Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 470
مشترکین
+1024 ساعت
+417 روز
+18130 روز
آرشیو پست ها
7 471
🔔 قابل توجه علاقه مندان به امنیت :
👁🗨 شرکت سورین جهت تکمیل تیم فنی مرکز عملیات امنیت (SOC)، به دنبال جذب همکاری با مشخصات ذیل میباشد:
💻نیازمندیها
آشنایی با مفاهیم امنیت شبکه و سیستم عامل
آشنایی با مهمترین تهدیدات و حملات سایبری
آشنایی با لاگ تجهیزات امنیتی
آشنایی با حداقل یک SIEM
دارای روحیه کار تیمی و علاقه مند به یادگیری
حداقل یک سال سابقه کار مرتبط
▫️شرح شغلی
رصد و پایش رخداد های سایبری به صورت شیفتی
گزارش نویسی(مستند سازی)
📃ارسال رزومه به :
لینکدین سورین یا آدرس ایمیل soorinsec.ir@gmail.com
تیم سورین
7 471
What is a cookie?
There is a data that is automatically set by the web server to our browser.
What does it do now?
Suppose you enter Digikala website and register for the first time. Now, after that, you put away the device you used to log in to DigiKala and after a few days you go to the DigiKala site again, but now the login page no longer appears for you and you have direct access to your account, but how?
In simple terms, I want to say that DigiKala remembers our products and does not ask for your email or password anymore.
This can be done by using cookies.
A cookie is a string that, as long as it is on your device, means authentication and your access (privilege) without logging in to the website.
It has a series of flags that specify how to work:
(At the end, I will tell you the syntax of using these flags)
1- domain
It means setting a cookie in a specified domain.
2-path
It means setting a cookie in specific routes on a website.
For example, suppose a website has several routes:
site.com/login
site.com/class
It can be specified with the path flag, for example, to set a cookie only for /login!
3- Secure
A cookie is set only for the HTTPs protocol.
4 - HttpOnly
This flag will only set cookies for the HTTP protocol, HTTPs, and only they can access the cookies.
In other words, different third parties such as extensions or Javascript codes cannot select them and use them.
5- Samesite
This flag specifies whether to transfer cookies only for the same origin.
Let me first explain what happens when a cookie is transferred from one site to another.
Suppose I am a hacker and I have a website where you enter the website, there is a series of html codes on my site that makes us send requests to different sites (it can be with different tags such as: iframe, image, script) In the script, a feature called xmlHttpRequest is used, which I will tell you more later and I will give you an example of its code.
Now, suppose one of those websites is a bank portal from which I was able to extract your cookies (because you have already logged in and given you a series of cookies) and use it to confirm my identity instead of you. And I can log into your account.
More information about the samesite flag:
It can have different values such as:
samesite = Strict
This feature shows that only those who have the same origin can access the cookie.
Like two websites:
x.site.com
Y.site.com:443
These two have similar origins.
samesite = none
This feature allows cookie access in any origin to any other origin.
samesite = Lax
This feature is the same as the top feature, but there is one condition, that is, there must be a top level navigator feature on the primary website (in short, it means to enter the destination website by clicking on the primary website. Using the tag a in HTML)
6 - expire
Specifies the cookie expiration time.
Now how to set cookies for the website?
For example, in PHP, the syntax is:
setcookie(name, value, expire, path, domain, secure, httponly);
Or in JavaScript, for example:
document.cookie = "username=John Doe; expires=Thu, 18 Dec 2033 12:00:00 UTC; path=/";
7 471
پکیج قانونی و رایگان ریجکس از سایت پارس کلیک
http://dl.softsara.ir/learning/parsclick/regular_expression_learning.rar?802
1.3GB
Pass : softsara.ir
7 471
Repost from Bug Bounty - GitBook
Regex or Regular Expressions are very useful in Pentesting and Bugbunty; including finding specific patterns in data, extracting sensitive information, and identifying vulnerability patterns. If you learn Regex correctly, you can scan and analyze more accurately.
https://github.com/ziishaned/learn-regex/tree/master
regular and simple tutorials
https://regexone.com/
step by step exercises
https://regexlearn.com/learn
interactive and practical resources
https://regex101.com
https://regexr.com/
https://regexone.com/
7 471
Regex or Regular Expressions are very useful in Pentesting and Bugbunty; including finding specific patterns in data, extracting sensitive information, and identifying vulnerability patterns. If you learn Regex correctly, you can scan and analyze more accurately.
https://github.com/ziishaned/learn-regex/tree/master
regular and simple tutorials
https://regexone.com/
step by step exercises
https://regexlearn.com/learn
interactive and practical resources
https://regex101.com
https://regexr.com/
https://regexone.com/
7 471
Regex or Regular Expressions are very useful in Pentesting and Bugbunty; including finding specific patterns in data, extracting sensitive information, and identifying vulnerability patterns. If you learn Regex correctly, you can scan and analyze more accurately.
https://github.com/ziishaned/learn-regex/tree/master
regular and simple tutorials
https://regexone.com/
step by step exercises
https://regexlearn.com/learn
interactive and practical resources
https://regex101.com
https://regexr.com/
https://regexone.com/
7 471
[ Passive Recon: Subdomains]
Key points of the report:
💬 What is DNS
💬 Difference between DNS and Vhost
💬 Working with passive DNS
💬 Popular dictionaries for searching
💬 Search utilities
Language: Russian
7 471
Repost from Bug Bounty - GitBook
Regex or Regular Expressions are very useful in Pentesting and Bugbunty; including finding specific patterns in data, extracting sensitive information, and identifying vulnerability patterns. If you learn Regex correctly, you can scan and analyze more accurately.
https://github.com/ziishaned/learn-regex/tree/master
regular and simple tutorials
https://regexone.com/
step by step exercises
https://regexlearn.com/learn
interactive and practical resources
7 471
Regex or Regular Expressions are very useful in Pentesting and Bugbunty; including finding specific patterns in data, extracting sensitive information, and identifying vulnerability patterns. If you learn Regex correctly, you can scan and analyze more accurately.
https://github.com/ziishaned/learn-regex/tree/master
regular and simple tutorials
https://regexone.com/
step by step exercises
https://regexlearn.com/learn
interactive and practical resources
7 471
Red-Teaming-TTPs
Cloud TTPs
ICS
Linux
Mac OSX TTPs
Threat Intelligence TTPs
Web
Windows
>Guides
Link 🔗:-
https://rosesecurity.gitbook.io/red-teaming-ttps
@GitBook_s
