Live Recon: Tinder-bug bounty hunting on Hackerone | Hacking | Linux | Part 2

Thank you😊😊I did a live yesterday, hope you checked it out

in this program, not yet, but soon, maybe

Thanks and I will😊

sometimes -rf just doesnt work for me, so mostly av been using sudo -r, but yeah -rf works too

@@algorethm_ -r for directory and -f for forcing

ima b honest bro i break into shit for fun its gonna take a lot of trial and error a lot of like constant trying etc cuz your gonna be beyond pissed off sometimes wen it isnt working or u cant understand it n yes im gonna type an article cuz to explain why or u might feel stupid cuz its taken me 14 months to learn everything ik now like i pentest my own security on my own websites on my own server when i have nothing else to do cuz like u have http editing which is what hes doing in this vid just through kali linux idk why tbh its a looooooooooot easier to jus use burp suite which i learned like 4-5 months ago u have port surfing u have XSS injection like jquery injection or in html tags or for other tags like eval() etc cuz i cant remember them all i just named some u can fine or also like knowing what to look for when doing these injections like for example with XSS u have to make it reflect in the websites code to make it inject-able and u can do tha by using something as basic as burp suite and u wanna monitor if the search query ends up in a string like tags for search results to properly hold it securely or it ends up in h2 parameters cuz h2 parameters r good, u also got SQL inection, MySQL injection, SQLite u have CRSF or SSRF which SSRF is super easy u manipulate and edit the websites DOM code which is code for how its styled and layered like i could deface a website rn in like 10-15 mins just take your time and you will get better at it and to answer your question what hes doing here is a looooooooooooot more advanced for someones who new ur dealing with directories http headers ur dealing with servers and trying to manipulate them in ways based on payloads u either code and make yourself or u can try n get lucky online

I am trying to make a bug bounty course from scratch, so stay tuned, for all the videos I have posted upto now, I am not sure a complete beginner will understand, but you may still follow them, think of it as reading ahead, but I'll make a complete beginner series soon

This is actually a good answer, @motivate782 try to take atleast 4hrs to learn something in the world of bugbounties

I cant show part 3 on youtube

@@algorethm_ BUT YOU SAID YOU CAN SHOW THE BUG TO PUBLIC, and if you can't can you plz tell me what should I do with these info cuz I got the same things that you got, like what tools should I use after that?

@@BIG._ZEE dm me on insta

@@algorethm_ what's ur insta

no. why? doesn't look as cool

I do use burpsuite, the community version though, but I like to test and view the code from curl just to see if something is up with the site or if there is a malicious script, before running it on the browser, Its like a taking a prcaution.

like I said betting sites have data that is dynamice, though still possible to hacke'em, its a challenge

I havent made a wordlist, and the cheat file is not yet finished but I'll be releasing it soon

@@algorethm_ no, i am asking for the wordlist that you used in this video

​@@ayushmanngupta7027 I think this was it github.com/Karanxa/Bug-Bounty-Wordlists

@@algorethm_ thanks brother