Nithin R Profile picture
22 | I build, I break, and I also blabber how to build and break.
26 Nov
Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.

๐Ÿงต๐Ÿ‘‡

#bugbounty #bugbountytips #infosec
1. Change file type

If you've an endpoint such as /users/passoword you might want to try /users/password.json or other extensions like .xml etc.
2. Convert ID to json body or array

If you've {"id":111} that gives you 401, you might want to try {"id":[111]} and {"id":{"id":111}}
Read 10 tweets
12 Oct
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

๐Ÿงต๐Ÿ‘‡
1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets
11 Oct
The 2 minute rule.

A Thread.

๐Ÿงต๐Ÿ‘‡
The main idea behind the 2 minute rule is to slowly curb procrastination off the list of unhealthy habits.
There are different varieties and variations to this, but the main idea is to get started with what you can do under 2 minutes immediately without thinking.
Read 7 tweets
11 Oct
I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

๐Ÿงต๐Ÿ‘‡
1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

make-<IP>-rr.1u.ms
2. Bypass with Open Redirection

Eg. /nextPage?path=192.168.0.10/secretInfo
Read 9 tweets
10 Oct
Bypass SSRF protection with different encodings.

A thread.

๐Ÿงต๐Ÿ‘‡
1. Hex encoding.

If 127.0.0.1 is blocked, try 0x7f.0x0.0x0.0x1
2. Octal encoding.

If 127.0.0.1 is blocked, try 0177.0.0.01
Read 8 tweets
9 Oct
#Bitcoin and the Store of Value.

A Thread

๐Ÿงต๐Ÿ‘‡
Store of value is a way of preserving wealth over time. This is extremely useful if you've a surplus from the essentials and would like to preserve it for the future.

Gold is considered to be the this store of value, but gold does have certain issues to be addressed.
The problems with Gold :

1. Wastage when conversion is very likely and we intend to lose some money in the process.

2. Gold is difficult to store and safeguard. Since gold is a physical entity and pretty much worn as an accessory, it is subject to theft often.
Read 9 tweets
9 Oct
People intend to talk about success and not the failures or mistakes just to seem near perfect. But it's them mistakes that make us better.

Here's a list of mistakes that I did as a beginner programmer and you might want to avoid some of these.

๐Ÿงต๐Ÿ‘‡
1. Choosing to code at the very beginning without understanding and breaking down the problem to find a solution.

It's always been helpful to sketch the problem & solution with pen and paper before attempting to code directly.
2. Learning loop

I intend to know the indepth knowledge about a topic and jump from one resource to another. Working hand on rather than just watching tutorials has proven to be helpful.
Read 7 tweets
7 Oct
"Learning how to learn"

A Thread

๐Ÿงต๐Ÿ‘‡
1. The two fundamental models.

Focused Model : This model is about learning related concepts together as a whole, in a chunk.

Diffuse Model : This model exercises on connecting general ideas across different areas. Example : We use this model unintentionally when daydreaming.
2. Repetitive learning, with a space.

Example : Learn a concept and review it after 8-10 hours later. Come back to the same concept the next day and recheck after 3-4 days, then a week.

Do this until as you're instinctively able to recollect what you've consumed.
Read 7 tweets