everyone! In this video, I will share 7 techniques and concepts that most bug bounty hunters are unaware of.
🚀 Learn everything you need to know about XSS here - • All You Need to Know A...
📩 Download the Cheat Sheet from this video here - bit.ly/idor_cheat_sheet
👍🏻 Like, subscribe, and turn on notifications for more bug bounty insights
📬 Comment below with your thoughts and experiences
💻 Happy Hacking!
Follow me on
✖️ - / bughunterlabs
Thanks for watching,
BugHunterLabs
Chapters:
00:00 - Intro
00:40 - 49500$ Bounty
01:25 - Example
01:55 - IDOR
02:28 - Tip #1
02:50 - Tip #2
04:10 - Tip #3
04:41 - Tip #4
05:10 - Tip #5
05:45 - Tip #6
06:12 - Tip #7
06:58 - Bonus Tip
08:08 - Outro Наука
It's the quickest and consice IDORS video i've ever watched on RUclips, actually. has all the tips + has very good visuals.. Hats off 👮♀️
Thanks a lot!
Great work - very clear and well communicated.
Keep this type of content, clear and full of info in one video..subscribed!
Thanks, will do!
Well explained !! Thanks
Great video man. New subscriber ✌🏻
This video is pure gold
Best video I ever watched
Nice tips. Straight to the point 👍 keep going
Thank you. I will. :)
THE BEST VIDEO EVER ❤
amazing explanation
Clear and concise. Thanks
Welcome!
clear and understanding, thanks
Glad it helped!
bro dropin off some very useful tips🔥🔥🔥
🔥🔥🔥
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Thanks for your comment and all the suggestions. I literally just copied this into my content list. Stay tuned!
Best video 👍👍👍👍
Amazing video! Really well done and very interesting. Would be cool if you could also make some 1h+ long deep dives on topics like this
Noted. I will look into that :)
Great Explanation
Glad you liked it
nice tips mate keep going
Thanks, will do!
best tips video on bug hunting i have ever seen
Thank you. That means a lot. :)
Good content keep it up sir 👏
Appreciated. What topic would you like to see next?
new to channel brother really good explain hope more videos come about IDORS & APIS & Tricks & Tips .... thank you sir !
More to come!
very helpful video
Glad it was helpful!
bro this is the best explaination of bug bounty ever
Thanks a lot! :)
Subscribed
Appreciated
new to this channel i swear this information never see them before this what we really need as beginners thank u alot we need more videos like this if u want u can make playlist of bugs but in long videos like BAC & iDORS & Logic Bugs
Thank you! I will work on it!
I just recently started studying insects... I got really excited and then really disappointed by this video 😂
The real bug hunter channel is coming soon :P
Sir we need more really inpressive
More is on the way.
Soooooo, in all these videos I'm watching, the core idea is this: if it exists in a connection on the internet, your job is to find a way to "manipulate" or even take over it, in a nutshell.
So if you can't copy, you find a way to be able to for example. How doesn't matter, just make sure to alert the compay and not continue to manipulate it, the difference in good and evil?
And thats all the job description really is?
Hi, thanks for your comment! Bug bounty platforms are a bit different from what you described:
Bug bounty platforms connect companies with ethical hackers who look for security vulnerabilities in their systems. These hackers, often called "bug bounty hunters," are rewarded for identifying and responsibly disclosing bugs or security issues. The goal is to help companies fix vulnerabilities before malicious hackers can exploit them.
But it does not always have to be a company/target in a bug bounty platform. There are programs not tied to any platform (for example, apple, google, meta). You can have a look at security.txt. It is a proposed standard for websites to provide information on their security policies and how to report security issues. It helps ethical hackers know who to contact and how to report vulnerabilities responsibly.
In short, ethical hacking is about finding and reporting issues to improve security, not exploiting them. The difference between good and evil lies in the intent and actions taken after discovering a vulnerability. Tread lightly and stay ethical ;)
WELL,
bro could you do ssrf next ?
SRRF is in the pipeline. It might not be the next one, but it is coming! Stay tuned.
struggling to find programs to find BAC bugs :(
Which programs have you looked into so far?
@@bughunterlabs front, frontegg,freshworks from hackerone and some others from other platform.
@@bughunterlabs front, frontegg, freshworks from hackerone and some programs from other platform
I'm a beginner. I didn't understand much of your video where what was going on. What part of the url, how do I know which url has an bug!
Hi, let me try to explain a bit further.
Usually, you cannot know, which URL has a bug. Because if there were a clear indicator, the developer would also know and could fix it. Hence, we have to do testing and probing. This video talks about one specific bug class that can occur. There are many more. The bug class in this video mainly focuses on the parameters in the URL.
Ideally, you would test every parameter of every URL of your target, but this can quickly become too much to test. That is why this video talks about some parameters that might be more likely to have a vulnerability. The video also talks about some tricks you can apply when you actually test a parameter and its values.
As a beginner, I recommend you to learn the basics of Linux, and how the internet works (HTTP, IPs, DNS, TCP, UDP, etc.). I hope this could clarify it a bit.
@@bughunterlabs yeah sure thanks ❤️❤️
Can i connect with you on twitter
Yes, go ahead