In this article, we are telling you some Bug Bounty Tips and Tricks. The Bug Bounty Tips mentioned here can be very useful for you, so you must complete this article, here you will get to learn a lot of new things.
Here we want to make you clear one thing is not that Bug Bounty Tips and Tricks is as much as what you will be told in this article, there is no end to Bug Bounty Tips because a Bug Bounty Tips works for someone. So the same tip doesn’t work for any other bug hunter
But here we will try our best to tell you more and more about Bug Bounty Tips and Tricks, we cannot tell you how much this article can be increased, but if you get this article right, then in this way for you It can be very useful.
Bug Bounty Tips ?
Here we are giving you such a lot of Bug Bounty Tips which are going to be very helpful for you, the same question always comes in the mind of a beginner that he has learned about vulnerabilities but how to start.
After reading all the Bug Bounty Tips that are being given to you here, you will understand everything that you should start from where and how you can earn by doing bug hunting but before you do bug hunting, you have to knowledge about vulnerabilities.
We have told you about many types of vulnerabilities here, like cross site scripting, you have been given many articles like host header injection attack, server side template injection attack and many other types of vulnerabilities have been told.
How to Choose your bug bounty target ?
The first question in Bug Bounty Tips is that how do we select the target because whenever a beginner thinks of hunting bug, the biggest confusion is that how to select the target.
Because as everyone knows that there are many types of bug bounty programs on websites like hackerone, bugcrowd, intigriti, in such a situation everyone gets confuse on which target to go bug hunting, let us tell you.
https://hackerone.com/alibaba?type=team
If you say in easy language, then you should always choose such a target where you get a lot in scope, where you can find bugs as soon as you select the target, you are told what is in scope and what is the out of scope.
As you can see in the image, here is how much you get in scope but here also a question comes that it is all main domain and almost it happens that all the bug hunters on the main domain are already there. Everyone has done it, but we are not saying that you cannot get bugs on the main domain.
In such a situation, you have to find their subdomains and do bug hunting there. We have already been told about how to find subdomain, if you have not read our articles, then you must read them.
How to find subdomain takeover vulnerability
Subdomain enumeration and subdomain bruteforce
You will be given a link here. You are told with all the bug bounty programs which vulnerability is in scope and which vulnerability is out of scope as you can see in the image also.
But here you should also know that whatever vulnerabilities you have out of scope and whatever is in scope is what and how they are found in a website, so you should have deep knowledge about all vulnerabilities first.
Which vulnerabilities you can find after choosing your target ?
If you are given a second tip from Bug Bounty Tips that you can find which vulnerability after selecting the target, in such a situation, you cannot answer it, because it is only you who know more about which vulnerability.
Because as we have told you by solving a lot of labs, there are different ways to find the same vulnerability as there are many ways to find sql injection, there are many ways to find SSRF and CRSF.
In such a way, if you are expert in cross site scripting, then you only find cross site scripting, in such a way, if someone is expert in finding sql injection, then they find sql injection, so no one can ever tell you that you First find which vulnerability
But a guidance can be given to you. First of all, you have to select the target. If you are finding cross site scripting there, then you never do that by trying your cross site scripting for a few hours after that to find any other vulnerabilities. It has taken place because sometimes it takes many days to find bugs.
We are saying this because sometimes you come very close and you do not know and you leave there and go to another track as you can see in the image to find some similar vulnerability. You also have to think.
But here if you feel that you have used all the ways to find one of your vulnerabilities then you can try any other vulnerability but here we want to tell you one more thing that if you can find one vulnerability Do not rush to try to find any other vulnerability in the middle of it.
Oauth Misconfiguration
You have been told earlier about Oauth Misconfiguration where we have told you about what is oauth 2 0 authentication vulnerability, if you have not read our article, then you must first read this article.
Here we are telling you about Oauth Misconfiguration as you can see in the image, here you are getting the option to signup with facebook gmail and email, you get the same in many types of websites.
Here Oauth Misconfiguration means that if you are continuing with gmail from a gmail account in a website, if you are able to login with the same gmail account as normal, then in this way it is called Oauth Misconfiguration.
Open redirect Vulnerability ?
We have already told you about what is Open Redirect Vulnerability, if you have not read our article, in such a way, then you must read it, only then you can understand this Bug Bounty tips correctly.
As you can see in the image in the url address, Open redirect Vulnerability is found this way, but if Open redirect Vulnerability is not found here, you can also try to convert http protocol to ftp.
If you get Open redirect Vulnerability using ftp protocol, in this case it is called a valid bug and you can report it and earn Bounty.
Cross site scripting tips ?
In Bug Bounty tips, we want to give you some tips related to cross site scripting tips. It happens many times when we try more cross site scripting payloads on a website, in such a website, we block the browser, in such a way, you clear the cookies of the browser.
In this way, you can see in the image if you search query on google in this way, in such a way you get to know what kind of cross site scripting payloads are trying on which website, which bug hunter is trying.
https://www.online-toolz.com/tools/text-unicode-entities-convertor.php
Similarly, you can also find the cross site scripting bug by using unicode Cross site scripting payloads as you can see in the image. There is a payload in a unicode format which has been converted.
https://owasp.org/www-community/xss-filter-evasion-cheatsheet
This happens very often normally payload is not run, in such a way unicode payloads can be tried, here you are given a cheatsheet of owasp which you can use to find XSS.
SQL Injection Tips ?
Everyone knows about SQL Injection because this is the first vulnerability that is talked about and everyone wants to find it like you get many types of SQL Injection payloads using which you can find this bug.
But there are also some SQL Injection payloads that are not known to everyone and are not easily found as you can see in the image. You can use them to fund SQL Injection vulnerability. You are being given a download link.
Security Bypass tips ?
403 forbidden error you often get while doing bug hunting, in this case most of the bug hunter skip it but you should never do it. You should not skip easily when you get any kind of error.
Here if you get 403 forbidden error, in such a situation you can try attacks like directory bruteforce and content discovery on it because it happens very often if you get directory bruteforce on getting 403 forbidden error, then you get the source files of the website. Is and you can report
In the same way, when you bypass 2fa, you get something like that in burp suite where you get success true and success false if you capture the request and forward the request with success false to success true, in such a way, response is received in such a way It is also called a Bug.
Bypass website two factor authentication
The Conclusion
I hope you will like this Bug Bounty Tips, it is not that Bug Bounty Tips is just that, there are different Bug Bounty Tips to find all kinds of vulnerabilities.
If everyone is told about this, then this article will be greatly increased, but we will continue to give you Bug Bounty Tips in the articles among you, in such a way, you must read all the articles carefully.
Here if you follow the Bug Bounty Tips mentioned in this article, then you definitely get bugs, so you must take the Bug Bounty Tips mentioned here seriously, if you do this, you can also earn Bounty.
If you like this article with our Bug Bounty Tips, then you must share it, you will definitely find the best of luck from us, and also earn buoys, read this article properly and follow it.
Subscribe to our blog for latest updates
Sharing is caring
Thankyou
Leave a Reply