Share this page!

INTIGRITI Profile picture
Twitter logo
Oct 25 β€’ 14 tweets β€’ 8 min read
12 #bugbountytips you NEED to know about! 🧡

A #bugbountytip is a short trick that can help you find your next bug!

Here are some quick wins you can start implementing today to become a better hunter πŸ‘‡
[1️⃣] Automating SSRF by @Regala_
Instead of manually looking for SSRF sinks, why don't we let @Burp_Suite do the hard work? πŸ‘‡
[2️⃣] Exploiting e-mail systems by @securinti πŸ“§
Did you know you can exploit an SQL injection using an e-mail address? Neither do developers!
And it's not just SQLi! Find out more πŸ‘‡
[3️⃣] Automating blind XSS by @abdlah_md
Payloads can pop up anywhere! What if a target logs User-Agents in a vulnerable application?
Let's use @Burp_Suite to make sure we always have a payload as our User-Agent πŸ‘‡
[4️⃣] Don't overcomplicate by @G0053me
Don't just barge into applications with crazy payloads. Take a more methodological approach!
Find entry points by pasting <u>123</u> anywhere you can, for example! πŸ‘‡
[5️⃣] Localhost by @hacker_
The developers will never expect you to come from the inside!
Make the target think you belong there, and see if the results from your scans differ! πŸ‘‡
[6️⃣] Premium Burp speeds by @InsiderPhD
Can't afford @Burp_Suite Pro right now? Don't worry!
Combine the speed of Ffuf and the utility of Burp for free πŸ‘‡
[7️⃣] Server-side HTML injections by @harshbothra_
HTML injections on the server side can be incredibly powerful! πŸ’‰
See how you can use an iFrame to get AWS metadata πŸ‘‡
[8️⃣] UUID IDORS by @securinti
Have a potential IDOR but no way to get a user's UUID? Give this tip a shot 🀞 It may just work πŸ‘‡
[9️⃣] Googling IPs by @0x21SAFE
@Google becomes even more powerful! This is your chance to find assets by ensuring Google only returns IP addresses! πŸ‘‡
[1️⃣0️⃣] XXE by @mr_hacker0007
Are any XXE lovers here? Thoroughly test XXE parsers and SVG renderers by checking if 'xinclude' is supported βœ…
Easy LFI or SSRF? πŸ‘‡
[1️⃣1️⃣] Hidden parameters by @hakluke
Parameters can be hidden everywhere!
Variables can be a great source to uncover some GET/POST parameters! πŸ‘‡
[1️⃣2️⃣] Leaking APKs by @_superhero1
You're not a mobile hunter, YET! Take your first steps in becoming one by scanning APKs for secrets using APKLeaks! πŸ‘‡
🧡 That's all for now!

Did we miss something? Be sure to DM us your Bug Bounty Tips, and maybe you can be featured in our next #bugbountytips post! 😎

Don't want to miss our future tips? Be sure to follow @intigriti πŸ’œ

Happy hacking! πŸ›

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

INTIGRITI Profile picture
Oct 24
This XSS challenge will blow your mind🀯

🧡Here's the solution to our October XSS challenge by @0xGodson_ πŸ‘‡
This challenge emulated a notes application

A user can sign up and create private notes πŸ—’

But what if somebody else could read your notes?πŸ™Š
[1️⃣] CSRF?
If we can post notes as our victim, that would open up some possibilities to achieve XSS, so let's look into this.
Is it really that easy? Find out! πŸ‘‡
Read 22 tweets
INTIGRITI Profile picture
Oct 18
12 #recon tools you NEED to know about! 🧡

Recon, the gathering of information about your target, is becoming more and more important! 🧠

Here are the tools to help you spot subdomains, vhosts, S3 buckets, parameters and more faster and more effective than the others πŸ‘‡
[1️⃣] DNS
This DNS toolkit by @pdiscoveryio can do a lot! But let's focus on reverse DNS lookups πŸ‘€
Often, you have a huge list of IP addresses πŸ“œ
Just like resolving a domain to an IP, you can also try doing the opposite using PTR records!
Et voila! Domains to continue recon! πŸ‘‡
[2️⃣] Amass
This network mapping tool by @owasp is incredible, but let's hone in on doing subdomain enumeration. πŸ•Έ
The main domains companies use are often well-secured. But what about the domain that nobody knows about? Those can be riddled with bugs! πŸ›
Let's find them! πŸ‘‡
Read 14 tweets
INTIGRITI Profile picture
Jun 25, 2021
πŸ”΄LIVE MENTOR SESSION (starting now):
@zseano
will answer your questions for the next 4 hours!
πŸ’¬ Comment with your question! πŸ‘‡ Image
@Devil79830787 wants to know: "How can a complete noob (non-techie) enter the world of bug bounty(or hacking) in 2021. Top resources techniques and where to start and how to start advices"
@zseano @waters_ro asked: "What’s the bug you’ll never forget and why?"
Read 24 tweets
INTIGRITI Profile picture
Jun 12, 2020
πŸ”΄LIVE MENTOR SESSION: @Agarri_FR will answer your questions for the next 4 hours!
πŸ’¬ Comment with your question! πŸ‘‡
Question from @aroly:
"What are the features you look at when searching for SSRF ? The places where you look first ?"
Question from @aroly:
"What do you try with external blind SSRF ? For example you can trigger a GET to the URL of the HTTP "Referer" header but that's it... What do you do in such situation ?"
Read 18 tweets
INTIGRITI Profile picture
May 8, 2020
πŸ”΄LIVE MENTOR SESSION: @TomNomNom will answer your #BugBounty and tooling questions for the next 4 hours! Comment with your question! πŸ‘‡
Question from @amalmurali47:
"Among the tools that you've created, which one is your favorite?"
Question from @KarimPwnz:
"Do you think there should be more dynamic automation through browser extensions?"
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(