Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.

🧵👇

#bugbounty #bugbountytips #infosec

1. Change file type

If you've an endpoint such as /users/passoword you might want to try /users/password.json or other extensions like .xml etc.

2. Convert ID to json body or array

If you've {"id":111} that gives you 401, you might want to try {"id":[111]} and {"id":{"id":111}}

Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

🧵👇

1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.

2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)

The 2 minute rule.

A Thread.

🧵👇

The main idea behind the 2 minute rule is to slowly curb procrastination off the list of unhealthy habits.

There are different varieties and variations to this, but the main idea is to get started with what you can do under 2 minutes immediately without thinking.

I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

🧵👇

1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

make-<IP>-rr.1u.ms

2. Bypass with Open Redirection

Eg. /nextPage?path=192.168.0.10/secretInfo

Bypass SSRF protection with different encodings.

A thread.

🧵👇

1. Hex encoding.

If 127.0.0.1 is blocked, try 0x7f.0x0.0x0.0x1

2. Octal encoding.

If 127.0.0.1 is blocked, try 0177.0.0.01

#Bitcoin and the Store of Value.

A Thread

🧵👇

Store of value is a way of preserving wealth over time. This is extremely useful if you've a surplus from the essentials and would like to preserve it for the future.

Gold is considered to be the this store of value, but gold does have certain issues to be addressed.

The problems with Gold :

1. Wastage when conversion is very likely and we intend to lose some money in the process.

2. Gold is difficult to store and safeguard. Since gold is a physical entity and pretty much worn as an accessory, it is subject to theft often.

People intend to talk about success and not the failures or mistakes just to seem near perfect. But it's them mistakes that make us better.

Here's a list of mistakes that I did as a beginner programmer and you might want to avoid some of these.

🧵👇

1. Choosing to code at the very beginning without understanding and breaking down the problem to find a solution.

It's always been helpful to sketch the problem & solution with pen and paper before attempting to code directly.

2. Learning loop

I intend to know the indepth knowledge about a topic and jump from one resource to another. Working hand on rather than just watching tutorials has proven to be helpful.

"Learning how to learn"

A Thread

🧵👇

1. The two fundamental models.

Focused Model : This model is about learning related concepts together as a whole, in a chunk.

Diffuse Model : This model exercises on connecting general ideas across different areas. Example : We use this model unintentionally when daydreaming.

2. Repetitive learning, with a space.

Example : Learn a concept and review it after 8-10 hours later. Come back to the same concept the next day and recheck after 3-4 days, then a week.

Do this until as you're instinctively able to recollect what you've consumed.