Share this page!

Abhishek Meena Profile picture
Twitter logo
Nov 19 7 tweets 2 min read
🌱BugBounty Tips v1 🔥🌵
#bugbounty #infosec

See🧵:👇
• If you're testing for XSS on a site with a CSP, use burp's find+replace on the CSP reporting uri to point to a burp collaborator instance so you don't have to monitor dev tools for csp exceptions.

🧵:👇
• Search for hidden (and visible) input fields and try to set the value via GET. A lot of Webapps still use $_REQUEST. You will be surprised. If you have a
reflected value -> check of html/script injection.
• If a website does not verify email, try signing up with <whatevr>@domain.com (the company email). Sometimes this gives you higher privilege like
deleting/viewing any other user's profiles etc.
• Encountered a AWS WAF? Just add "<!"(without quotes) before your payload and bypass that WAF.
Eg: <!<script>alert(l)</script>
• To discover domains deployed on Github for subdomain takeover,
following google dork can be used

1. intext:" There isn't a Github Pages site here" and
2. not found • GitHub Pages"
Thanks You For Reading This Thread🧵On :
BugBounty Tips v1 🔥🌵

====
You Can Join My Bugbounty Tips Group :
t.me/bugbountyresou…
====

Do ♥, Share, Retweet If you love this thread

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aacle_

Abhishek Meena Profile picture
Nov 20
FREE labs to practice mobile app pentesting
#bugbounty #infosec #hacking

Thread 🧵: 👇🏻
code.google.com/archive/p/dvaa/
>. github.com/prateek147/DVI…
>. securitycompass.github.io/iPhoneLabs/
>. code.google.com/archive/p/owas…
>.
maddiestone.github.io/AndroidAppRE/
>.
ctf.hpandro.raviramesh.info
Read 4 tweets
Abhishek Meena Profile picture
Nov 19
6 Account takeover tips🌵
#bugbounty #infosec

See🧵:👇
➡ Use intruder to send many reset links/token to your email in a short amount of time and compare the links/tokens.

If only a few digits are different you can brute force them. After you can do the same with 2 different emails
➡ HTTP Parameter Pollution
When requesting a password reset link:
email=victim@domain.com&youremail@domain.com

When resetting password:
token={token}&email=youremail@domain.com&email=victim@domain.com
Read 8 tweets
Abhishek Meena Profile picture
Nov 18
✨Recon Everything v3
#bugbounty #infosec

Thread🧵:👇
• Focus on site functionality that has been redesigned or changed since a previous version of the target.

Sometimes, having seen/used a bounty product before, you will notice right away any new
functionality.
A bounty brief example would be reading a brief and noticing a lot of pointed references to the API or a particular page/function in the site.
Read 9 tweets
Abhishek Meena Profile picture
Nov 16
✨Awesome Bug Bounty Tools 🌟

#bugbounty #Infosec

Thread🧵:👇
▪ Subdomain Enumeration Tools List

—————————
I've opened My Bug Bounty tips Group =>
Join Link : t.me/bugbountyresou…
—————————

#bugbounty #infosec Image
▪ Content Discovery

#bugbounty #infosec Image
Read 10 tweets
Abhishek Meena Profile picture
Nov 16
Recon Everything v2

#bugbounty #infosec #bugbountytips

Thread🧵:👇
• Now, if you are slightly experienced, after a few minutes of tinkering with this workflow, you will get a feeling whether it might have something interesting going on or not. This point is difficult to explain. It will come with practice.

🧵:👇
• The weird behavior doesn’t necessarily mean you have found a bug that is worth reporting. It probably means you have a good chance so you should keep digging into it more.

🧵:👇
Read 13 tweets
Abhishek Meena Profile picture
Nov 16
Session Management Checklist 🔗

☑ Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
☑ Check session tokens for cookie flags (httpOnly and secure)
☑ Check session cookie scope (path and domain)

Thread🧵(1/n) :👇
☑ Check session cookie duration (expires and max-age)
☑ Check session termination after a maximum lifetime
☑ Check session termination after relative timeout
☑ Check session termination after logout
☑ Test to see if users can have multiple simultaneous sessions

🧵(2/n) :👇
☑ Test session cookies for randomness
☑ Confirm that new session tokens are issued on login, role change and logout
☑ Test for consistent session management across applications with shared session management
☑ Test for session puzzling
☑ Test for CSRF and clickjacking
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(