ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 470
订阅者
+1024 小时
+417
+18130
帖子存档
_/﹋\_ (҂`_´) Just <,︻╦╤─ ҉ - - - - - GitBook _/---\_

Book_of_tips_by_aditya_shende.pdf1.64 MB

#BugBountyTips If server only allows GET and POST method, then try adding “X-HTTP-Method -Override: PUT to achieve RCE via PUT method. Source: https://twitter.com/rvismit

■■■■■ HTTP Method Override – what it is and how a pentester can use it. https://www.sidechannel.blog/en/http-method-override-what-it-is-and-how-a-pentester-can-use-it/

■■■■□ Various authentication mechanisms

■■■□□ Subdomain Fuzzing worth 35k bounty. https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc

■■■■■ DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 2. https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/

⚙️ A simple web-based tool that lists all Content Security Policy issues on your target to help you figure out which missing directives or policies can help you bypass CSP! https://csp-evaluator.withgoogle.com/

■■■■■ Advanced SQL Injection 💉 for AWAE. Goal is to master SQL Injection Discovery, Detection and Exploitation. https://github.com/shreyaschavhan/advanced-sql-injection-for-awae

■■■□□ A python script that finds endpoints in JavaScript files. https://github.com/GerbenJavado/LinkFinder

■■■■□ Burp Plugin to Bypass WAFs through the insertion of Junk Data. https://github.com/assetnote/nowafpls

■■■■■ 2FA Bypass techniques. https://securitycipher.com/docs/2fa-bypass/

■■■□□ Burp's Collaborator can be used to generate custom DNS records. https://x.com/Burp_Suite/status/1813203103052611701

■■■■■ A Security Tool 🔫 for Bug Bounty, Pentest and Red Teaming. https://github.com/zan8in/afrog/

🎧Basic offensive security tactics for various domains.
🎧Basic offensive security tactics for various domains.